Skip to main content
Topic: New Browser: Floorp (Firefox-ESR-based) (Read 1527 times) previous topic - next topic
0 Members and 5 Guests are viewing this topic.

New Browser: Floorp (Firefox-ESR-based)

In the Omniverse repository a new browser is available, named Floorp.

It's a young project - about 1.5 years old - from a group of Japanese students, based on Firefox-ESR, with these key features from https://floorp.app/en/ :

  • Strong Tracking Protection: Floorp offers robust tracking protection, safeguarding users from malicious tracking and fingerprinting on the web.Flexible Layout: Customize Floorp's layout to your heart's content, including moving the tab bar, hiding the title bar, and more for a personalized browsing experience.
  • Switchable Design: Choose from five distinct designs for the Floorp interface, and even switch between OS-specific designs for a unique look
  • Regular Updates: Based on Firefox ESR, Floorp receives updates every four weeks, ensuring up-to-date security even before Firefox's releases.
  • No User Tracking: Floorp prioritizes user privacy by abstaining from collecting personal information, tracking users, or selling user data, with no affiliations with advertising companies.
  • Completely Open Source: The full source code for Floorp is open to the public, allowing transparency and enabling anyone to explore and build their own version.
  • Dual Sidebar: Floorp features a versatile built-in sidebar for webpanels and browsing tools, making it perfect for multitasking and quick access to bookmarks, history, and websites.
  • Flexible Toolbar & Tab Bar: Customize your browser with Tree Style Tabs, vertical tabs, and bookmark bar modifications, catering to both beginners and experts in customization.
  • User-Centric Web Experience: Floorp prioritizes user privacy and collaboratively blocks harmful trackers.

Note: the Floorp Settings pages contain some links to recommended extensions.

An article on Floorp:
 https://browsertouse.com/blog/24836/floorp-browser-review/

artist

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #1
Good timing as my latest obsession has been sifting through github for firefox userchrome.css modifications in search of a functional minimalist theme and/or top bar.  This just has it as default and it works better than the userchrome hackiness I have seen so far.

Very nice :)

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #2
Cool! First time I heard of this project. It sounds very interesting, I will have to check this out!

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #3
It doesn't look good. Take a look at this:
default connections (first run):

push.services.mozilla.com   443   HTTP <= 1.1   true   0   0
www.google.com   443   HTTP/3   true   1   0
docs.ablaze.one   443   HTTP/3   true   1   0
docs.ablaze.one   443   HTTP/2   true   0   0
detectportal.firefox.com   80   HTTP <= 1.1   false   0   1
floorp-update.ablaze.one   443   HTTP/2   true   1   0
contile.services.mozilla.com   443   HTTP <= 1.1   true   0   0
r3.o.lencr.org   80   HTTP <= 1.1   false   0   1
www.google.com   443   HTTP/2   true   1   0
detectportal.firefox.com   80   HTTP <= 1.1   false   0   0
ablaze.one   443   HTTP/2   true   0   0
ocsp.pki.goog   80   HTTP <= 1.1   false   0   1
firefox.settings.services.mozilla.com   443   HTTP <= 1.1   true   0   0
blog.ablaze.one   443   HTTP/2   true   1   0
ablaze.one   443   HTTP/3   true   1   0
cdn.jsdelivr.net   443   HTTP/2   true   0   0
www.google.com   443   HTTP/2   true   0   0
t3.gstatic.com   443   HTTP/3   true   1   0
www.google.com   443   HTTP/3   true   1   0
t0.gstatic.com   443   HTTP/2   true   0   0
t3.gstatic.com   443   HTTP/2   true   0   0
ocsp.pki.goog   80   HTTP <= 1.1   false   0   2
cdn.jsdelivr.net   443   HTTP/3   true   1   0
detectportal.firefox.com   80   HTTP <= 1.1   false   0   1
raw.githubusercontent.com   443   HTTP/2   true   1   0
location.services.mozilla.com   443   HTTP <= 1.1   true   0   0
t0.gstatic.com   443   HTTP/3   true   1   0
www.google.com   443   HTTP/2   true   1   0
static.cloudflareinsights.com   443   HTTP <= 1.1   true   0   0
shavar.services.mozilla.com

connections after turning homepages:

Hostname    Port    HTTP Version    SSL    Active    Idle
detectportal.firefox.com   80   HTTP <= 1.1   false   0   1
shavar.services.mozilla.com   443   HTTP <= 1.1   true   0   0
floorp-update.ablaze.one   443   HTTP/2   true   1   0
contile.services.mozilla.com   443   HTTP <= 1.1   true   0   0
t0.gstatic.com   443   HTTP/3   true   1   0
detectportal.firefox.com   80   HTTP <= 1.1   false   0   0
firefox.settings.services.mozilla.com   443   HTTP <= 1.1   true   0   0
www.google.com   443   HTTP/3   true   1   0
www.google.com   443   HTTP/3   true   1   0
r3.o.lencr.org   80   HTTP <= 1.1   false   0   1
ocsp.pki.goog   80   HTTP <= 1.1   false   0   2
detectportal.firefox.com   80   HTTP <= 1.1   false   0   1
location.services.mozilla.com   443   HTTP <= 1.1   true   0   0
t3.gstatic.com   443   HTTP/3   true   1   0
push.services.mozilla.com   443   HTTP <= 1.1   true   0   0
www.google.com   443   HTTP/2   true   1   0

