Did Firefox Stable for Android ever add Site Isolation?
Did Firefox Stable for Android ever add Site Isolation?
I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can't find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?
Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don't know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it's (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface."
On a side-note, they also say about Firefox's current Site Isolation on desktop being weaker, which I wasn't aware of. "Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole."
It's still being worked on. https://bugzilla.mozilla.org/show_bug.cgi?id=1565196
27Lol
- Bug with high priority
- A person clones it, assigns themselves
- doesnt have time, unassigns themselves
- Priority gets set lower
- A guy wants to work on it
- That guy doesnt work at Mozilla anymore
- The bug went from priority P5 to P1 and doesnt block anything anymore
This is really bad. Especially as it seems like not that big of a change.
31- doesnt have time, unassigns themselves
Because someone else took over, as the person even says in a comment.
- Priority gets set lower
Priority got set back to the priority it was at 4 minutes before. The priority being changed was clearly a mistake.
- A guy wants to work on it
- That guy doesnt work at Mozilla anymore
OK?
- The bug went from priority P5 to P1 and doesnt block anything anymore
It got retriaged. There are processes for this and it's totally normal.
This is really bad. Especially as it seems like not that big of a change.
No it really isn't bad at all. And it's a massive change, the linked bug is a meta bug which means it is simply used to track the actual work. See all the bugs in the depends on section? That's where the real work happens and there has been a ton of progress made.
Also believe it or not, lots of discussion happens outside of bugs. You really have no idea what is going on just by looking at bug activity.
8
Man, 5 years. I know nothing about building a browser, but that seems… Long.
15The answers linked above mention this one
5That's the bug that laid the groundwork
4
Was also asked about and answered in the recent AMA on reddit:
10Shit thats not good if its true
6GrapheneOS as a project has no credibility as far as privacy and security goes. Daniel Micay and his minions call Firefox insecure because Micay has a personal grudge against Tor devs that did not exist before August 2019 for some reason. https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html
Micay wants to steer everyone away from Firefox towards Chrome, towards everything Google, believing in Micay’s vision, believing in closed source security and so on. He also used to shit on Android and believed and propagated the claim that Fuchsia is the future, where Google’s microkernel would rule the mobile world. I think he is a Google fanboy more than anything else, and we have many such Big Tech fanboy specimens in this world.
Micay and GrapheneOS, and fans/members associated like OP are well known for promoting Chromium monopoly in the cloak of catcalling Firefox insecure all over the internet discussion boards and forums. Ignore them if you must have an open free web that provides privacy.
While it may be true that site isolation is experimental to enable on Firefox Android, it has far better protection against fingerprinting, trackers, ads, crypto, malware, allows using uBO to its full capabilities, has process isolation and DOM storage isolation. Chrome lacks various kinds of protections, nerfs adblockers, disallows script blocking, and leaks metadata through WebRTC intentionally ever since it was made. There are multitude of reasons why Tor Project uses Firefox/Gecko over Chrome/Blink.
Tor Project has infinitely more credibility than a lazy, snake oil Android fork GrapheneOS.
The moment anyone starts calling Firefox insecure, immediately become alert. This is usually a GrapheneOS or Big Tech "security" shill that is comfortable with harming FOSS/privacy cause.
6Both things can be true. Firefox is less secure in the site isolation area, but that's just a backup to the things Firefox is already doing. Firefox is still plenty secure, though it would be quite nice to have this feature.
I use Mull because it takes the best parts of Tor Browser and ships it through F-Droid. For those unaware, it's basically Firefox with additional privacy settings enabled by default, and it syncs just fine with Firefox browsers.
Yes, don't buy into FUD about Firefox being insecure, but also don't misrepresent the value this feature brings. It's not a must-have for me, but I do very much want it.
6misrepresent the value this feature
So, is it okay for Daniel Micay and security clowns like him to maliciously misrepresent the value of Firefox, because of his personal agenda?
Does this mean Tor Project uses "insecure" Firefox over "secure" Chrome base? Is Tor Project insecure?
You fell for the "Firefox insecure" propaganda in some capacity.
1
Mozilla has a history of harming me. I've documented this as one more case of attacks from Mozilla to go along with everything else. I see no reason to put up with it or tolerate it. Mozilla should expect that one day they're going to be held accountable. If people at Mozilla aren't aware of the unethical behavior it regularly engages in including an exploitative approach to contributors, they should inform themselves.
- Daniel Micay (im the linked mailing list thread)
it doesn't seem like Micay had feuds previous to 2019 with Mozilla , though I was unable to find what he is referring to unfortunately .
3Might be interesting to go through the section "So why is Micay's behaviour so weird?" here :
Spoiler: I wrote it as part of my 5 year investigation into security zealots in FOSS/privacy communities. I have talked to Micay on occasions and studied his behaviour among others to get an idea of how people behave on internet.
2
I'm not taking sides because I don't currently have time or energy to look into the issues GrapheneOS and/or Micay may or may not have, but I will say that I don't know how you could think (at least based on the information I referenced from Graphene in my post) that they are saying or implying to people that Firefox is less secure. They did say it was inherently less secure on Android, but not in general. They did say that the Site Isolation feature specifically is less secure even on Desktop, but they didn't say that Firefox as a whole is inherently less secure, just that it currently is on Android. I can see how an average reader may interpret that as Firefox being less secure than Chromium as a whole, but that would simply be their own misinterpretation of what's being said.
and "The moment anyone starts calling Firefox insecure, immediately become alert". Why? Anything is capable of being insecure and Firefox equally so. At any given time, Firefox could have security vulnerabilities (as it does), so it's quite ridiculous to automatically assume that anyone calling Firefox out for being insecure in some way is just Daniel Micay or his "minions"
"Micay and GrapheneOS, and fans/members associated like OP are well known for...". Are you accusing me of being associated with Micay and GrapheneOS, or am I misunderstanding you?
1Are you accusing me of being associated with Micay and GrapheneOS
Accused you of promoting Chrome monopoly in browser space in this context.
https://discuss.grapheneos.org/d/11831-equivalent-of-vanadium-but-for-desktop
They deleted this thread, but if you scour enough, you will find them shilling Brave and some random Chrome based browser, BUT NEVER FIREFOX.
They did say it was inherently less secure on Android
They say it because they follow or worship Micay, and Micay has personal grudge against Mozilla. He is an evil person wanting people to use Chrome just to satisfy his egoistic hunger of destroying Mozilla.
"The moment anyone starts calling Firefox insecure, immediately become alert". Why? Anything is capable of being insecure and Firefox equally so.
Because that has been the pattern in privacy community for the past 5 years I have investigated, atleast 95% of the time. Rarely have I ever seen legitimate criticism, that does not backtrack to Daniel Micay or madaidan or some Big Tech security shill.
1
What is the actual risk here?
6I'm no professional, but from my research I've been doing, it appears that the risk (at least one of them) is that a hacker could in theory create a website that exploits this vulnerability. If you access their website, their site could be capable of stealing sensitive information from the other Firefox tabs that you may have loaded on the side, at any given time.
5If a site can exploit the browser engine they can access other pages. Normally the sandbox would make a exploit stay local
2Ty
1
Well I personally wouldn't trust anything Graphene says
3Searching for
fission(their site isolation is called like that) inabout:configon Mull (FF Android 127) didnt give any obvious results3Permanently Deleted
1