this post was submitted on 02 Oct 2023
149 points (98.7% liked)
Firefox
17902 readers
40 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Its great and has a lot of potential, I like a lot of what it does. I just wish they had packaging easily available for Fedora/RHEL through a COPR or the like. Also would've preferred if they used a stable release vs. the ESR of Firefox as the base, but I can understand why.
Floorp definitely isn't hardened out of the box in my testing. Only thing it does is seems to disable Firefox's telemetry, which is nice, but more hardening is certainly needed through other projects like Arkenfox (which work here on Floorp too). Also looks like Floorp makes it easier to toggle some privacy settings that you'd usually have to tweak the about:config for, and comes pre-installed with uBlock Origin, which is great.
I think overall my only concern with Floorp will be how well and quickly the developer can keep up with updates. The track record for now looks good, but only time will tell. Besides that, this is a good and very promising project, will definitely keep an eye on it.
Why not get the flatpak?
Same
Agree 100%. I feel that FX should come with uBlock out of the box.
That would upset sugar daddy Google.
Security concerns. There's a lot of debate over it, but from the research I've done, I believe the Flatpak of Firefox is less secure, since it seems to remove part of Firefox's internal sandboxing, and relies heavily on Flatpak's sandboxing.
Basically makes it easier to compromise your data within the browser (like cookies, site data, passwords, etc), but maybe harder to get to the rest of your OS.
I just prefer using the rpm of Firefox with Firejail, as that keeps Firefox's built-in sandboxing intact, while adding an extra layer similar to Flatpak to restrict it further. Best of both worlds.
Interesting. It's my understanding that flatpaks deliver the app as close as possible to the way that the developer intended. With an rpm, someone had to go and take the app from the developer and make it into an rpm, so there's an extra step there.
For sandboxing, yes, flatpak does do a really good job of that. Otherwise, apps would get sandboxed on Linux with either SELinux or AppArmor.
For security, flatpaks give you the latest version of a package and updates come in automatically, so I view them as being very secure.
Please point out any errors with my reasoning (open invitation to anyone). Thanks!