Zen browser had a backdoor enabled by default

Comments

• woelkchen@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

  The “backdoor” mentioned in a single reply is very different from the telemetry issue. github.com/zen-browser/desktop/pull/927 was fixed a year ago.

  I agree the telemetry should be either disabled or at the very least users should just get a config tab on first launch to opt out but the Lemmy submission is misleading and bordering on fake news.

  source

  • ripcord@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Either way…reading through this, this developer seems like an idiot.

    He doesn’t really understand what the code he’s shipping is doing, he doesn’t want to listen to people or ask real questions. He gets defensive to even constructive criticism

    Not who I want driving the project behind something as critical as my browser.

    source
  • Ulrich@feddit.org ⁨4⁩ ⁨weeks⁩ ago

    According to their privacy policy there is no telemetry: [ 1.1. No Telemetry

    We do not collect any telemetry data.](zen-browser.app/privacy-policy/)

    source

    • woelkchen@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      According to their privacy policy there is no telemetry: 1.1. No Telemetry. We do not collect any telemetry data.

      According to github.com/zen-browser/desktop/issues/5947#issuec… one of the issues is that Mozilla’s telemetry remains enabled which (if happening in secret) is bad and also dumb because Mozilla can’t even use telemetry of a very different browser.

      source
• priapus@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

  I’m not sure why you linked to this irrelevant 3 week old issue while referring to something that was fixed a year ago. Referring to it as a backdoor also implies that I was malicious, when it was simply incompetence. Have there been any security issues since? (Not trying to imply that not having any would make it safe, just wondering).

  Zen is an amateur hobbyist project, expecting it to be something else is silly. It isn’t backed by a company. You take on these risks when you use a project like this. Its open source, do your research before using it for anything important.

  source

  • Wildly_Utilize@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

    I’d like to take this opportunity to say Mullvad browser is maintained by Mullvad and Tor Project which in my eyes sets it way apart from these hobby flrks (including librewolf)

    source

    • priapus@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      I agree, Mullvad is the only fork that I have confidence in the security of (ignoring Tor ofc since it’s not really for general use).

      source

      • -> View More Comments
  • priapus@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

    Also want to add that this was caused by a configuration issue. If you want security, don’t use Firefox (or its forks) default configs, look into Betterfox.

    source
• kane@femboys.biz ⁨4⁩ ⁨weeks⁩ ago

  They just closed the issue without even acknowledging it, lol

  source

  • woelkchen@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    They just closed the issue without even acknowledging it, lol

    They acknowledged the remote debugging backdoor issue and fixed it a year ago.

    It was enabled due that zen was still a toy project and we needed people to easily open the debugger for easier bug fixing. This was due because zen was not in a daily drivable state and didn’t gain any sort of popularity yet.

    github.com/zen-browser/desktop/pull/927

    The telemetry issue is entirely different. Their handling of that is naive at best, dishonest at worst but it is completely different from the “backdoor”.

    source

    • kane@femboys.biz ⁨4⁩ ⁨weeks⁩ ago

      Fair, I was referring to the referenced issue in the comments on this post.

      What was surprising to me, is that there were many comments, and mentions of devs, yet no acknowledgment or getting linked to another issue.

      That is a red flag to me.

      source

      • -> View More Comments
  • WhyJiffie@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

    are you really surprised? that bugreport did not contain a single actionable detail. and then it refers to some forum by without any real reference, name or URL. there may betruth to it, and the other issue was actually very important and ridiculous, but this issue report is a big wontfix, reopen with real details

    source
  • priapus@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

    Because its a stupid issue. The complaint is that a Firefox fork acts like Firefox.

    source
• _cryptagion@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

  I thought it just allowede easier debugging, sorry

  What the fuck, this dude is making a browser and he doesn’t know what shit in the code he’s shipping even does?

  source

  • lazynooblet@lazysoci.al ⁨4⁩ ⁨weeks⁩ ago

    Not really an excuse but I expect writing a browser is an extremely intensive project and perhaps they were unprepared.

    Navigating any code base that isn’t your own adds it’s own challenge on top.

    So at this point I think it’s a “deer in headlights” case with some “head in sand” thrown in.

    source
  • aaron@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

    It’s either obvious bullshit, or the bloke is out of his depth.

    I suppose I should try and not just throw people under the bus, but I struggle to buy it.

    source
  • ayyy@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

    It turns out hobby forks of a web browser is a dumb idea.

    source
• async_amuro@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

  Fucks sake, reading through these comments it appears the Zen browser developer doesn’t know what they are doing.

