Insights For Success

Strategy, Innovation, Leadership and Security

web

Comparing Google Chrome and Mozilla Firefox

GeneralEdward KiledjianComment
Image by  Iván Rivera  used under Creative Commons License

Image by Iván Rivera used under Creative Commons License

Chrome has been the browser king for many years and many users can't remember a time where Firefox was "the browser".  Chrome overtook Firefox and Internet Explorer(according to StatCounter) in November 2011.

Statcounter browser marketshare

Statcounter browser marketshare

But recently a group of highly technical security experts seem to have moved back to Firefox. Why have technically knowledgeable users left Chrome for Firefox?

Battery life

Users are increasingly choosing mobile devices (laptops and convertibles) instead of traditional always-plugged-in personal computers. This means battery life is important. In a 2016 battery shootout, Microsoft aggregated billions of data points from real world Windows 10 users and found that Microsoft Edge and Firefox were much gentler with battery consumption.

Image owned by Microsoft Corporation

Image owned by Microsoft Corporation

These numbers are from actual Windows 10 (version 1511) use “in the wild,” not artificial tests or hypotheses.
— Microsoft blog

Privacy

Everyone using Google products should know that the sultan of search is monitoring everything you do on the web, on its search page and in its browser. If you have never visited the Google Dashboard, you really should. It will show you all of the information El Goog has collected about you. Remember that it then uses this data to build a profile about you and we all know how powerful these predictive models can be :

Unlike many unscrupulous sites that track you without your knowledge, Google is a model citizen and clearly, let's users know what it is collecting and why. Most users are willing to trade their behavioural information in exchange for free google services (e.g. Photos, search, Gmail, etc).  I think this trade is perfectly acceptable as long as the user understand what he/she is giving up in exchange for these free services.

Some people believe Google knows too much and where possible, try to use no-Google alternatives (DuckDuck Go for search, ProtonMail for email, SpiderOak One for online storage, etc).

Open Source means anyone (with the right skills) can audit the code and make sure nothing nefarious has been secretly inserted.

The fact Mozilla is not trying to become this massive financial behemoth is a comforting reality.

Browser security

To be clear, Chrome is an excellent browser and has slightly better security than Firefox but on the privacy front, Firefox wins.

There is an annual security competition called Pwn2Own and the 2017 browser compromise competition presented some interesting findings.

The Microsoft Edge browser proved to the least secure browser, having been compromized5 times. Then came Safari on Mac which was compromised 3.5 times (a half point was awarded because they had fixed one of the attacks in a beta build).  Then came Firefox with 1 compromise and Google Chrome had none.

Firefox is certainly a relatively secure browser with a healthy bug bounty program but Chrome is just 1 step ahead.  If you want the most secure browser and are willing to give up privacy, choose Chrome. If you want good enough security with much better privacy, pick Firefox.

Tab handling

There is no perfect browser.

Google's Chrome browser is the king of standards compliance. It is very secure since it has strict sandboxing. Each browser tab creates a new browser thread in the OS, which means a crashed tab doesn't crash the entire browser. These "features" consume a substantial amount of RAM. If you are one of those users that live in your browser and regularly has 20-50 tabs open, you probably live the sluggishness daily.

Firefox is "as fast" as Chrome but much more configurable. It consumes less RAM per open tab thus is often a better solution for users that live the multi-tab life. The flip side is that a bad tab can crash the entire browser but this is very rare.

Extensions

Chrome is the king of extensions. Just browse the Google Chrome store and be amazed at everything your browser can do.

In many cases, your most used extensions will be natively available either platform. As an example, Lastpass and UBlock Origin are natively available for Chrome and Firefox. You can also install the Chrome Store Foxified add-on which will allow you to install Chrome extensions from the Chrome store into Firefox.

In this example, I picked the Google Keep extension. When you visit the Chrome Store with the Google Chrome browser, you see this window to install the extension:

When you visit the same page with Firefox and the Chrome Store Foxified add-on, you see this window and the ADD TO CHROME is replaced with ADD TO FIREFOX

I have tested this functionality with a dozen extensions (HTTPS Everywhere, Ublock Origin Extra, Grammarly, etc) and all of them work perfectly as if they were running in Chrome. Before people start sending me hate mail, I know these have Firefox native versions but I wanted to test the Chrome extension functionality in Firefox.

Interface design

Both Chrome and Firefox have adopted a clean, minimalist approach. From the interface perspective, neither one really pulls out ahead as a leader.

Verdict

When there is competition, the consumer wins. This is true in the browser market. The extreme competition between Chrome and Firefox means both products have improved over the last 12 months. 

Both browsers are relatively secure. The main difference boils down to privacy and tab handling. If you are someone that always keeps several dozen tabs open, then you may find Firefox more responsive and less likely to bog down your computer. Additionally, Firefox is a much better choice for consumers looking for more privacy.

Ultimately I think most users will end up with both browsers on their devices and use different browsers for different purposes. Recently I have started to move more of my day to day browsing back to Firefox and am satisfied. I want to encourage diversity and even chose to donate to Mozilla. Encourage not-for-profit groups powering open source software is an important step in maintaining a healthy diverse and competitive computing environment. I also donate to Tor, Ubuntu, Wikipedia and Whonix.

The Workflow IOS Automation app is now free

GeneralEdward KiledjianComment

Automation can be help with simple tasks like converting a webpage to PDF or can become a complex monster saving you hundreds of hours a year. Until the Workflow app came to IOS, true automation was an Android only benefit.

The $5 app is now permanently free because Apple acquired them

The Workflow app has been around for a couple of years and is a distant cousin (functionally) to IFTTT. It allows users to string together a series of actions, tasks, conditions and inputs and perform all kinds of useful tasks.

