firefox

I use Firefox a lot of the time. Safari, Edge, etc., are all well and good, but, well, I prefer Firefox. It was the first that allowed users like myself to block certain security risks, such as adverts, and I’ve had no good reason to move on since then.

image: damage

Chrome, the most popular browser, like many Google products, is very insecure, and really shouldn’t be used by anyone. Although it has a good record at blocking hackery and other attempts to break it, it suffers from intentional information insecurity. In effect, Google (rightly) prevents third parties abusing Chrome’s users and stealing information from them, so they can (wrongly) monopolise the information they (wrongly) gather from Chrome users themselves. Remember, Google’s business is to gather all kinds of information from the user to sell it to conmen who use it to try and rip people off. Do not use Chrome if you value yourself.

So my general browser choice is Firefox. I use other browsers as necessary. For example, I subscribe to Audible, but their library download process is so badly written it doesn’t work in Firefox. It’s not just them, many company put up poorly prepared websites that don’t work in Firefox. Indeed, if a technical company has a fancy website that doesn’t work in Firefox, that means the supposéd technical company is actually crap at technical stuff, e.g. is a company to avoid. That’s a generalism, I’m sure there are exceptions.

It must be said, though, that Firefox is imperfect. One of the things that has always annoyed me about it is its certificate behaviour. If I import an SSL certificate into the operating system, all browsers but Firefox would know about it and act accordingly. Firefox ignores the import and demands that the certificate is also imported into Firefox’s very own certificate store. I found that really annoying.

A couple of days ago, Microsoft issued an urgent patch for Windows 8 onwards. All those versions had a certificate bug, which meant they’d ok bad certificates for websites, so making it easy for conmen to set up fake websites using real names. All browsers are affected — except Firefox, because Firefox has its own certificate verification. In other words, the exact thing I’d been cursing in Firefox has saved the day.

What this tasty piece of humble pie reminds me is that monocultures are bad. Everyone using the same code means everyone gets in trouble when that code is at risk. If someone has no choice, and has to keep doing whatever it is that requires the code, then basically there’s a reasonable chance that you’ll get completely fecked over. An alternative allows that someone a way out, a safe way to do what they need to do. Firefox’s irritated certificate store offers exactly that. I’m going to stop cursing it.