• Why You Shouldn_t Use Firefox Forks Like Waterfox, Pale Moon, or Ba

    From tom@21:1/5 to Nomen Nescio on Sat Jul 21 17:52:25 2018
    XPost: alt.privacy.anon-server, alt.comp.os.windows-10

    On Thu, 12 Jul 2018 09:01:34 +0200 (CEST)
    Nomen Nescio <nobody@dizum.com> wrote:

    Mozilla Firefox is an open source project, so anyone can take
    its code, modify it, and release a new browser. That_s what
    Waterfox, Pale Moon, and Basilisk are_alternative browsers based
    on the Firefox code. But we recommend against using any of them.

    If You Don_t Like Firefox Quantum, Use Firefox ESR Instead
    RELATED: What_s New in Firefox Quantum, the Firefox You_ve Been
    Waiting For

    We like Firefox Quantum, which is faster and more modern than
    previous releases of Firefox. If you want to keep using your old
    add-ons that no longer work in Firefox Quantum, we recommend
    Mozilla_s Firefox Extended Support Release (ESR) instead.

    Firefox ESR is based on Firefox 52, supports traditional XUL
    Firefox add-ons and NPAPI plug-ins, and will continue receiving
    security updates directly from Mozilla until July 2, 2018.

    Yes, Mozilla has done some things we_re not crazy about. The Mr.
    Robot _Looking Glass_ add-on was ridiculous, and we_re not
    thrilled about what they_re doing with Cliqz in Germany. But,
    after taking some deserved public heat, they_ve made policy
    changes and we_re hopeful they_ll do better in the future.

    Even if you don_t completely trust some of Mozilla_s business
    decisions, your browser is just too important to be left to a
    small community of enthusiasts. We think it_s best to go with a
    big project with a large number of developers that receives a
    lot of attention to security. That_s why we recommend against
    using these smaller Firefox-based browsers, and why we also
    recommend against using alternative browsers based on Google
    Chrome. Here are our concerns with some of the more popular
    Firefox alternatives.

    Waterfox Is Firefox ESR, But With Slower Security Updates

    Waterfox is based on Mozilla Firefox, and it_s probably the most
    popular alternative browser based on the Firefox code. It made a
    name for itself by being a 64-bit browser based on the Mozilla
    Firefox code when Mozilla only offered 32-bit versions. However,
    Mozilla Firefox is now a 64-bit browser on 64-bit versions of
    Windows, so that_s not a reason to use Waterfox anymore.

    Today, Waterfox is based on Firefox ESR. It advertises support
    for traditional XUL Firefox extensions and NPAPI plug-ins like
    Java and Silverlight. These are both features of Firefox ESR, so
    you don_t need to switch to Waterfox to get them. After Firefox
    ESR reaches end of Life, _a _new_ browser will be developed to
    follow the ethos of Waterfox of customisation and choice_,
    according to the Waterfox blog.

    Waterfox also has some other different features. It disables
    Pocket by default, but you can disable Pocket yourself in
    Firefox. It won_t send telemetry data to Mozilla, but you can
    disable that from Options > Privacy & Security > Firefox Data
    Collection and Use in Firefox. Encrypted Media Extensions (EME),
    which are required for sites like Netflix, are also disabled by
    default_and, again, you can disable them yourself in Firefox, if
    you like.

    Overall, using Waterfox is basically just like using Firefox ESR
    and changing a few settings_with one big difference: security
    updates arrive in Firefox ESR much faster than they do in
    Waterfox. Whenever Mozilla releases security updates for Firefox
    ESR, the Waterfox developers have to integrate those updates
    into Waterfox before delivering them to users.

    Let_s look at the most recent major release: Mozilla released
    Firefox 57 on November 14, 2017. Waterfox_s developers released
    Waterfox 56 that incorporated the security updates found in
    Firefox 57 on November 30, 2017. We don_t think waiting more
    than two weeks for security updates is a good idea!

    Here_s a more recent example from a minor release: On January
    23, 2018, Mozilla released Firefox 58 and Firefox ESR 52.6 with
    a variety of security fixes. Three days later, the Waterfox
    project said it was working on integrating these patches on
    Twitter. On February 1, 2018, Waterfox 56.0.4 was released with
    these patches. That means Waterfox users waited nine days for a
    security patches from a minor release, compared to if they were
    just using Firefox. We don_t think it_s a good idea to wait that
    long.

