Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
MrAlex94 14 hours ago

Librewolf and Waterfox have always had different goals. Waterfox has always had a more opinionated take on defaults and privacy. Essentially the goal has been keep the web as private as possible without breaking it (I know Librewolf is more aggressive there and that sometimes leads to website breakages) and I think I've managed that well, especially with the implementation of Oblivious DNS by default.

The upside of Librewolf being a community project is also IMO its downside - there isn't any accountability and with the current climate around the world becoming more hostile to online services, I think governance is hugely important, which is why I've tried to collate everything as much as I can: https://www.waterfox.com/docs/policies/company-information/

At the end of the day, if something goes wrong, at least with Waterfox I can be held accountable.

adrianwaj 13 hours ago | parent [-]

There was a recent comment: "if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true)."

https://news.ycombinator.com/item?id=47553048

Would either WF or LW fix that? Is it true?

MrAlex94 12 hours ago | parent [-]

Nothing to "fix" per se - webextensions need to interact with website data, otherwise they wouldn't be much use. Any extension with content script access can read page content including form fields.

The only real mitigation is being selective about which extensions you install and what permissions you grant them (even then, ownership of extensions change hands, updates can change what they do... it's a never ending battle really).

mrWiz 9 hours ago | parent [-]

My naive fix would be to disable extensions from accessing form field data without explicit approval. Hell, add different approval boxes for read, write, and hidden-text.

What am I missing?

Matumio 4 hours ago | parent [-]

Say you have an ad-blocker and you don't allow it to touch your forms. Five years later, the ads have moved all into form fields.

Never mind the technical challenge to allow doing anything with the DOM but disallow reading the forms. Like, prevent the forms leaking its text when you do funny things like testing character width via line breaking or font changes.