Gemlog: There Is No Perfect Browser (Part 1)
.__ .__ .__ _____.__ ___________ ________/\
| |__ ____ | | | |_/ ____\__|______ ____/_ \ _ \ \_____ )/ ______
| | \_/ __ \| | | |\ __\| \_ __ \_/ __ \| / /_\ \ _(__ < / ___/
| Y \ ___/| |_| |_| | | || | \/\ ___/| \ \_/ \/ \\___ \
|___| /\___ >____/____/__| |__||__| \___ >___|\_____ /______ /____ >
\/ \/ \/ \/ \/ \/
.__
____ _____ ______ ________ __| | ____
_/ ___\\__ \ \____ \/ ___/ | \ | _/ __ \
\ \___ / __ \| |_> >___ \| | / |_\ ___/
\___ >____ / __/____ >____/|____/\___ >
\/ \/|__| \/ \/It's the middle of the night, and I have once again found myself looking for a new mobile browser.
Tor Browser
I currently use the venerable Tor Browser on my phone, and it serves me well for my general browsing.
But wait! There's something wrong with Tor Browser, which I mentioned briefly in my previous gemlog post[1]: the Tor network may potentially be compromised, and methods have recently been discovered that can de-anonymise users under certain circumstances. Now, there is a good chance that the network is still safe enough for my threat model — but in all honesty, there is no point when I can just use Mullvad VPN with multihop enabled.
1: On The Internet Of The '20s
Firefox and derivatives
So, where to go then? IronFox would be the next logical option, and I even recommended it in my previous post. However, IronFox, Tor Browser, and any other Firefox-based browser on Android has a glaring issue: there is no per-site process isolation. In the words of the late DivestOS project:
Per-site process isolation is a powerful security feature that seeks to limit exposure of a malicious website/script abusing a security vulnerability.
It is quite self-explanatory. Each tab is isolated into its own process, preventing it from being able to access other site data, browser settings, or passwords.
While it would require a zero-day exploit or a targeted attack to be any real concern, the idea of a known security flaw such as this doesn't sit particularly well with me.
Is Chromium-based the way to go then? It certainly seems that way. So, what to choose?
Brave
Well, the first choice would be Brave. This is a browser with advanced ad-blocking, tracker-blocking, and privacy-preserving... stuff. The crypto and AI stuff isn't great, but it's not constantly shoved in your face. Sadly, Brave has a different problem: its CEO is...controversial.
Brendan Eich is, in many ways, a major contributor to the internet. He worked on Netscape, he created JavaScript, and he co-founded Mozilla before resigning in 2014 and founding Brave Software in 2016. Unfortunately, he has a history when it comes to LGBTQ+ rights.
In 2008, Eich donated $1,000 to California Proposition 8, a proposed constitutional amendment that would ban same-sex marriage in the state of California. He also donated $2,100 in total to Tom McClintock (a supporter of Prop 8) between '08 and '10. As a result, he resigned as CEO of Mozilla in 2014 and left the company after public outrage.
He did say on his blog[2] that he expressed "sorrow at having caused pain" and that he aimed to "make Mozilla a place of equality and welcome for all". However, Eich has not commented on LGBTQ+ rights since then, so it is unclear exactly where he stands on the matter.
2: Inclusiveness at Mozilla - Brendan Eich
All in all, when you combine a history of homophobia, crypto, and AI with privacy, security, and FOSS, you get a browser I am personally divided on, and which I tend not to use as a result.
Other Chromium derivatives
I run GrapheneOS, which just so happens to come with its own Chromium fork with the tracking removed and with some security hardening.
What's the problem? Adblock. Vanadium does not have an adblocker, and it also does not support extensions or userscripts. There is a good chance my DNS will do, but hosts-based blocking is limited and unlikely to catch everything.
According to Cover Your Tracks, it also has a unique fingerprint, and that simply will not do.
The same goes for Chromium, as well as the well-regarded Cromite.
DuckDuckGo Browser
I don't use DuckDuckGo for two reasons:
1. I prefer SearXNG as my search engine
2. SystemWebview-based browsers are limited to having very basic process isolation and fingerprinting protection
Reason #2 is also the reason I do not use Privacy Browser, FOSS Browser, Jelly, or Luna (a browser I cooked up myself a while back using MIT AppInventor).
Other options
There are other ways of getting online, of course. Termux can be used to provide alternatives to Android browsers.
The trouble is that the methods are clunky and unusual for the casual user.
The simplest is to use a text-based browser. My favourite is Links2, but ELinks, Lynx, chawan, and w3m are also available. However, these all support older versions of HTML and have either limited or no support for modern web technologies. w3m and chawan are capable of displaying images via sixel and kitty, but sadly Termux supports neither of these.
Another method would be to install a graphical window manager in Termux and access it via VNC. This would allow you to use full-featured graphical desktop browsers, such as Librewolf, as well as alternative mobile-oriented browsers such as KDE's Angelfish. The catch? The performance isn't great unless you have a device with high specs, and the controls of desktop browsers are not well-suited to a phone screen (although Librewolf isn't the worst).
Conclusion
And just like that, I'm out of options. Sure, there are more browsers, but the rest are considerably worse regarding privacy, security, or features.
At least it's better than what iPhone users have to put up with (WebKit or nothing, unless you want to use something like Links2 in iSH).
First Published 2025-06-26 02:20 BST
Last Edited 2025-06-26 12:43 BST
Source