<?xml version="1.0" encoding="utf-8" ?>
<feed xmlns="http://www.w3.org/2005/Atom">
  <title>spiritofstar</title>
  <subtitle>Independent research on browser security, memory safety, and privacy engineering</subtitle>
  <link href="https://spiritofstar.github.io/atom.xml" rel="self" />
  <link href="https://spiritofstar.github.io/" rel="alternate" type="text/html" />
  <updated>2026-07-01T00:00:00Z</updated>
  <id>tag:spiritofstar.github.io,2026-07-04:/</id>
  <author>
    <name>spiritofstar</name>
  </author>
  <rights>CC BY 4.0</rights>

  <entry>
    <title>Assessment over Authority: Methodology, Threat Modeling, and the False Binary in Browser Security</title>
    <link href="https://spiritofstar.github.io/Assessment over Authority.html" rel="alternate" type="text/html" />
    <published>2026-07-01T00:00:00Z</published>
    <updated>2026-07-01T00:00:00Z</updated>
    <category term="browser security" />
    <category term="methodology" />
    <category term="threat modeling" />
    <category term="Firefox" />
    <category term="Chromium" />
    <category term="security discourse" />
    <id>tag:spiritofstar.github.io,2026-07-01:/blog/Assessment over Authority</id>
    <summary type="html"><![CDATA[
Independent research on browser security, memory safety, and privacy engineering
    ]]></summary>
    <content type="html" src="https://spiritofstar.github.io/Assessment over Authority.html" />
  </entry>
  <entry>
    <title>Browser Security Analysis: New Discoveries and Reaffirmed Findings</title>
    <link href="https://spiritofstar.github.io/responding-to-criticism.html" rel="alternate" type="text/html" />
    <published>2026-07-01T00:00:00Z</published>
    <updated>2026-07-01T00:00:00Z</updated>
    <category term="browser security" />
    <category term="methodology" />
    <category term="security discourse" />
    <category term="Firefox" />
    <category term="Chromium" />
    <category term="comparative analysis" />
    <id>tag:spiritofstar.github.io,2026-07-01:/blog/responding-to-criticism</id>
    <summary type="html"><![CDATA[
GrapheneOS responded to my first paper. Some of it was fair. I oversold isolatedProcess. Called it "the strongest sandbox" when it's just the standard Android option. Didn't mention V8 sandbox. Or Oilpan. Or CFI. Made the comparison look one-sided.

The core point still works. Chrome is built for containment. Sandboxes, site isolation, MTE, CFI. Firefox is built for prevention. Rust rewrites, RLBox, smaller API surface. Different approaches to the same problem.

I also missed things I should have caught. V8 has a memory sandbox that locks JIT code into a reserved region. SpiderMonkey has no CFI.

Fixed now.
    ]]></summary>
    <content type="html" src="https://spiritofstar.github.io/responding-to-criticism.html" />
  </entry>
  <entry>
    <title>Comparative Analysis of Sandboxing and Mitigation Philosophies in Mobile User-Agent Architectures</title>
    <link href="https://spiritofstar.github.io/blog.html" rel="alternate" type="text/html" />
    <published>2026-07-01T00:00:00Z</published>
    <updated>2026-07-01T00:00:00Z</updated>
    <category term="browser security" />
    <category term="sandboxing" />
    <category term="Firefox" />
    <category term="GeckoView" />
    <category term="Chromium" />
    <category term="mobile security" />
    <category term="comparative analysis" />
    <id>tag:spiritofstar.github.io,2026-07-01:/blog/sandboxing-mitigation-comparative-analysis</id>
    <summary type="html"><![CDATA[
GrapheneOS advises against Gecko-based browsers like Firefox, citing a security gap compared to Chromium-based alternatives such as Vanadium. Their core claim about the absence of Android's `isolatedProcess` sandboxing in GeckoView is accurate and acknowledged here. Several subsidiary claims mix up distinct mitigation layers (pre-compromise versus post-compromise) and don't account for threat-model dependencies that change the security calculus. This paper evaluates those claims through a multi-layered threat-modeling lens using publicly available sources. It covers the architectural evolution of GeckoView on Android, including the January 2026 shipping and subsequent rollback of Project Fission (Site Isolation) in Firefox 147, which remains disabled on release and beta channels due to unresolved crash bugs (Section 2.3). It covers structural pre-compromise defenses from Firefox's Rust adoption, WebExtension isolation, and declarative content-blocking. It looks at privacy controls intersecting with exploit-chain disruption. And it considers the systemic security risk of a Chromium monoculture. The analysis finds that categorical dismissal of either engine family isn't supported by current evidence. Browser selection is not a binary "secure versus insecure" metric but alignment with a specific threat model.
    ]]></summary>
    <content type="html" src="https://spiritofstar.github.io/blog.html" />
  </entry>
</feed>
