Insights For Success

Strategy, Innovation, Leadership and Security

Comparing Google Chrome and Mozilla Firefox

GeneralEdward KiledjianComment
Image by Iván Rivera used under Creative Commons License

Image by Iván Rivera used under Creative Commons License

Chrome has been the browser king for many years and many users can't remember a time where Firefox was "the browser".  Chrome overtook Firefox and Internet Explorer(according to StatCounter) in November 2011.

Statcounter browser marketshare

Statcounter browser marketshare

But recently a group of highly technical security experts seem to have moved back to Firefox. Why have technically knowledgeable users left Chrome for Firefox?

Battery life

Users are increasingly choosing mobile devices (laptops and convertibles) instead of traditional always-plugged-in personal computers. This means battery life is important. In a 2016 battery shootout, Microsoft aggregated billions of data points from real world Windows 10 users and found that Microsoft Edge and Firefox were much gentler with battery consumption.

Image owned by Microsoft Corporation

Image owned by Microsoft Corporation

These numbers are from actual Windows 10 (version 1511) use “in the wild,” not artificial tests or hypotheses.
— Microsoft blog

Privacy

Everyone using Google products should know that the sultan of search is monitoring everything you do on the web, on its search page and in its browser. If you have never visited the Google Dashboard, you really should. It will show you all of the information El Goog has collected about you. Remember that it then uses this data to build a profile about you and we all know how powerful these predictive models can be :

Unlike many unscrupulous sites that track you without your knowledge, Google is a model citizen and clearly, let's users know what it is collecting and why. Most users are willing to trade their behavioural information in exchange for free google services (e.g. Photos, search, Gmail, etc).  I think this trade is perfectly acceptable as long as the user understand what he/she is giving up in exchange for these free services.

Some people believe Google knows too much and where possible, try to use no-Google alternatives (DuckDuck Go for search, ProtonMail for email, SpiderOak One for online storage, etc).

Open Source means anyone (with the right skills) can audit the code and make sure nothing nefarious has been secretly inserted.

The fact Mozilla is not trying to become this massive financial behemoth is a comforting reality.

Browser security

To be clear, Chrome is an excellent browser and has slightly better security than Firefox but on the privacy front, Firefox wins.

There is an annual security competition called Pwn2Own and the 2017 browser compromise competition presented some interesting findings.

The Microsoft Edge browser proved to the least secure browser, having been compromized5 times. Then came Safari on Mac which was compromised 3.5 times (a half point was awarded because they had fixed one of the attacks in a beta build).  Then came Firefox with 1 compromise and Google Chrome had none.

Firefox is certainly a relatively secure browser with a healthy bug bounty program but Chrome is just 1 step ahead.  If you want the most secure browser and are willing to give up privacy, choose Chrome. If you want good enough security with much better privacy, pick Firefox.

Tab handling

There is no perfect browser.

Google's Chrome browser is the king of standards compliance. It is very secure since it has strict sandboxing. Each browser tab creates a new browser thread in the OS, which means a crashed tab doesn't crash the entire browser. These "features" consume a substantial amount of RAM. If you are one of those users that live in your browser and regularly has 20-50 tabs open, you probably live the sluggishness daily.

Firefox is "as fast" as Chrome but much more configurable. It consumes less RAM per open tab thus is often a better solution for users that live the multi-tab life. The flip side is that a bad tab can crash the entire browser but this is very rare.

Extensions

Chrome is the king of extensions. Just browse the Google Chrome store and be amazed at everything your browser can do.

In many cases, your most used extensions will be natively available either platform. As an example, Lastpass and UBlock Origin are natively available for Chrome and Firefox. You can also install the Chrome Store Foxified add-on which will allow you to install Chrome extensions from the Chrome store into Firefox.

In this example, I picked the Google Keep extension. When you visit the Chrome Store with the Google Chrome browser, you see this window to install the extension:

When you visit the same page with Firefox and the Chrome Store Foxified add-on, you see this window and the ADD TO CHROME is replaced with ADD TO FIREFOX

I have tested this functionality with a dozen extensions (HTTPS Everywhere, Ublock Origin Extra, Grammarly, etc) and all of them work perfectly as if they were running in Chrome. Before people start sending me hate mail, I know these have Firefox native versions but I wanted to test the Chrome extension functionality in Firefox.

Interface design

Both Chrome and Firefox have adopted a clean, minimalist approach. From the interface perspective, neither one really pulls out ahead as a leader.

Verdict

When there is competition, the consumer wins. This is true in the browser market. The extreme competition between Chrome and Firefox means both products have improved over the last 12 months. 