DNS Connections:


And a very quick secuiry checking:
security.ssl.require_safe_negotiation  >FALSE
security.ssl.treat_unsafe_negotiation_as_broken > FALSE

trr not set to "3" (not sure about your ISP, but it should be the default, not to mention openBSD guys are right and removed the code.. software should obey systemwide settings....).

Should a browser decide connections for me? Should it connect to something, I hadn't even asked it for? Should it estabilish connections before I click anything? My answer is no. And here we even have google...

P.S. Did someone check root certificates? Did someone decompressed omni.ja? Who are those Japanese?

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #4
Hmm I've been using browser exclusively since I saw this posted.  Is this app a big security risk? Spyware/malware? Phishing? etc?  Any word / conclusion.

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #6
Well honestly i don't see anything dubious in that packet cap log, so it's as much of a security risk as stock firefox is (a small one already compared to other mainstream browsers...)

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #7
With decent browsers the biggest security risk is generally the user.
Quote from: sonar – on
trr not set to "3" (not sure about your ISP, but it should be the default, not to mention openBSD guys are right and removed the code.. software should obey systemwide settings....).
You contradict yourself. Programs making their own mind up about DNS by default would not equal "obeying systemwide settings". I want the setting on 5. "Explicitly off". (On the Floorp based new Firedragon it is on 5 by default)
My computers use my my router for DNS. My router uses DNS over TLS with a server of my choice.
 

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #8
Do these things have webassembly built in?

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #9
Quote from: mrbrklyn – on
Do these things have webassembly built in?
Yes
To disable it in Firefox (and derivatives):
Type about:config in the URL bar and set javascript.options.wasm to false

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #10
Quote from: sonar – on

And a very quick secuiry checking:
security.ssl.require_safe_negotiation  >FALSE
security.ssl.treat_unsafe_negotiation_as_broken > FALSE


which is what it should be.  It is fallacy that ssl gives security.  Often it is insecure.  It is nothing for a phishing site to acquire an SSL cert.

Bad certificates should kick up a warning message and not just /dev/null the page.  Honestly, SSL is a PIA and I've dozens of valid sites with old SSL certs.

The lets encrypt program is not well thought out or well designed.

It is also laughable, if not sad, that people worried about DNS hijacking (really - sending all you inquiries to 8.8.8.8 is SECURE .... NAH) have no trouble sending every traffic jump in their browser to verisgin et al.

This forum, for example is SSL through Google Trust Services LLC.  Do I trust Google?  No,  Google is in my noscript block.  Do I care if anyone can read my packets to and from this forum?  NOT AT ALL.  I'm posting to a public forum.  LET IT FLY.

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #11
Quote from: mrbrklyn – on
Quote from: sonar – on

And a very quick secuiry checking:
security.ssl.require_safe_negotiation  >FALSE
security.ssl.treat_unsafe_negotiation_as_broken > FALSE


which is what it should be.  It is falasy that ssl gives security.  Often it is insecure.  It is nothing for a phishing cite to aquire an SSL cert.
Quote from: gripped – on
Quote from: mrbrklyn – on
Do these things have webassembly built in?
Yes
To disable it in Firefox (and derivatives):
Type about:config in the URL bar and set javascript.options.wasm to false

yeah - thanks for anticipating that question.

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #13
Quote from: sonar – on

Should a browser decide connections for me? Should it connect to something, I hadn't even asked it for? Should it estabilish connections before I click anything? My answer is no. And here we even have google...

You are kind of stuck then.  While this almost sounds rational, it isn't.  Every AJAX and SOAP applicaiton - which is nearly the entire internet, uses preboxed video, images, and even scripts, to get function from an otherwise dysfunctional and flat http protocal.

Furthermore, ever since MOSIAC, this html code
Code: [Select]
 <IMG SRC=""URI">MY IMAGE</IMG>

Is not just valid, but ESSENTIAL and it pulls requests and data from any computer on the public internet.

Here:



That image is compliments of MRBRKLYN and is served to you on a hot platter from Flatbush.  NO SSL needed.  Enjoy.  You didn't ask for it or click on it, but you got it.

This is  not the world before hypertext and  gophernet.

This is the internet.  It has been built with a balancing act of risk versus saftey from the start.  But at NO TIME did an http call ever restrict itself to only things you click on.  There has always been a cascade of requests.

Re: New Browser: Floorp (Firefox-ESR-based)

Reply #14
.....  error - sorry