Firefox’s new Fission security feature is at once simple and complicated. It’s simple to use, but complicated to understand. But hey, that’s why I’m here.
Web browsers today are extremely powerful and complex applications. Much of what we do on our computers these days is done in a web browser. With all the cloud services in existence today, an argument could be made that many people could get by with nothing but a web browser. This is why Chromebooks are so popular.
But with that power and complexity comes security risks. Because web browsers are used so often and by nature must digest and interpret gobs of foreign data (web pages, videos, music, ads, and web applications like Google Docs), they’re prime targets for the bad guys.
Google vs the Rest
Statistically, you probably use the Chrome browser. According to StatCounter, Chrome is used by 67% of desktop users. If you’re a Windows user, you’ve heard of Edge (Microsoft’s browser); if you’re an Apple user, you’ve heard of Safari (the default browser on macOS and iOS). Hopefully you’ve heard of Firefox, too (probably from me). And there are many others, actually… Opera, Vivaldi, Brave, and more. But Chrome, Safari, Edge, and Firefox are the most popular (67%, 10%, 8% and 8% of the desktop market, respectively).
I’m not going to lie… Google makes a top-notch web browser. It’s got great features and it actually has very good security. But like just about everything Google makes, it’s a privacy nightmare. I can’t stress this enough: you should assume that Google knows everything you do in Chrome. Google is an advertising company, full stop. Something like 90% of their revenue is from selling ads. And that means selling access to your personal data.
When it comes to privacy, to me, Firefox is the winner. It’s not an easy choice. Safari is quite good for privacy, too – but only for Apple users. But an all-purpose browser, Firefox is my favorite and it’s the one I recommend for most people. And they need your help – badly. More on that in a minute.
Firefox Fission
Back to security. Most people simultaneously view multiple web pages when using a browser. Each page is in a separate tab or window, but at the end of the day, all those web pages are running within a single application (the browser). From a security standpoint, that means that if one of those web pages manages to escape its digital confines, it could steal data from other tabs or windows. (Remember Spectre and Meltdown?) Think passwords, credit card numbers, medical data, email addresses, social security numbers, bank account numbers, and whatever else might be on a page you’re viewing.
Browser makers actively try to “sandbox” each tab to prevent this type of data spying. But with the new Fission feature, Mozilla has kicked it up a notch. Basically, every single web source is now in its own process space. They refer to this as Site Isolation. That’s computer talk, but it means that there are much stronger protections against accessing data outside the boundaries. It also means that even within a single web page (which often loads elements from several other sites besides the main one), elements of that page that come from other sources are prevented from spying on each other.
Now for the easy part: enabling Fission. To turn this protection on, type in “about:config” in the Firefox address box. It will warn you about making changes, but that’s okay here. From the config settings page, search on “fission.autostart” and double-click to enable it. Restart Firefox and you’re good to go!
Firefox Needs Your Help to Survive
Firefox has hit some really rough times. Unfortunately and ironically, Mozilla actually depends on their main rival Google for funding. (This is why the default search engine in Firefox is Google. Be sure to change that to DuckDuckGo.) We need to preserve Firefox, if for no other reason than to make sure Google has real competition. Safari and Edge only run on Apple and Windows, respectively. Firefox runs on everything.
For this and many other reasons, I strongly encourage you to stop using Chrome and start using Firefox. The number one way you can help Firefox survive is to use it. And help your friends and family switch, too.
If you like to give money, you can also donate to the Mozilla Foundation. I give them $10 a month, personally. But anything would be helpful.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!