    In the future, this will only get more complicated as the
    Waterfox developers try to make their own browser. We recommend
    staying away and just using Firefox ESR.

    Pale Moon Is Based on Very Outdated Firefox Code

    Pale Moon is based on older Firefox code. The current version of
    Pale Moon is based on Firefox 38 ESR, which was originally
    released in 2015. The prior release was based on Firefox 24 ESR,
    which was released in 2013. The project uses an older Firefox
    interface created before the Australis theme, and still supports
    XUL add-ons.

    Rather than being based on Mozilla_s Gecko rendering engine,
    Pale Moon is based on _Goanna_, an open-source browser engine
    that_s a fork of gecko. (In open-source software, a _fork_ is
    when someone takes the existing code of a project, copies it,
    and develops it themselves from that point forward, going in a
    different direction.)

    While Waterfox is based on code that_s currently supported by
    Mozilla, Pale Moon is based on much older code. It won_t have
    the new web features or performance improvements of modern
    versions of Firefox, nor does it support watching certain kinds
    of video with DRM.

    More importantly, basing a browser on such old code makes
    security patches harder. Pale Moon_s developer tries to keep up
    with Firefox security patches, but he_s maintaining old code
    that Mozilla has abandoned. Mozilla reportedly has over a
    thousand employees, while Pale Moon has one primary developer,
    trying to maintain a huge amount of code that_s becoming
    increasingly outdated. The older code also omits features that
    help make modern browsers so secure, like the multi-process
    sandboxing features that have finally arrived in Firefox Quantum.

    Besides, Pale Moon tends to perform worse on browser benchmarks
    compared to modern browsers, which isn_t surprising given its
    age. The developer disagrees with browser benchmarking, but it_s
    not surprising a browser based on four year old code might be
    slower than a modern one.

    Basilisk Is a More Modern, But More Unstable Pale Moon

    Basilisk is a new browser from the creator of Pale Moon. While
    Pale Moon is based on Firefox 38 ESR, Basilisk is based on newer
    Firefox code. The developer is working on the _Unified XUL
    Platform (UXP)_, which is a fork of Mozilla_s code without the
    new Servo and Rust code that makes Firefox Quantum so fast. It
    also doesn_t enable any multi-process features.

    A future version of Pale Moon will be based on this code, but
    right now the developer considers Basilisk an unstable
    development platform.

    This fits Pale Moon_s kind of weird history. The first major
    version of Pale Moon was based on Firefox 24 ESR, due to a
    disagreement about where Firefox was headed. But the developer
    eventually had to switch to Firefox 38 ESR to get more modern
    features. Now, the developer is doing the same thing again,
    basing this new version largely on the pre-Quantum Firefox code.
    We don_t see the point of resisting new features only to make a
    major leap to them every few years anyway. Just stick with a
    browser that_s continually updated, like Firefox.

    As for why you shouldn_t use this browser, aside from the same
    security and usability concerns inherent with Pale Moon, even
    the developer says it_s _development software_ that should be
    considered beta.

    These aren_t the only Firefox-based browsers out there, but they
    are the most popular_and most others will likely come with
    similar issues. It_s best to stick with a browser that has a big
    team behind it so security problems can be caught, fixed, and
    patched as fast as possible.

    https://www.howtogeek.com/335712/update-why-you-shouldnt-use- waterfox-pale-moon-or-basilisk/


    For some, simply not supporting DRM schemes is considered a feature in
    itself. Also, having the system not exfiltrate personal data back to
    the developer by default rather than finding out about and then
    disabling obscure settings in about:config is better for peace of mind.

    --
    ________________________________________
    / Talking much about oneself can also be \
    | a means to conceal oneself. |
    | |
    \ -- Friedrich Nietzsche /
    ----------------------------------------
    \
    \
    /\ /\
    //\\_//\\ ____
    \_ _/ / /
    / * * \ /^^^]
    \_\O/_/ [ ]
    / \_ [ /
    \ \_ / /
    [ [ / \/ _/
    _[ [ \ /_/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)