Comment by tptacek
5 days ago
Again, and tediously, with my rule of thumb about privacy technology guides:
Here's a concrete example: Let's say your friend just told you they moved their communications from SMS to Signal. This is something to celebrate! Your friend just improved their data privacy a lot by deciding to start using Signal instead of SMS. It is absolutely not the time to tell your friend things like "Okay, but you're not even using Firefox!
If a privacy source suggests that Firefox is an absolute improvement over other browsers without actually laying out the security tradeoffs you'd be making by adopting it, you should trust that source less.
I would personally go much farther with this analysis; I have categorical opinions about the relative security of browsers. But you don't have to follow me that far down the path to see the merit of the rule, because if you think "just use Firefox" is an uncomplicatedly strong recommendation, you're simply not paying attention to browser security at all, in which case: why are you making recommendations?
Most privacy and security guides are LARPs.
You’re quoting from a hypothetical discussion scenario, not an actual recommendation.
They do indeed recommend Firefox (as a third choice, after Tor and Mullvad Browsers), and the recommendation page doesn’t go into reasoning, sadly, but it does discuss some pitfalls of the default config and how to fix them: https://www.privacyguides.org/en/desktop-browsers/#firefox
Most are, most are affiliate link-farms in disguise as well, and privacyguides.org is written in response to such guides.
It is called privacy guides and not security guides for a reason, and many of our basic "recommendations" are geared towards a specific threat model that does not include, for example, being targeted by law enforcement or others with access to zero-day vulnerabilities or similarly targeted exploits. They are geared towards avoiding commercial-grade tracking, especially by corporations, and dragnet mass surveillance programs.
This is why we place so much of an emphasis on threat modeling before suggesting recommendations in the first place though, to make sure readers know exactly when the recommendations apply to them and when they instead need to seek additional resources. We have countless pages within our community forum detailing why and when Chromium is technically superior to Firefox.
This is also why we don't recommend Firefox on mobile devices at all, because while we do feel Firefox on desktop is adequately secure for many people, we don't feel that is the case on Android, unfortunately.
Anyways, thank you for your insight. I will look into making this more clear at a glance.
There's a lot more context about what browsers they recommend (and what they recommend them for) on the dedicated page for it: https://www.privacyguides.org/en/desktop-browsers/
The part you quoted was an example of what _not_ to do ("not the time").
I read it accurately.