commit: 03fae23cfcab07c0cd138b89f1d63535c35e87af
parent 33025d56be3c05cbe10afafba55408b7fb24600a
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 28 Jan 2021 11:04:00 +0100
anybrowser: Detail netsurf
Diffstat:
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/anybrowser.shtml b/anybrowser.shtml
@@ -14,7 +14,10 @@
<dt>WebKit(GTK, WPE, Qt, FLTK), Gecko/Servo, Blink</dt>
<dd>Works greatly, supports everything used</dd>
- <dt>w3m, lynx, links, elinks, Dillo, Mothra, Abduco, Netsurf, Kristall</dt>
+ <dt>Netsurf</dt>
+ <dd>Only lacks colors because my CSS theming uses variables</dd>
+
+ <dt>w3m, lynx, links, elinks, Dillo, Mothra, Abduco, Kristall</dt>
<dd>Works fine</dd>
<dt>Netscape, Mosaic, …</dt>
diff --git a/projects/badwolf/fqa.shtml b/projects/badwolf/fqa.shtml
@@ -28,6 +28,22 @@
<p>Good luck.</p>
</blockquote>
+ <h2 id="security"><a href="#security">§</a> Security</h2>
+ <p>In the alternative browsers scene, actual security/privacy based on source code and programs architecture, rather than pure (dis)belief of trust is a major catastrophy and the internet commenters gets it wrong almost all the time.</p>
+ <ul>
+ <li>Since mozembed/XULRunner's death (~2015) most firefox-based browsers never get security fixes on time, specially the meme ones (Waterfox, Palemoon, Basilisk, GNU IceCat, …) and they tend to add security issues. Only exception is the <a href="https://www.torproject.org/">Tor Browser</a>, which I would highly recommend using.</li>
+ <li>Mozilla likes to install blobs (EME, Google adb, OpenH264 in a way) and ask for backdoors, remember Firefox Study that was advertised to patch your browser when they failed the basic management of renewing a certificate for the second time and where you ended up with all your addons disabled? (except sideloaded ones but that feature got removed because of broken operating systems such as Microsoft Windows)</li>
+ <li>QtWebKit has yet to make a release without already known security issues, this has been going on for years</li>
+ <li>QtWebEngine is doomed to never get security fixes discovered in the Chromium Project (it's upstream) released on time since the releases are synchronised with the rest of Qt</li>
+ <li>WebKit is basically the only engine out there that tries to reuse known good code from others rather than doing it's own code, which also means much easier audits</li>
+ <li>Google, through the Chromium Project is the one pushing for a lot of dangerous APIs, stuff like EME, WebUSB, … are from them</li>
+ </ul>
+ <p>The GTK and WPE APIs of WebKit might not be very popular (hard to find numbers, GTK is on Unix desktops, WPE is on embeddeds), but WebKit has a good user share through Safari (20~30%, what was once Firefox's userbase, which is 7% and descending), which makes them audited by stuff like Google's Project Zero. Only reason I could see why internet commenters so often claims WebKit as insecure is because it's how they could execute exploits on Video Consoles, which in my opinion has more to do with their operating system (I got "root" on my Nintendo 3DS via the music player…) and update model (it's easier to push an exploit than update the system of a Nintendo 3DS).</p>
+ <p>
+ Now, on browsers that I would actually trust as secure rather than just believe them to be good enough? Well, for starters, the ones without any JavaScript, not that JavaScript is evil, it's a terrible language but there is a lot of those out there, the problem is that there is way too many dangerous APIs getting added and with barely enough protections.<br />
+ Sadly a lot of websites requires JavaScript and you can't always get away from them. Good part? WebKit doesn't implements the APIs that can be security treatening and avoids anti-privacy ones, for example WebUSB got basically instantly rejected as dangerous.
+ </p>
+
<h2 id="adblocker"><a href="#adblocker">§</a> AdBlocker?</h2>
<p>As written in the manpage, there is <a href="https://github.com/jun7/wyebadblock">wyebadblock</a>. And no, mere JavaScript blocking is nowhere near enough to avoid tracking, there is a lot of exploits based on pure CSS.</p>