  What alternatives are people using? I’m on Mac, iOS and Linux, avoiding Chrome/Safari and not looking to go back to Firefox, is there anything reliable/secure available?

  source

  • FreeBird@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

    LibreWolf

    source

    • Wildly_Utilize@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

      github.com/arkenfox/user.js/issues/1906

      Not sure about the health of librewolf either

      I use mullvad browser

      source

      • -> View More Comments
  • cek_cek@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

    Vivaldi is a very mature product

    source
  • rando@lemmy.ml ⁨4⁩ ⁨weeks⁩ ago

    I’m looking at librewolf and firedragon. Librewolf to replace Firefox and firedragon to replace zen. Both are on flathub.

    librewolf.net firedragon.garudalinux.org

    source

    • Akip@discuss.tchncs.de ⁨4⁩ ⁨weeks⁩ ago

      throw some waterfox on your firedragon

      source

      • -> View More Comments
  • monarch@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

    Have you settled on anything yet? I really like the essentials part of zen but incompetence on that level scares me.

    source
• lemmeBe@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

  Whenever people ask about privacy oriented Firefox alternative, firm answer from most of us is Librewolf. However, for some, shiny things are hard to resist.

  source

  • sem@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

    Librewolf isn’t on Android, but IronFox is.

    source

    • lemmeBe@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      I just found out from another thread that Fennec is alive. When DivestOS went under, Fennec was pronounced dead too (that was when I migrated to IronFox) .

      However, it seems someone continued maintenance. Does anyone have more details?

      source
  • MangoPenguin@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

    Librewolf also tends to break sites sometimes, I don’t want to deal with that

    source

    • lemmeBe@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      We have different experiences.

      source
  • gruhuken@slrpnk.net ⁨4⁩ ⁨weeks⁩ ago

    I like Floorp but i have no idea how much more/less private it is. I just like customising it

    source

    • lemmeBe@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      That’s okay. Means privacy isn’t your primary concern.

      source
• jonathan@lemmy.zip ⁨4⁩ ⁨weeks⁩ ago

  I didn’t see anything about a backdoor at the link.

  source

  • tias@discuss.tchncs.de ⁨4⁩ ⁨weeks⁩ ago

    It’s weird link to this issue with that title, since the problem is only referenced in the discussion. The actual backdoor issue is here.

    source

    • fartsparkles@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      I thought it just allowede easier debugging, sorry

      Fuuuuck. I wouldn’t eat a sandwich made by this person let alone a web browser. Forking and mucking around in a code base they clearly don’t understand. I get the feeling they’re one of those chmod -R 777 people.

      source

      • -> View More Comments
    • jonathan@lemmy.zip ⁨4⁩ ⁨weeks⁩ ago

      Fuck me, tell me someone else has risen to effective project lead since then?

      source

      • -> View More Comments
  • optissima@lemmy.ml ⁨4⁩ ⁨weeks⁩ ago

    github.com/zen-browser/desktop/issues/5947#issuec…

    It’s a link to a previous issue that was fixed, but it’s an egregious one.

    source
• rikudou@lemmings.world ⁨4⁩ ⁨weeks⁩ ago

  Well, at least they explained it! /s

  I thought it just allowede easier debugging, sorry

  source
• 01189998819991197253@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

  Were they… vibe coding? ⁽ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ⁾

  source
• puppinstuff@lemmy.ca ⁨4⁩ ⁨weeks⁩ ago

  So disappointing. I just transitioned my personal browsing from Arc to Zen Browser because it was the closest vertical tab experience I could find. Now I hope one of the other browsers will figure out and implement good drawer-based vertical tab UI.

  source

  • magikmw@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

    Any Firefox-based browser can use “Tree style tabs” it’s vertical tabs from the time before they were cool. Very customizable.

    source

    • JustARaccoon@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      Sure but it’s not the closest experience to Arc

      source
  • KryptonNerd@slrpnk.net ⁨4⁩ ⁨weeks⁩ ago

    If you right click on the tab bar on regular Firefox you can enable vertical tabs. I don’t think they’re as nice as Zen’s vertical tabs but they’re still pretty good

    source
  • _cryptagion@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

    Floorp has literally been right there the whole time.

    source

    • priapus@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      Floorp is even less trustworthy after incident with part of the browser being closed source. Even if they undid it, the fact that they would try that is unacceptable.

      source

      • -> View More Comments
  • Cris_Color@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

    I don’t use or care that much about vertical tabs, but florp might be worth taking a look at if you’re not already familiar with it

    I don’t know a ton about it but I think it has a similar kind of niche and is more vertical tab focused

    source