Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This seems like it could make Firefox one of the most secure linux desktop applications?

For instance, if you are typing $SensitiveMessage, you would be far better off doing that in a firefox 100 textedit box in a browser tab, rather than an xterm, or emacs, or your desktop environments preferred text editor, or anything else.

I currently use "secure keyboard" in xterm but I know that has problems.



I'm pretty sure that there's nothing preventing other apps on your desktop from listening to keystrokes that are supposed to go into Firefox, unfortunately. This is a fundamental problem with the X11 protocol and as far as I know the only real solution is to switch to Wayland.


All major distros are using wayland these days.


Along with like 1 in 5 users.


Ubuntu 22.04 now defaults to Wayland so that should make a big difference in the coming years


wayland has never been a pleasant experience for me, neither was pipewire. everything the nix community fawns over seems to be regressive bullshit that breaks my system. systemd is only just now becoming acceptable in that in the past year it hasn't fucked me too hard.


Please stop using "nix" to mean Unix and similar systems. *nix is OK. There is an important package manager named Nix.


None of those other apps are constantly running code written by millions of different people many of which are actively attacking you possibly right now in one tab while you are typing in the other.

It has to make a Herculean effort because it is by far the worst possible app to be typing $SensitiveMessage in.

At least Kate or gedit probably doesn't have a second tab open running a JavaScript subprocess which is presently trying to attack you so it can cryptolocker you or empty your wallet.


Yeah the keystrokes still have to go to some trusted process at the top that doesn't run untrusted code.

So it's only more secure if you think emacs / xterm / your text editor is real likely to be compromised


Chromium and dreivatives had this for years. Firefox's isolation is making progress, but it has a ways to go before it matches Chromium.

FF devs are finalizing a utility process overhaul and laying the groundwork for CFI; for years, Chromium has had both with a much more thorough implementation than FF will in the near future. However, the browser space desperately needs competition so I'll take what I can get. Sigh.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: