
Germany's cyber-security agency recommends Firefox as most secure browser - XzetaU8
https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/
======
badrabbit
Threat model! Firefox indeed does excel for the average citizen in terms of
security. While people that know some infosec think CVE count and exploit
mitigation is a priority. It has auto update for known vulns, for 0days,people
who are targeted by attackers willing to burn a browser 0day on them have a
drastically different threat model than the average citizen and frankly using
Chrome because of CVE count is a bad strategy if you're one of those people
(bromium,qubes os and other segregation based appsec is worth a
consideration).

You have to appreciate how much privacy counts (Chrome failed telemetry on the
BSI test)

------
ryanlol
This is not completely ridiculous, but it’s exactly the sort of silliness
you’d expect from bureaucrats (and zdnet!)

Firefox isn’t the most secure browser, it just checks the most boxes on this
particular compliance checklist which doesn’t _really_ assess the security of
the browser.

~~~
kerng
They provide arguments and data points why Firefox is the most secure browser.
This is not silly, but allows to have a good discussion. Care sharing other
evaluation results from reputable sources?

~~~
ryanlol
They provide arguments and data points _specifically designed to portray
Firefox as the most secure browser_.

They missed super important checkboxes like “site isolation”, which is a far
more significant feature than most things included.

If this wasn’t bullshit there’d be boxes nobody checks, but right now they
just took a list of firefox features and worked from there.

~~~
yeahforsureman
There's this: "Web pages need to be isolated from each other, ideally in the
form of stand-alone processes. Thread-level isolation is also allowed."

~~~
ryanlol
Yeah, deliberately chosen so firefox will tick the box.

Firefox is testing site isolation but it isn’t ready yet, Chrome has it on by
default.

Ask any firefox dev! They’ll tell you they’re far behind on this.

