Mozilla Is Working On a Chrome-Like 'Site Isolation' Feature For Firefox (bleepingcomputer.com) 57
An anonymous reader writes: "The Mozilla Foundation, the organization behind the Firefox browser, is working on adding a new feature to its browser that is similar to the Site Isolation feature that Google rolled out to Chrome users this year," reports Bleeping Computer. "[Chrome's] Site Isolation works by opening a new browser process for any domain/site the user loads in a tab." The feature has been recently rolled out to 99% of the Chrome userbase. "But Chrome won't be the only browser with Site Isolation," adds Bleeping Computer. "Work on a similar feature also began at Mozilla headquarters back in April, in a plan dubbed Project Fission." Mozilla engineers say that before rolling out Project Fission (Site Isolation), they need to optimize Firefox's memory usage first. Work has now started on shaving off 7MB of RAM from each Firefox content process in order to bring down per-process RAM usage to around 10MB, a limit Mozilla deems sustainable for rolling out Site Isolation.
Re:Fission indeed! (Score:4, Funny)
Re: Fission indeed! (Score:5, Interesting)
But is it a full site isolation that also separates third party cookies per main site?
Re: (Score:1)
Do you work at the EU or why don't you understand that you can block third party cookies in your browser settings?
Re: (Score:2)
Sometimes blocking third party cookies aren't an option since it causes some quirky side effects that only can be rectified by at least simulating that the cookie was set - set cookie, check that it was set and if not set mess up the display with some quite annoying content.
One more time with feeling: OS level sandbox (Score:3)
App makers need to stop assuming they can solve the security problem. They always need to break the veil of their own internal firewalls to gain speed. THey need to assume they will make a mistake. Meanwhile yawning right in front of them is the OS level Sandbox tools (e.g. on macs a DTRACE derivative) that allows the entite process and every child process to live insode a resource restricted firewall and possible even a chroot jail. Limit what ports or what filesystems or what other OS level resource t
Re:One more time with feeling: OS level sandbox (Score:5, Insightful)
Browser ARE using OS-level sandboxing internally.
Putting the entire browser into a single sandbox is possible but "the damage it can do if it goes rogue is sharply limited" isn't true. A compromised whole-brower-in-a-sandbox can listen to your microphone, watch your webcam, manipulate your online banking, access all your Web passwords, manipulate your Webmail, etc. It (maybe) can't mess with your other desktop applications but for many users that's of very little value.
Browsers are using those OS-level sandboxing tools to sandbox individual "content" subprocesses. A malicious site might exploit a bug to take over a content process, but those processes have very low rights compared to the main browser process. They typically can't access the filesystem at all, they can't directly access microphones and webcams (only indirectly, triggering browser UI to notify the user), etc.
Currently in Firefox code from different Web sites can share the same content process, which means a site compromising a content process can usually access content from other Web sites like online banking. This article is about improving Firefox so that is no longer the case.
Re: (Score:3)
>"But is it a full site isolation that also separates third party cookies per main site?"
You can already do this in Firefox now...
https://support.mozilla.org/en... [mozilla.org]
Re: optimize firefox memory usage?!?!?!? (Score:1)
For years now, Firefox users have been pointing out that Firefox is a memory hog. Instead of admitting this to be true, we typically saw moz://a fanatics claim that Firefox didn't leak or waste memory, and that the users were describing a problem that didn't exist. Yet despite these memory usage issues supposedly 'not existing', we sure see a lot of release notes entries and other bragging from Firefox's developers about how they've supposedly reduced Firefox's memory usage!
Another way to save memory (Score:5, Interesting)
Re: (Score:3)
>"Let users whitelist domains they trust and run those without this feature. "
And/or, allow users to turn off "Site Isolation" when it isn't wanted, so that it doesn't gobble up all your resources (RAM and CPU) doing it...
I am all for features, but not all users and computers are the same. I know of several environments where "site isolation" is counter productive.
Re: (Score:2)
And/or, allow users to turn off "Site Isolation" when it isn't wanted, so that it doesn't gobble up all your resources (RAM and CPU) doing it...
If the browsers and JIT compilers were not such resource hogs due to poor implementation, then this would not be a problem.
Re: (Score:2)
Open to abuse? (Score:1)
Reading on this and the Chrome one, it seems this could be open to easy stealth-abuse by embedding several hundred iframes and slowing down everything.
Correct me if I am wrong.
I won't post a link to do it since I don't want to be responsible for some idiot potentially crashing their computer at work, but just duplicate <iframe src="google.tld"></iframe> and replace TLD with all of Googles ones. There's a few dozen of those.