It can:

  • Encode media
  • Record Audio
  • Post on social media
  • Automate app functionality where a URL scheme is exposed
  • Send emails
  • Pull RSS feeds
  • much much more

What we don't know yet is what Apple will do with the team and the app. It was made free but there is always the risk Apple will kill the app and move some of the functionality to:

  • a new Apple branded app
  • into a new version of IOS
  • into a new service running on iCloud

What is Tor and should I use it

GeneralEdward KiledjianComment
Image by  Justin Mathews  used under Creative Commons License

Image by Justin Mathews used under Creative Commons License

Ive written about TOR a few times but  I regularly receive emails from "newbies" asking me to describe what it is in general terms. That's what this article is about. To get things kicked off, let me share an important quote from everyone's favorite whistle blower, Edward Snowden:

I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time.
— Edward Snowdem, TheIntercept, Nov 12 2015

In an effort to grab reader/viewer attention, every-time the media mentions Tor, it is usually done in the context of a report about the "evil" & "bad"  dark-web. The truth is Tor was created by the US State Department to help global activists communicate freely while in repressive locales. 

It takes all of the data leaving your computer (or coming back), creates bundle, encrypts each one multiple times to hard code the path it will take through the TOR network until it reaches its destination. Each node that receives a bundle destined for it, will unencrypt its layer of the bundle which tells it where to send the bundle next. This layered approach is why it is called The Onion Router. Each node only knows where it will send it to next, the receiving node only knows the previous node it came from,  which makes eavesdropping or de-anonymizing TOR much more complicated. 

Tor Hidden Services are what the media calls the Dark Web. Think of a Tor Hidden Services as a website on the Tor network. When using one of these sites, the request never leaves the TOR network (never touches the normal world wide web) so it is considered even more secure. 

You can use the TOR network to browser the Dark Web or to browse the normal regular everyday world wide web

Many popular sites, understanding the need and desire for a more private web browsing experience have started creating Tor hidden services for their popular websites (The Intercept, The Guardian, ProPublica, WikiLeaks, Facebook, etc)

Tor does make your browsing experience a little more complicated. First you will notice a drop is performance (i.e. pages load noticeably slower). This slowdown is a side effect of all of the encryption/decryption and the number of hops a packages is forced through to protect your identity. Some sites mark all TOR traffic is potentially malicious and constantly challenge users to "prove their are human" using CATPCHA or a very small group of sites block inbound TOR traffic completely. 

The easiest way to try TOR on a computer is to download the TOR browser bundle directly from the TOR project website. It is a customized version of the Firefox browser that is designed not to leak data and is configured to use Tor correctly.

If you are on an Android device, then I recommend you use to create the TOR tunnel then use their customized TOR browser called OrFox

I realize most people care more about ease of use (instead of privacy). I tried Anonabox hoping it would be a good hardware TOR solution but that didn't turn out too well. I am now waiting for the Invizbox and will review it when it finally ships (another delayed project).

I believe privacy is important. If you have questions, feel free to post it in the comments section or send me a note.

 

Related:

Google release preview of upgraded Contacts web app

technologyEdward KiledjianComment

About 70% of my readers are also Google users so most of you will be ecstatic that Google is trying to fix the broken Contacts web app. 

[...] that makes it easier to keep track of the people you know and get the info you need, fast
— Google Blog Post

Who can argue with a more usable experience? The new UI gives you a faster way of merging duplicates, automatically updating contacts and seeing recent emails right in the Contacts app.

You can read the Google blog posts here (link)

Unfortunately when I try accessing the preview link this morning (link) I get the dreaded 404 page not found:


What is the dark web

technologyEdward KiledjianComment

Everyone knows what the world wide web (web for short) is and we all know it is incredibly massive containing most of our human knowledge.

There is a part of the internet that we call the Dark web which is not indexed by search engines. This is a part of the web you can only get to if you know exactly where it is. Search engines (like Google) collect their information using a tool called spiders and crawlers. These crawlers read web pages and follow links in the pages to index the known web. There are parts of the web these crawlers can't access or are specifically blocked from accessing (because they are part of restricted or private networks). Some of these un-indexable hidden web pages (in the Dark Web) are normal access controlled sites and other times they belong to organized crime, illegal groups or simply "bad people".

Wikipedia estimates that the web is about 167 terabytes un size whereas it is estimated that the dark web is over 91,000 terabytes. 

As in information security professional,  I am constantly looking for ways to search and analyse content on the dark web to protect my company and often have to rely on specialized companies that perform this type of specialized analysis.

What kind of bad things  can you find on the dark web?

You can find an entire of illegal economy on the dark web such as drug retailers (Silk Road), child pornography (police conducted a major bust recently), guns, explosives, terrorists, sale of personal info for identify thieves, sale of company secrets, etc. 

silk_road_website.png

Above you see a sample price list for drug related material from Silk Road. 

Dark_web_death.jpg

Above you see a Dark Web classified site for assassinations. 

In addition to operating in the shadows, these organizations use hiding technologies like TOR which makes locating these people very difficult.

The issue is that hiding behind the TOR technology is often used by criminals but it is also used by political activists, journalists and other whose lives may be on the line if their location or identity is discovered.  

Tor isn't good or bad. It is a tool that can be used for either. 

Read about TOR here

Conclusion

Most of the Dark Web is simply a bunch of boring webpages not indexed by search engines and that can only be accessed by knowing exactly where these sites are and using the proper access mechanism.

But other parts of the Dark Web are more nefarious and a cause for concern for law enforcement, intelligence agencies and large companies.