[stephenr]

Name one browser-embedded technology in distribution today that has had even half as many security vulnerabilities as Flash has had over its lifetime?

If your world view is "block javascript or let any and all javascript run", I don't know how to help you, because that isn't reality.

[oblio]

> Name one browser-embedded technology in distribution today that has had even half as many security vulnerabilities as Flash has had over its lifetime?

Why should I name a "browser-embedded technology"? I can just point out browser vulnerabilities.

https://www.cvedetails.com/product/3264/Mozilla-Firefox.html...

https://www.cvedetails.com/product/15031/Google-Chrome.html?...

If anything, they're not that great against Flash:

https://www.cvedetails.com/product/6761/Adobe-Flash-Player.h...

Keep in mind that Flash itself was a runtime, much as a browser is. More limited, but still pretty big.

> If your world view is "block javascript or let any and all javascript run", I don't know how to help you, because that isn't reality.

You can't help me, I think no one can. For now we can still kind of run ad blockers, even though Chrome is working hard on stealthily removing them.

But for regular users, who don't run them (probably 99% of users out there), how do they protect themselves from cryptominers? From nasty ads?

[est31]

10 years ago, it was nearly impossible to browse the web with Flash disabled. Which means that most people had it installed, and thus a vulnerability in Flash would mean all users were exploitable. Browser vulnerabilities only mean the users of that browser are exploitable, which limits its scope somewhat. Of course, the Chrome monoculture that has established itself doesn't help here :).

[stephenr]

> For now we can still kind of run ad blockers, even though Chrome is working hard on stealthily removing them.

You're using a browser build by a giant privacy abusing ad company, and you wonder why it isn't so friendly to ad-blocking/privacy-protecting plugins?

COLOUR ME SURPRISED.

[oblio]

I'm using Firefox...

[stephenr]

Great. So your two comments taken together prove my point. Don't use technology that's actively working against your best interests, and your interests will be better served..

[oblio]

No, you're just completely missing the point. By a mile.

You can't bury your hand in the sand and pretend that everything is fine. It's not.

Almost every browser out there is dying, everything is being taken over by Chrome/Chromium/Blink. The alternative is Webkit/Safari, which comes with its own limitations.

Firefox's market share is 5% and dwindling. Web developers have stopped caring about Firefox. Many sites are slow or barely working in Firefox. Firefox bugs aren't being fixed.

Soon I'll be forced to use Chrome because the alternatives won't allow me to do my job.

Open Source browser alternatives can't keep up. And even though Chromium itself is Open Source, it's not a complete browser for the modern web (see DRM).

So we're all going to be using Chrome or browsers built by corporations with the same incentives as Google (Microsoft also has an ad network, Opera is now owned by a semi-shady Chinese VPN company). And these browsers are gutting ad blocking.

Plus ads are getting smarter and we're not that far off from a point where ad blocking in its current form is no longer efficient. See for example stuff like the DNS over HTTPS changes.

And if it would only be about this, you'd be missing the point by "only" half a mile.

The other half a mile is that many people are forced to use a certain browser. At work, at school, etc. Or they don't know how to change their browser or what a browser even is. We're all in this together, the internet is one big network.

And for regular people, modern browsers are just as bad as Flash. Maybe even worse, at least Flash had a modicum of design as a platform. The web platform is a huge mishmash.

[matheusmoreira]

> And these browsers are gutting ad blocking.

How?

> Plus ads are getting smarter and we're not that far off from a point where ad blocking in its current form is no longer efficient. See for example stuff like the DNS over HTTPS changes.

Surely there will be ways to work around that.

[virgilp]

So tell me. Which browser(s) should I use? Don't be so mysterious.

[Doctor_Fegg]

Depends if you view pervasive tracking as a security vulnerability.