Both browsers are relatively secure. The main difference boils down to privacy and tab handling. If you are someone that always keeps several dozen tabs open, then you may find Firefox more responsive and less likely to bog down your computer. Additionally, Firefox is a much better choice for consumers looking for more privacy.

Ultimately I think most users will end up with both browsers on their devices and use different browsers for different purposes. Recently I have started to move more of my day to day browsing back to Firefox and am satisfied. I want to encourage diversity and even chose to donate to Mozilla. Encourage not-for-profit groups powering open source software is an important step in maintaining a healthy diverse and competitive computing environment. I also donate to Tor, Ubuntu, Wikipedia and Whonix.

Bypass Google's AMP with DeAMPify for Android

GeneralEdward KiledjianComment
deamp1.png

A handful of readers asked me to review the DeAmpify Android app and talk about it on my blog. So for those readers, here is my opinion.


Google introduced AMP in 2015 (Accelerated Mobile Pages) with the hope of speeding up the mobile web by degunking all of the junk publishers were adding to their web pages (tracking, advertising, etc.)

The CBC web page I am using for this article connects to 16 separate domains (to load content) and has eight different trackers. Obviously, this clogs up the page and makes it slower to load and less responsive.

Journalists and privacy advocates have been criticizing AMP because they claim it is another Google attempt to control content by encouraging publishers to use the search giant's AMP caching servers. Additionally, Google chooses what tags will be allowed for AMP markup on web pages. 

For those with modern high-end smartphones connected to super fast LTE networks, the difference is minor. But if you are on a mid-level phone or a slower connection, an AMP page could load in half the time. 

A crafty developer (Joao Dias) created an Android app called Deampify whose sole purpose in life is to convert AMP links back to "normal" web ones. The app is free with a small in app purchase option to unlock pro features:

  • Disable Ads
  • Ability to add exceptions so that some websites still show the AMP versions
  • Tasker integration so that you can load original pages when you’re on Wifi but load the faster AMP pages when you’re on 4G/3G for example. 

DeAMPify demonstration video

Important considerations

DeAMPify doesn’t work if you click on an AMP link inside of Chrome

Since a link clicked in Chrome does not kick off the Android intent process, you cannot redirect it to DeAMPify and this the app cannot perform its magic. The app works in any non-Chrome app (messenger, hangouts, the Google Search app, etc).

How does DeAMPify work?

When you click on an AMP enabled page, the app searches the HTML code for the original web page URL and then passes this to the browser. So in effect, it is pre-downloading the entire web page anyway.

Conclusion

So is this useful and do I recommend it? No! I tried to find a reason to like this app but I couldn't. I don't have a technical or moral issue with AMP so there is no reason for me to go out of my way to bypass it. 

Additionally, it is pre-downloading the web page to find the non-AMP URL so I am not saving bandwidth and may actually be slowing down my browsing experience. 

I'm glad the app exists in case someone does want it but it's going to be useless for most Android owners. The only reason someone would probably consider this is if they have a moral issue with Google playing manager of the AMP technology and wants to "stick it" to the man.  To me it feels like stabbing yourself to teach someone else a lesson. 

Honest review of the Tunnelbear VPN service

GeneralEdward KiledjianComment

Similar Articles:

Start

I've written about half a dozen articles over the last couple of weeks reviewing various VPN services. I asked my social media followers what other VPN services they wanted me to review, and many readers requested that I review TunnelBear. So here is my review of the TunnelBear VPN service.

TL;DR - TunnelBear is an excellent service that won't disappoint.

First, it meets the multi platform requirement. It supports MacOS, Windows, IOS and Android (with browser extensions for Opera and Google Chrome). These are the most requested platforms by users and will meet the needs of 95% of their user base. If you are a tinker and want an OpenVPN configuration file or router support, you will be sorely disappointed (see VyprVPN in that case). They have talked about a very manual configuration option for Linux using OpenVPN, but this isn't for the faint of heart.

TunnelBear has about 19 servers worldwide. This is in strong contract to companies like HideMyAss that offer 190+ locations with 720+ servers.  Countries listed during my test included: United States, United Kingdom, Canada, Germany, Japan, France, Italy, Netherlands, Sweden, Switzerland, Ireland, Spain, Singapore, Norway, Denmark, Hong Kong, Brazil, Mexico, India.

One issue I have with many services is that there is no "auto-connect to the fastest server" option, but TunnelBear has this option. When compared to VyprVPN, UnlimitedVPN (Keepsolid) or HideMyAss, TunnelBear's performance was always a little bit slower. Youtube was always using a lower quality, and downloading files always took a bit longer. 

