On Sun, 19 Apr 2020 15:08:29 -0700 ToddAndMargo via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > If you are using Firefox Nightlies, you are in for a > wild ride. They are B-U-G-G-Y. I only test them when > I am forced to for by some issue and I get back off them > as soon as possible I've been running it for years, and yes, I've reported a few bugs in that time, and they have been fixed quickly. But mostly, it just works. I wouldn't recommend it for people who view the browser as an appliance, it is like rawhide in fedora, the development environment where changes are introduced. > Mozilla has a LONG history of not working around broken > code on web sites. The idea is if enough users complain, > then the web site will fix their code. The problem > is "enough users". That's not a detraction for me, that's a recommendation. If a website can't be bothered coding to standards, what is the probability that they use secure protocols, and are secure? How likely are they to protect my privacy? How likely are they to store my personal data securely? Sloppy is sloppy, and if they don't have protocols in place to create a website that adheres to standards, they are sloppy. So when firefox warns, that tells me to be careful with that website. As Tim said, in that case I usually just leave and go to a website that doesn't warn. That is, their incompetence loses me as a (potential) customer / user. > But here is the rub. Firefox has been dumped by so many > people over this issue, that it is no longer a serious choice > for anyone who wants a broadly compatible browser. > > Here are the statistics: > https://netmarketshare.com/browser-market-share.aspx Heh. I run Fedora, so I know that market share is not an indication of quality. If so, we would all be running windows, or maybe macos, since they have a greater market share. > And what makes you think Firefox is the king of security? > Here is a run down: > https://vpnpro.com/blog/most-secure-browser/ > > Firefox is rated number 4, behind number 2 Ungoogled Chromium > (Blink) and number 3 Brave (Blink). I interpret that page differently than you do. I agree that Tor with a vpn is probably the most secure way to browse, but it is above my trade-off for hassle / cost for security / privacy. I think their testing methodology is for browsers out of the box. But as they say, firefox with the right add-ons can be customized to be as secure as any of the top browsers. Me in charge of customization, that's a winner for me. In the end, I think this discussion is like the old KDE vs Gnome argument that used to rage in linux. Emotional, and dependent on user needs and preferences. Any of the top 4 browsers in that list are fine to use. I will concede that according to that page, brave is secure, so you are justified in installing it. > And as far as business goes, #1 is works, #2 is security. > I CAN NOT tell a customer to drop their customer because > their customer's business-to-business portal does not > work in an obscure browser -- be it Firefox, Opera, Safari, > are Acme Browser. > > Why would I tell a customer to close his business because > his customer ignores a weird, obscure niche browser, such > as Firefox, especially since Firefox give no extra security > protection or privacy over non-googled Blink based browsers? > If the buyer demands you use Blink, you use Blink. There > are plenty of other sellers out there that want our business. > Closing one's business is not an option. I agreed with you in my previous comments. Your use case and mine are very different, so it isn't so surprising that we have different perspectives. > Brave (Blink) run very well and is even more private that Firefox. > Here is a study for you to look at > > https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf Thanks for this link, very good. Based on that, out of the box, brave is more secure than firefox. I fixed most of the issues they mention about firefox a long time ago, but haven't revisited them lately. I'll have to check again. > > Firefox fall in the middle. The most private is the > Blink based Brave. For calling home privacy, which is only one aspect of privacy. As far as hacking goes, the link above this one stated that google chrome has won a competition to resist compromising the browser in a period of time two years in a row. But, of course, chrome has other privacy issues. It surprises me that your clients are concerned about google tracking them, with their attitude. It seems chrome would be a good solution for them; they pay for secure browsing with their tracking privacy, which they don't care about. > Now for security, I do security consulting for PCI (Payment Card > Industry). The overwhelming cause of security breaches > is the user, not the software. He does stupid things, > like inserting unknown USB flash drives into his system and > clicking an any link he finds. > > The CLASSIC way to breach a company is to draw up a bunch > of flash drive with viruses on them, and scatter them in > the companies parking lot at night. About one in twenty > get plugged in. I recall reading that most exploits are due to social engineering. I suppose that this would be part of that. But there are lots of attempts at penetration performed over the web, and some of them are by state actors, so are very sophisticated (because they have the resources to make them so). I allow that the most sophisticated are unlikely to be targeting small businesses. > And ransomware is almost always the user being tricked into > clicking on a link in this eMail. Interesting to know, not that it is of concern to me. > Now if you really, really, really cared about security, > you would drop Windows and move to Fedora. But then > you are back to the same old problem. If Fedora does > not run the software you need it to run, "it does not work. > I will use what works". It does not matter if Fedora > is 1000 times better written and has 10,000 times better > security than Windows, the customer does not care. Good business for anti-virus providers. And you. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
