I’m not sure why you linked to this irrelevant 3 week old issue while referring to something that was fixed a year ago. Referring to it as a backdoor also implies that I was malicious, when it was simply incompetence. Have there been any security issues since? (Not trying to imply that not having any would make it safe, just wondering).
Zen is an amateur hobbyist project, expecting it to be something else is silly. It isn’t backed by a company. You take on these risks when you use a project like this. Its open source, do your research before using it for anything important. If you don’t want to take those risks, use Firefox.
I’d like to take this opportunity to say Mullvad browser is maintained by Mullvad and Tor Project which in my eyes sets it way apart from these hobby forks (including librewolf)
I agree, Mullvad is the only fork that I have confidence in the security of (ignoring Tor ofc since it’s not really for general use).
I’ll bite: what’s wrong with LibreWolf?
It just lacks manpower unfortunately. Going with a browser that has the funding for a security team is the safer option.
Librewolf is firefox with different settings how does it not already benefit from Firefox’s security team
It does, but less than Firefox does. Their lack of manpower means delayed updates to fix zero days compared to Firefox. It also means less eyes on any patches introduced, so I’d be more concerned about malicious code being introduced.
Their lack of manpower means delayed updates to fix zero days compared to Firefox
From their site:
LibreWolf is always built from the latest Firefox stable source, for up-to-date security and features along with stability.
As soon as firefox pushes a release, for instance to fix a security vulnerability, librewolf can immediately rebuild It is literally just firefox with different setting. Delay between firefox release and librewolf release should be negligible. You can verify this by noting that 136.0 was offered on the same day.
https://codeberg.org/librewolf/source/commit/2b90daeb5aa5a80443f4f7655393f610fb16418a
https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
The difference in time between firefox and librewolf security updates is less than the variance between users updating their machines.
Also want to add that this was caused by a configuration issue. If you want security, don’t use Firefox (or its forks) default configs, look into Betterfox. Apparently Zen also uses this as the base for its default preferences, which is a good decision.
Were they… vibe coding? ⁽ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ⁾
Fucks sake, reading through these comments it appears the Zen browser developer doesn’t know what they are doing.
What alternatives are people using? I’m on Mac, iOS and Linux, avoiding Chrome/Safari and not looking to go back to Firefox, is there anything reliable/secure available?
Have you settled on anything yet? I really like the essentials part of zen but incompetence on that level scares me.
I’m looking at librewolf and firedragon. Librewolf to replace Firefox and firedragon to replace zen. Both are on flathub.
throw some waterfox on your firedragon
Vivaldi is a very mature product
Vivaldi is Chrome based
Thank you for the uninformed downvotes. Vivaldi is Chromium based with advanced adblocking and privacy features and other superior bells and whistles. OP wanted to avoid Chrome (for obvious reasons) while looking for a well-working multiplatform browser.
Jesus. I didn’t downvote you, and I was referring to people not wanting the engine, Chrome and Chromium.
people are down-voting you because they don’t want chromium either
Quite the irony then that people vote for LibreWolf, which is according to the same logic even more Firefox-ish (being a direct fork) than Chromium Chrome-ish (inverse relation). Not to mention Wolf looking half-dead, which sounds like a 0-day paradise. But whatever floats your boat, I just mentioned an alternative according to the OP’s query.
LibreWolf
https://github.com/arkenfox/user.js/issues/1906
Not sure about the health of librewolf either, this thread suggests it’s 3 overworked people unable to keep up
I use mullvad browser
Oh man Thorin was PISSED haha
How about waterfox?
Way worse afaik
I mean, they do CLAIM to be. Idk how truthful that is tho
Privacy =/= security
What do you recommend for android? Is Fennec OK?
Ironfox is a better choice if you want something hardened/security focused
Thanks.
😭😭😭 Alright. Time to try mullvad ig.
Jesus fucking Christ. I am tired man. I’m tired. It’s the second time I switch browsers today.
Crazy that there’s pretty much nothing we can fully trust as consumers 🥲
I thought it just allowede easier debugging, sorry
What the fuck, this dude is making a browser and he doesn’t know what shit in the code he’s shipping even does?
It turns out hobby forks of a web browser is a dumb idea.
It’s either obvious bullshit, or the bloke is out of his depth.
I suppose I should try and not just throw people under the bus, but I struggle to buy it.
Not really an excuse but I expect writing a browser is an extremely intensive project and perhaps they were unprepared.
Navigating any code base that isn’t your own adds it’s own challenge on top.
So at this point I think it’s a “deer in headlights” case with some “head in sand” thrown in.
Whenever people ask about privacy oriented Firefox alternative, firm answer from most of us is Librewolf. However, for some, shiny things are hard to resist.
I like Floorp but i have no idea how much more/less private it is. I just like customising it
That’s okay. Means privacy isn’t your primary concern.
