this post was submitted on 23 Mar 2025
173 points (76.3% liked)

Technology

68244 readers
4122 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
173
I've tried nearly every browser out there and these are my top 6 (none are Chrome) (www.zdnet.com)
submitted 1 week ago by kirk781@discuss.tchncs.de to c/technology@lemmy.world
153 comments fedilink hide all child comments
 

The title is err, not correct because the top 2 alternatives Opera and Arc are based on Chromium engine. I have seen tons of people swear by Arc, but I am seriously asking (since as a Linux user I can't use it), how much good can a browser be in this day and age if ultimately it's ad blocking breaks and it will since Manifest v2 will go soon(unless Arc folks have a solution for it)

The rest alternatives are Firefox, Zen (FF fork but honestly Atleast this was something new I learned from this article) and Tor (which is weird since it is not meant for normal web browsing and using it will not only be slow but put additional strain on the nodes, correct me if I am wrong).

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Propheticus@lemmy.zip 19 points 1 week ago (8 children)

Zen looks nice and some of the UX concepts (workspaces, glance, split sidebar from vertical tabs) work well. The 'fit & finish' and the way changes are pushed (unilaterally? Unvalidated with endusers?) feels very much like a 1 man hobby project though.

[โ€“] jimi_henrik@lemmy.world 10 points 1 week ago* (last edited 1 week ago) (7 children)

I agree, it also has some serious security issues: https://github.com/zen-browser/desktop/pull/927

The developer's comment reveals that it has been there since the inception of the project. And there are even more privacy / security issues mentioned in the comments.

Unfortunately Zen browser gets a big fat no from me. ๐Ÿซค

[โ€“] L_Acacia@lemmy.ml 10 points 1 week ago* (last edited 1 week ago) (6 children)

It's not a backdoor, it just enabled Firefox's remote debugging tool by default, which is necessary if you want to modify the chrome of the browser on your own computer.

At the time it was in one of its first alpha, sure it was naive to ship a browser with it enabled because it was convenient for development, but it was fixed 1 week after the issue was raised, and has been for months.

They use the release candidate to test upcoming Firefox releases and see if it breaks anything, to be able to ship the update on the same day as FF (just like the majority of other forks do). None of the patches they make require extra telemetry except for their "mod" system. Most of the criticism Zen gets about "security" applies to every browser except librewolf and tor. Zen is as secure as firefox is.

All this is coming from someone who doesn't use Zen, as my workflow is constantly broken by their UI changes and bugs (which is the main problem with the browser).

[โ€“] jimi_henrik@lemmy.world 1 points 1 week ago (2 children)

It's not a backdoor, it just enabled Firefox's remote debugging tool by default

Just? I'm sorry but that's just a terrible mistake to make, especially for a browser that people use to surf the world wild web. I don't know if you've ever used a remote debugger (I do), but depending on the debugger, it can be a very powerful tool, you can do a lot of things with it. I don't think calling it a backdoor is a massive exaggeration. I don't doubt the developer's good intention, but this issue shouldn't be dismissed as an insignificant issue.

To add insult to the injury, it didn't even prompt the user for it.

Zen is as secure as firefox is.

Unless you tweak the default Firefox settings in the code base, e.g. https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258 (allow unsigned extensions by default).

[โ€“] L_Acacia@lemmy.ml 3 points 1 week ago* (last edited 1 week ago)

It was enabled due that zen was still a toy project and we needed people to easily open the debugger for easier bug fixing. This was due because zen was not in a daily drivable state and didn't gain any sort of popularity yet As the dev says in the PR almost nobody was using the browser at that point. To be able to interact with the debugging server you would need to have a port open on your firewall and router. And you would need to manually start the dev server. The problem in the PR is it was not prompting the user when launching the debug server and user could turn on the debugger without touching about:config flags.

The second part is more questioning, though not exploitable without the user clicking 2 times on a security warnings. I just checked their github to see if there is an issue/pr on the subject and there is none. Might be worth making one.

[โ€“] L_Acacia@lemmy.ml 1 points 1 week ago

xpinstall.signature.required was set back to true, seems like complaining works well

load more comments (3 replies)
load more comments (3 replies)
load more comments (3 replies)