Many VPN services just provide a plain; we do not collect logs statement. As a more technical user, I expect a little more "meat" with a statement like that. You can read the TunnelBear privacy policy here.  

I appreciate the honesty and clear privacy terms provided by TunnelBear:

By using our services, you authorize TunnelBear to use your information according to Canada’s laws, regardless of which country you are located in
TunnelBear explicitly does NOT collect, store or log the following data:

- IP addresses visiting our website
- IP addresses upon service connection
- DNS Queries while connected
- Any information about the applications, services or websites our users use while connected to our Service

Canada is a member of the five eyes and as a Canadian, I believe my information is collected and shared with the other members of the spying consortium. My preference is to use a VPN service who is headquartered in Switzerland (or another privacy loving locale). 

TunnelBear also offers a free tier (500MB per month) to anyone who wants to test their service or has very limited needs. Free VPN service is a rare offering from a reputable company, and one TunnelBear should be very proud of. 

You can earn one free GB of additional traffic by tweeting about TunnelBear using an in app feature. I tried this twice, and they added 1GB each time within 10 minutes.

I tested Netflix USA with the TunnelBear VPN turned on and Netflix detected the connection as a VPN and refused to show the US catalogue. 

Pricing

The annual TunnelBear subscription is $4.99 a month which is competitive. If you shop around (check out the link in my KeepSolid UnlimitedVPN review) you can get a similar VPN service at $49.99 for an unlimited lifetime subscription. 

Conclusion

TunnelBear offers an easy to use VPN service or the average Joe. It doesn't offer a tonne of client support. It is based in a high-risk country (Canada) and the price is average. 

If your look around on deal sites, you can find an UnlimitedVPN lifetime (5 devices) deal for $49.99 which is a better deal. UnlimitedVPN is based in the USA so they suffer the same headquarter location issue (being based in a Five eyes country) as TunnelBear. The difference is you get a tonne more exit servers than TunnelBear.

For real security, I would say check out Private Internet Access or ProtonVPN.  

Install IOS Update 10.3.3

GeneralEdward KiledjianComment

As mentioned in my various articles, keeping your operating system and applications updates is a critical component to good overall security. 


Apple released IOS 10.3.3 yesterday, and amongst all of the bugs it fixes, there is one nasty security vulnerability that justifies installing it now. Right now. Do it. I'll wait. Come on, we don't have all day. 

Put Apple's banal sounding description aside for a second ("A memory corruption issue was addressed with improved memory handling".) This vulnerability comes from the Broadcom BCM43xx wifi chipset (CVE-2017-9417) and allows an attacker to execute code on the targeted device with kernel privileges.

To be clear, millions of Android smartphones (e.g. HTC, LG, Nexus and most Samsung devices) are also vulnerable to the BroadPwn vulnerability. 

Google also issued the BroadPwn fix in its July patch bundle (you are receiving the security updates for your phone right?)

Google hopes Hire gives it a better stronghold in corporations

GeneralEdward KiledjianComment

Google sees the corporate world as an excellent cash cow and has been working hard to secure its place. Most recently we have the fruits of its labour with redesigned G-Suite offerings, the Jamboard and more.

Google is the king of data and has decided it can help HR do a better job with recruitment. Google Hire is a purpose built solution that promises to make the entire hiring process easier and more efficient (from finding to managing). 

The target customer is the small or medium organisation that may not be using any of the larger more expensive and complicated tools. 

  • A 2015 report by Bersin (Deloitte) claimed it took on average 52 days to fill a position (up from 48 in 2011) at the cost of $4,000
  • 48% of small businesses report there are few or no qualified applicants for the positions they are trying to fill (NFIB)
  • 27% of respondends believe lengthy hiring timelines are a major impedament to increasing staff headcount (Recruiter Sentiment Study 2015 2nd Half, MRI Network, December 2015)

So all in all, we can safely assume the hiring process is broken in small to medium size companies, which may equate to a nice chunk of change for Google (if it plays its cards right).

Google Hire leverages the G-Suite platform and integrates with email and calendaring. In addition to winning new business by offering innovative cost effective new solutions for the SMB market, it also adds value to G-Suite. 

It is conceivable that a long time Microsoft Office customer may eventually switch to Google's G-Suite if it has enough value added features. 

I have spoken to dozens of medium size start-ups that just don't want or need the big Office 365 offering and are just looking for an excuse to make the jump. It is small but targeted offerings like this that may make the difference.

You can check out the Google Hire website for more details.