Librewolf also tends to break sites sometimes, I don’t want to deal with that
We have different experiences.
Librewolf isn’t on Android, but IronFox is.
I just found out from another thread that Fennec is alive. When DivestOS went under, Fennec was pronounced dead too (that was when I migrated to IronFox) .
However, it seems someone continued maintenance. Does anyone have more details?
The “backdoor” mentioned in a single reply is very different from the telemetry issue. https://github.com/zen-browser/desktop/pull/927 was fixed a year ago.
I agree the telemetry should be either disabled or at the very least users should just get a config tab on first launch to opt out but the Lemmy submission is misleading and bordering on fake news.
Either way…reading through this, this developer seems like an idiot.
He doesn’t really understand what the code he’s shipping is doing, he doesn’t want to listen to people or ask real questions. He gets defensive to even constructive criticism
Not who I want driving the project behind something as critical as my browser.
Well, at least they explained it! /s
I thought it just allowede easier debugging, sorry
Edit: This comment is a gem, too.
So disappointing. I just transitioned my personal browsing from Arc to Zen Browser because it was the closest vertical tab experience I could find. Now I hope one of the other browsers will figure out and implement good drawer-based vertical tab UI.
Floorp has literally been right there the whole time.
Floorp is even less trustworthy after that incident with part of the browser being closed source. Even if they undid it, the fact that they would try that is unacceptable.
not the person you replied to, but I wish someone had told me that rather than just downvoting me, that’s helpful to know about and I only found out cause I came to try dig though the thread to see if there were clues as to why folks were so unhappy with my mentioning it 😅
Not everyone knows or keeps up with every blemish on a project’s record
If you right click on the tab bar on regular Firefox you can enable vertical tabs. I don’t think they’re as nice as Zen’s vertical tabs but they’re still pretty good
Any Firefox-based browser can use “Tree style tabs” it’s vertical tabs from the time before they were cool. Very customizable.
Sure but it’s not the closest experience to Arc
I don’t use or care that much about vertical tabs, and it seems complicated how big if a deal this actually is, but florp might be worth taking a look at if you’re not already familiar with it
I don’t know a ton about it but I think it has a similar kind of niche and is more vertical tab focused
They just closed the issue without even acknowledging it, lol
Because its a stupid issue. The complaint is that a Firefox fork acts like Firefox.
are you really surprised? that bugreport did not contain a single actionable detail. and then it refers to some forum without any real reference, name or URL. there may be truth to it, and the other issue was actually very important and ridiculous, but this issue report is a big wontfix, reopen with real details
They just closed the issue without even acknowledging it, lol
They acknowledged the remote debugging backdoor issue and fixed it a year ago.
It was enabled due that zen was still a toy project and we needed people to easily open the debugger for easier bug fixing. This was due because zen was not in a daily drivable state and didn’t gain any sort of popularity yet.
https://github.com/zen-browser/desktop/pull/927
The telemetry issue is entirely different. Their handling of that is naive at best, dishonest at worst but it is completely different from the “backdoor”.
Fair, I was referring to the referenced issue in the comments on this post.
What was surprising to me, is that there were many comments, and mentions of devs, yet no acknowledgment or getting linked to another issue.
That is a red flag to me.
What do you mean? The dev did acknowledge it and linked to a relevant discussion.
Industry plant browser lol
I didn’t see anything about a backdoor at the link.
https://github.com/zen-browser/desktop/issues/5947#issuecomment-2741902234
It’s a link to a previous issue that was fixed, but it’s an egregious one.
It’s weird link to this issue with that title, since the problem is only referenced in the discussion. The actual backdoor issue is here.
Fuck me, tell me someone else has risen to effective project lead since then?
His last comment is from 7 minutes ago so I would say no x)
You volunteering?
who in their right mind would hand over project leadership to a random person on a forum who he knows nothing about
Hand over the project?
You go to GitHub, click fork and now you’re the new project lead.
It’s always kind of weird to see people (not you, just something I often see in these threads) treating open source projects like they’re commercial products where they can make demands.
These are projects done in people’s free time and their work is provided to everyone for free. Sure, report bugs and feature requests but crossing into personal attacks on the developers or going full Karen (“red flag” is usually a good indicator of this type) is out of line.
Don’t use projects that you don’t like, sure. But no person is entitled to dictate how another person’s project should go. That’s why there’s a fork button.
I thought it just allowede easier debugging, sorry
Fuuuuck. I wouldn’t eat a sandwich made by this person let alone a web browser. Forking and mucking around in a code base they clearly don’t understand. I get the feeling they’re one of those
chmod -R 777people.I agree. That response made me lose any trust I had and I actually went to check that I didn’t still have Zen browser installed from some earlier test run. He sounds like a script kiddie.
He was obviously very amateur by reading his posts on Reddit. Zen is more of a skin than a real browser, but I guess that’s essentially what a fork is at some point.
