|
That's the neat part: you don't. I mean sure, there can be audits, 3rd party assurances, long histories without incidents, you can even check the code yourself. But do you trust any of those completely to know what they're doing, not be compromised, to have actually done a thorough and total deep dive, and not missed anything (for example, something hidden in a tiny package like xz-utils) in the vast expanse of a codebase that is a modern browser? You shouldn't. In a small (<1000 LoC) codebase maybe, but a large one? It's not feasible. therefore... > How do we actually know these browser forks don't contain malware of their own You don't know, because you can't know, especially if you expand that beyond just malware, but also include dark patterns, back doors, and privacy disrespecting gems. So it becomes a matter of faith. Who do you trust more? The ones advocating for your privacy, or the ones removing such commitments from their website in light of a new ToS that has many people rightfully in an uproar? These days, for projects of sufficient size/use, on a long enough timeframe, a project either dies or becomes enshittified. The key is to find that stage of a project/products life where you maximize usefulness and minimize enshittification. That's not to slander Waterfox, or any other project, but simply to assert that ultimately, there is rarely if ever a perfect solution that can be fully trusted. Source: Trust me bro, I'm on the internet. No one ever lies on the internet. |