I'm 99% sure it wouldn't work if you just copy-pasted Google.com since i
SW Freedom makes Firefox better than Chrome (Score:5, Interesting)
If Firefox's implementation will be free software (or something that can easily become free software), Firefox will continue to allow anyone to inspect, modify, and share the software even commercially. This leads those who do such work to personally trust the code because they know what's in that code and if they find something they don't like (no matter how that is defined) they can improve the code (or get someone they trust to do this for them) and then they can distribute the improved code to help the community (including non-programmers, the majority of computer users). This also helps explain why other browsers including the Tor Browser derive from free software browsers such as Firefox.
Chrome, on the other hand, is nonfree software (proprietary, user-subjugating software); software which does not respect a user's software freedom. Therefore we can't determine all of what Chrome does, and if we find out it does something we don't like we have no permission to improve Chrome and distribute an improved version. Proprietary software developers are in a position of power over their users, which is an injustice to the users. So long as Chrome remains unvettable by its users Chrome remains untrustworthy by default. As the Free Software Foundation rightly points out [gnu.org], proprietary software is often malware: "the initial injustice of proprietary software often leads to further injustices: malicious functionalities". Any further assessment of Chrome means looking at proxies for its trustworthiness instead of going to the natural and logical place to make this determination—a program's source code. Then we get to the reputation of its developer—Google—a known participant in international mass surveillance (per Edward Snowden's leaks). It makes no sense to talk about the security and privacy benefits that come from a feature such as site isolation while relying on an inherently untrustworthy program to look out for your interests. You'll note that popularity of a program or its developer doesn't enter into any serious discussion of how much trust to place in these programs, or whether to recommend their use by others.
Re:SW Freedom makes Firefox better than Chrome (Score:5, Informative)
While Chrome isn't open source, Chromium [wikipedia.org] is and is nearly identical [wikipedia.org]. Firefox is definitely a more user-friendly project, but they're both open-source projects.
Suraj Jain's JavaScript Switcher (Score:2)
I'll go back to Firefox when they give back the option to white list / disable java script (no, no-script doesn't cut it) and cookies in an easy, comprehensive and coherent way.
Please define "easy, comprehensive and coherent". If you want easy, install the "JavaScript Switcher" extension by Suraj Jain [mozilla.org] to give each domain an off switch.
Re: (Score:1)
firefox usage numbers have been decreasing ever since chrome's release. not because of the dumb things mozilla developers and leadership have done, but because they don't trick people into installing it (chrome as 'bundleware' on 'freeware' downloads), con people into thinking they "have to" (gmail, youtube, google banners, etc), don't regularly advertise on national television or in national publications (google and microsoft both do this).
despite its shortcomings, firefox is still the browser you should b
Re: (Score:2)
Statcounter lets you look by country.
http://gs.statcounter.com/brow... [statcounter.com]
http://gs.statcounter.com/brow... [statcounter.com]
http://gs.statcounter.com/brow... [statcounter.com]
http://gs.statcounter.com/brow... [statcounter.com]
Chrome is the dominate browser, with often chrome /webkit based ones coming in 2nd(or the Chinese one...).
So where is "over here" where no one uses chrome?
Re: (Score:1)
SW Freedom makes [mediocre OSS] better than [market leading proprietary product]
Thanks RMS, we've heard that a few times. Unfortunately in the real world users also care about features, performance, stability, usability and a host of other metrics. I liked your promotion video [youtube.com] though.
Re: (Score:2)
Please give us some concrete examples where you think OSS is lacking in features, performance, stability and usability and a host of other metrics.
You do realize that this entire story is about a feature Chrome already got active by default and Firefox barely is on the drawing board right? And it'll probably go like this project [wordpress.com] from 2010:
Electrolysis is the working name of a Mozilla project which goal is to re-arch good old single-process Firefox into a multi-process one. The idea's been around for some time now, all the more so since competitors like Google and Microsoft have released multi-process versions of their browsers!
They finally caught up to Chrome.... in 2017. I'm not saying it's a fair fight, but sometimes OSS is waaaaay behind the times. I was going to use GIMP as another example, but it looks like in 2.10 they finally got 10+ bit support [gimp.org] done. That only took 18 years from conception. But don't worry, I'm sure they'll catch u
Re: (Score:3)
Chromium is open source. It's a pretty good browser, basically Chrome without any Google services.
Googleâ"a known participant in international mass surveillance (per Edward Snowden's leaks)
That's now how you spell "victim".
Seriously, this nonsense about Google being part of some NSA programme needs to stop. There is no evidence, in fact the evidence we have from Snowden shows that the NSA had actually intercepted data from Google from outside their network. And in the wake of that Google has done more than anyone to encrypt communications by default.
When the Snowden leaks happened we had hardly a
Is it just me... (Score:1)
Going to need (Score:2)