Pale Moon: the community isn't great, and the browser is way behind on security.
so *why is it so pleasant to use??* Arrgh.
Why is good software so bad, and such bad software so good...
Follow

@Seirdy I've never used Pale Moon but I also don't understand why anyone would use it. If I'm not mistaken, Pale Moon exists because it didn't want to part ways with XUL extensions?

@ayushnix Pale Moon’s inception pre-dates Firefox 57 by many years; before its notoriety following the removal of XUL/XPCOM, it was popular among people who didn’t like Electrolysis.

I hate that Pale Moon is so behind on security because it also has nice stuff that Mozilla axed. Some things were axed for good reason, like extensions with the ability to alter browser functionality. Others were axed without good reason, like built-in RSS/Atom support.

WebExtensions that fill in missing functionality often require content injection which is problematic for a variety of reasons (try visiting a page that has a sandbox CSP directive without allow-same-origin or allow-scripts and see how well it works, or seeing their scripts activate too late when your underpowered machine is under load). It’s better than giving them access to browser functionality but nothing beats having features in the actual browser.

I still wouldn’t recommend it due to extremely weak sandboxing and a naive approach to security. The devs respond to sandboxing queries by saying it’s secure because “it separates the content and application” which tells you how little they care or understand; untrusted content needs isolation not just from the browser but from other untrusted content. Given the scope of a browser, even Firefox isn’t where it should be (even given their commendable progress on Fission, RLBox, and their utility process overhaul), let alone caught up to the mitigations in Chromium’s Blink or WebKit’s JavaScriptCore but I digress.

It’d be totally fine if they described their browser as a complement to a more airtight one or as a dev tool (it’s honestly a great dev tool given some addons, I’ll happily concede that). But when you describe yourself as a replacement to other browsers but lack the security architecture to back it up, you’re being irresponsible.

#POSSE note from https://seirdy.one/notes/2022/06/01/pale-moon/

@ayushnix I should write a proper blog post about this and my more nuanced take on Manifest v3 + DeclarativeNetRequest (TLDR: I dislike both Chromium and Mozilla's approach, everything is terrible).

@Seirdy A web browser is one of the software on my setup in which I value security more than functionality although not at the cost of uBlock Origin not working at its full potential, which is why I don't use Chromium or WebKit browsers on Linux as my primary web browser. Pale Moon might be useful for a specific purpose as you've mentioned but I don't see myself using it even as a secondary web browser.

Sign in to participate in the conversation
Treehouse Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!