Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently. Shouts to the heroes on the inside, but what did I just hear about an AI removal pledge?


>> One of the first things you can do with any of these kinds of lists is to see if they recommend Firefox over Chrome. It's an excellent shibboleth, because Firefox codes (rhetorically) profoundly more activist- and privacy- friendly than Chrome does, but Chrome has much more sophisticated and better tested runtime protections. Firefox seems like it would be the better recommendation, but if what you care about is not being easily (==cheaply) targeted by exploits, it's not.

> This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently.

So the smart thing is to use Chromium, then?


I still doubt it? It's a marathon, not a sprint; I still trust Firefox more.


See, this is what I'm talking about. If you're trying to protect activists from threats, protect them from threats. Making a political statement about commercial surveillance isn't doing that. A lot of these guides are LARPs.

How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)


Commercial surveillance enables government surveillance. If an app constantly sends my location to a corporation by default, a government-level adversary can just demand it from that corporation, no need to burn a 0-day on me.


This is a complex thing. Don't give your location to the app. Turn off GPS, use VPN and don't use any apps/sites that linked with your real identity on the same device. Most of the other parameters in the commercial surveillance are too common to ID someone with a good probability.

Exploits, on other hand, can leak your full environment, including a photo from the cam.


>commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages

Is Firefox more susceptible to RCE exploits?


I would like more input on this. Maybe I'll ask Claude.ai later.

All I have seen as a casual user is this from GrapheneOS: https://grapheneos.org/usage#web-browsing

It asserts that Chromium has much better sandboxing and site isolation than Firefox.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: