In my opinion as a community member (not speaking for Qubes), Firefox is not the ideal default browser for Qubes. However, the choice of a default browser is a complex issue. Here’s an analysis of the situation:
-
Limited Options: Finding a secure, privacy-respecting browser with good usability is challenging. I’ve extensively researched this topic for Kicksecure (Kicksecure Default Browser - Development Considerations) (based on lengthy discussions).
-
Lack of Suitable Alternatives: There’s a noticeable absence of well-maintained, vendor-neutral browsers with timely security updates and acceptable usability. Even finding a project with “radio silence” [1] as a development goal has proven difficult.
-
Hardening Difficulties: Hardening Firefox by default is problematic for Linux distributions due to:
a) Potential legal risks related to Mozilla’s trademark. (This could be potentially worked around by requiring the user to press a “harden Firefox” button.)
b) The complexity of modern browsers, which are essentially “reinventing the operating system” with millions of lines of code. -
Evolving Web Standards: Rapidly changing web standards, often driven by major players like Google [2], make it challenging for alternative browsers to keep pace.
-
Sustainability Issues: There’s a lack of sustainable open-source business models for browser development (excluding search engine deals, user data monetization, crypto, etc.).
The broader question we should perhaps ask is: “Why are mainstream browsers so inadequate for privacy and security?”
Qubes currently seems to focus on security-by-isolation (the “outside” of the VMs) rather than comprehensively hardening the “inside” of VMs. This approach is due to:
- The lack of a suitable security-focused Linux distribution with a hardened-by-default browser; and
- Limited resources to implement such hardening.
For further discussion on this topic, see:
- What’s the future of QubesOS Default Security Configuration?
- create or fork a Linux distribution for default use by App Qubes for better security · Issue #9332 · QubesOS/qubes-issues · GitHub
In conclusion, while Firefox may not be ideal, finding a truly appropriate default browser for Qubes is a complex challenge that extends beyond the scope of the Qubes project alone.
[1] As defined in LibreWolf feature request Radio Silence by Default for Browser Startup and Background Connections aka “Disable Phone Home” #1779.
[2] For examples of Google pushing web standards, consider researching “google pushing web standards examples” using search tools like perplexity.ai.