I wish the article would talk a bit more about security. Here's what the GrapheneOS project has to say about Firefox [1]:
> Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
If you're someone who's taking GrapheneOS' thread model into account, a locked down native browser is definitely better.
Chrome has a whole bunch of cool security tricks that definitely outshine many other browsers, but I find it all rather inconsequential when the using Chrome leads to such a terrible, privacy-hostile experience.
While I still use Firefox on desktop, on Android I recently switched from Firefox mobile to Brave out of security concerns and frustrations with performance. It has built-in tracker, query param and ad blocking, and is recommended by the GrapheneOS people as a decent alternative to their Vanadium browser [0]. Additionally, I have a gut feeling a Brave user blends in a bit better with its default ad blocking vs say a Firefox user with extensions and filter lists of their choice, but this might be negligible.
On the other hand the affiliate, crypto and AI shit in Brave are quite disgusting tbh, but at least they can be disabled. I also miss Firefox sync a bit.
No, it's not. They use the same lists as uBO's. There's literally nothing called "blends in better" here, and there's no definition and proof of it either.
The difference is that unlike Brave and Vanadium, Firefox doesn't come with an ad blocker. You will have to install uBO. If you want to also trim tracking query params, you will have to enable a non-default filter list. Modifications like these will make you stand out from the average Firefox user. It's the reason why installing more extensions and messing with settings is not recommended when using Tor browser or Mullvad browser. The GrapheneOS project also discourages it (https://grapheneos.org/usage#web-browsing).
But you are still right, I don't have data for this or even a measure for uniqueness, it's just a guess.
Brave is definitely faster. I have it installed as my broken-website-doesn't-work-on-Firefox browser. I dislike the cryptocurrency grifting too much to use it as a default, though. There are way too many settings I need to disable to make the standard browser UI non-annoying for me to trust it.
Vanadium also seems cool, but it doesn't work on my non-Graphene devices.
I personally like the uBlock solution for how quick it managed to block Youtube's ads in things like private tabs where I'm not logged into Premium.
I use Graphene OS and I like it a lot, but 1) I have the feeling that, with Android's Decree coming, they are counting their days left to live. Unfortunately they built an amazing OS on very shaky foundations, it's not their fault, it's the mobile OS ecosystem that sucks. And 2) They (or, better, their benevolent dictator) tend to be very silly when it comes to threat modeling, as in "my way is the only one that makes sense". Personally, I prefer to use a browser like Firefox that allows me to block every annoying ads and to customize my experience as I want, rather than a super-secure fully isolated browser like Vanadium that a) does not replace Chrome anyway for many websites that require strong attestations (e.g. Wise's verification works on GOS with Chrome but not with Vanadium), and b) it's still based on Chromium, so still built on shaky Google foundations. With Mozilla's questionable choices over time, I keep my fingers crossed for Ladybird or Servo, or similar.
The Graphene team has seemingly partnered with an OEM, who is releasing binary security patches for them already (with source code available after embargo lifts). Hardware does not seem too far away at this point either.
While I don't disagree that Google are going to be targetting GrapheneOS and other OSes, the decree you're referring to only applies to "certified Android devices" - devices which run a Google-vetted version of Android and that come with Google Play pre-installed. OSes like GrapheneOS are not currently affected by this, as any device running it is not a "certified Android device" by definition.
This is not a reason to sit idly back, of course. GrapheneOS is in danger, as you say - it's just not necessarily from this particular decree.
Given that their OS requires a pixel phone and google is not releasing
a) updated drivers
b) updated source code for the latest release
their days are indeed numbered.
As for not being a certified android device and being unaffected. That is not true. There will be chilling effects that result in much less FOSS app development for Android, and whether or not an OS is certified is irrelevant in that regard.
If google is doing something as drastic as intervening in the installation of all apps, they're not likely to sell phones with unlocked bootloaders - the pixels that GrapheneOS currently depends on 100% - much longer.
Don't other vendors still sell unlockable phones? I first encountered Motorola back when they were assholes (pre Google digestion) but I thought their new devices were easily unlockable (if you vs carriers own them). Has that changed? My wife had a Motorola previously (she's went Apple recently and hates it) but Motorola post-Google seemed pretty nice.
a fairly large number can be unlocked, yes. Google's devices have just generally been the most visible because they've always been easy to target, and they have the biggest possible name behind them.
True, but what are the alternatives? Bloated Brave? Bare Chromium without a proper adblock (I mean unlock of course)? Firefox is still the best browser there is, even with these flaws.
Librewolf is not recommended, but rather just install Firefox and apply arkenfox to it. That's basically what Librewolf is, just with that and uBlock Origin pre-installed. But what you lose with Librewolf is them being behind in security updates, sometimes multiple days (!).
Imagine a browser where the user can actually read and edit the source code and compile it themselves, in seconds
How many users read the Firefox or Chrome/Chromium-based browser source code and compile it themselves
Not every use of the www requires a large, complex graphical web browser. It's useful to have browsers that are suited for non-commercial uses such as text retrieval
Just serve them through any http server on termux! Works as you'd expect, but on FF you need to manually add the http:// prefix in the URL bar if you navigate to an IP address like 127.0.0.1. Not sure why it doesn't figure that out by itself.
> Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
[1]: https://grapheneos.org/usage