I would consider yourself to be much more practical in your security advice than Iron Heart. He repeatedly spreads nonsense from his favorite blog so he can be cheerleading for google made products like the chromium Prough, you mentioned previously that you do not use javascript in your browsers? that is good security practice, whereas Iron Heart says it is annoying to turn JS off. Iron Heart has proven time and time again that he knows nothing about privacy and security.
Many tech news websites have mentioned that Firefox has sandbox and site isolation security architecture, a simple search would tell you that it exists and it works. Just ignore the BS from Iron Heart, that blog link he spams is laughed out of any serious privacy community.
What security blogger? Many people would regard that stupid outdated blog to be a form of privacy and security theatre and full of FUD. > You don’t need to leave links to your favorite security bloggers when you respond to me Stop sounding like a bot and we’ll probably find something worth talking Prough I mean – you sound exactly like a bot, dude. Iron Heart: Here’s some ancient, random blog that says Firefox has bad security, give me a source to prove to me that it has good security.Īndy Prough: I don’t use or follow Firefox, I don’t know if it has good security. Quality content.Īndy Prough: Chrome has a lot of security flaws!!! I don’t give a shit whether or not you reply to me, I thought this had been established by now.įurther, look at who supports your comments, fanboy and fanboy two commenters who haven’t known their stuff in the past and don’t know anything about it now, congrats for that clown support you got there. Iron Heart: OK? Can I see those sources, they should support your claim then?Īndy Prough: I don’t need to show you no sources! I don’t use Firefox after all, I use the FF derivative Pale Moon, and Pale Moon users don’t need to show sources that they claimed they had! Checkmate!
You can actually see there what is more advanced currentlyĪndy Prough: No, no, no! This guy does not know what he is talking about! I have sources from academic research that show you the contrary! Iron Heart: Here is an article that actually shows you Chromium’s security practices vs. And I am still waiting on your research demonstrating that Firefox has the same or better exploit mitigations than Chromium, I hope you have more to offer than “Nobody uses Firefox anyway, therefore nobody is interested in hacking it, therefore that means it is secure.” which is a bullshit ProughĪndy Prough: Chromium is so insecure! So insecure! Pale Moon user talking about security, big fat LOL. This has its reasons as well, please think about it. GHacks used to report on the project, but not anymore (outside of major versions I believe). I mean, even Firefox doesn’t feature actual site isolation (despite being multiprocess), hard-limiting the content processes to eight (so content from different parent domains can STILL share the same process, just like in Pale Moon), but it’s still a small step up from what Pale Moon does. No browser developer outside of Moonchild believes that this is a good idea. Sure, even if you go multiprocess, escapes from any inter-process communication is a possibility, but if you remain single-process, a bad guy doesn’t even need to come up with an escape, since content from different parent domains is sharing the same process anyway. That Moonchild backports a security fix from Firefox every now and then is not addressing the fundamental structural problems of Pale Moon suffers from at all. It is a single-process application with no sandbox(!), i.e. Pale Moon is forked from Firefox 52.0 and hasn’t seen any notable structural security improvement from later Firefox versions.
“Pale Moon is static old Firefox”, I didn’t exactly say that but the gist of it is true.