{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "spiritofstar",
  "description": "Independent research on browser security, memory safety, and privacy engineering",
  "home_page_url": "https://spiritofstar.github.io/",
  "feed_url": "https://spiritofstar.github.io/feed.json",
  "authors": [
    {
      "name": "spiritofstar"
    }
  ],
  "language": "en",
  "items": [
    {
      "id": "tag:spiritofstar.github.io,2026-07-01:/blog/Assessment over Authority",
      "url": "https://spiritofstar.github.io/Assessment over Authority.html",
      "title": "Assessment over Authority: Methodology, Threat Modeling, and the False Binary in Browser Security",
      "summary": "Independent research on browser security, memory safety, and privacy engineering",
      "content_html": "<p>Independent research on browser security, memory safety, and privacy engineering</p><p><a href=\"https://spiritofstar.github.io/Assessment over Authority.html\">Read the full paper \u2192</a></p>",
      "date_published": "2026-07-01T00:00:00Z",
      "date_modified": "2026-07-01T00:00:00Z",
      "tags": [
        "browser security",
        "methodology",
        "threat modeling",
        "Firefox",
        "Chromium",
        "security discourse"
      ]
    },
    {
      "id": "tag:spiritofstar.github.io,2026-07-01:/blog/responding-to-criticism",
      "url": "https://spiritofstar.github.io/responding-to-criticism.html",
      "title": "Browser Security Analysis: New Discoveries and Reaffirmed Findings",
      "summary": "GrapheneOS responded to my first paper. Some of it was fair. I oversold isolatedProcess. Called it \"the strongest sandbox\" when it's just the standard Android option. Didn't mention V8 sandbox. Or Oilpan. Or CFI. Made the comparison look one-sided.\n\nThe core point still works. Chrome is built for containment. Sandboxes, site isolation, MTE, CFI. Firefox is built for prevention. Rust rewrites, RLBox, smaller API surface. Different approaches to the same problem.\n\nI also missed things I should have caught. V8 has a memory sandbox that locks JIT code into a reserved region. SpiderMonkey has no CFI.\n\nFixed now.",
      "content_html": "<p>GrapheneOS responded to my first paper. Some of it was fair. I oversold isolatedProcess. Called it &quot;the strongest sandbox&quot; when it&#x27;s just the standard Android option. Didn&#x27;t mention V8 sandbox. Or Oilpan. Or CFI. Made the comparison look one-sided.\n\nThe core point still works. Chrome is built for containment. Sandboxes, site isolation, MTE, CFI. Firefox is built for prevention. Rust rewrites, RLBox, smaller API surface. Different approaches to the same problem.\n\nI also missed things I should have caught. V8 has a memory sandbox that locks JIT code into a reserved region. SpiderMonkey has no CFI.\n\nFixed now.</p><p><a href=\"https://spiritofstar.github.io/responding-to-criticism.html\">Read the full paper \u2192</a></p>",
      "date_published": "2026-07-01T00:00:00Z",
      "date_modified": "2026-07-01T00:00:00Z",
      "tags": [
        "browser security",
        "methodology",
        "security discourse",
        "Firefox",
        "Chromium",
        "comparative analysis"
      ]
    },
    {
      "id": "tag:spiritofstar.github.io,2026-07-01:/blog/sandboxing-mitigation-comparative-analysis",
      "url": "https://spiritofstar.github.io/blog.html",
      "title": "Comparative Analysis of Sandboxing and Mitigation Philosophies in Mobile User-Agent Architectures",
      "summary": "GrapheneOS advises against Gecko-based browsers like Firefox, citing a security gap compared to Chromium-based alternatives such as Vanadium. Their core claim about the absence of Android's `isolatedProcess` sandboxing in GeckoView is accurate and acknowledged here. Several subsidiary claims mix up distinct mitigation layers (pre-compromise versus post-compromise) and don't account for threat-model dependencies that change the security calculus. This paper evaluates those claims through a multi-layered threat-modeling lens using publicly available sources. It covers the architectural evolution of GeckoView on Android, including the January 2026 shipping and subsequent rollback of Project Fission (Site Isolation) in Firefox 147, which remains disabled on release and beta channels due to unresolved crash bugs (Section 2.3). It covers structural pre-compromise defenses from Firefox's Rust adoption, WebExtension isolation, and declarative content-blocking. It looks at privacy controls intersecting with exploit-chain disruption. And it considers the systemic security risk of a Chromium monoculture. The analysis finds that categorical dismissal of either engine family isn't supported by current evidence. Browser selection is not a binary \"secure versus insecure\" metric but alignment with a specific threat model.",
      "content_html": "<p>GrapheneOS advises against Gecko-based browsers like Firefox, citing a security gap compared to Chromium-based alternatives such as Vanadium. Their core claim about the absence of Android&#x27;s `isolatedProcess` sandboxing in GeckoView is accurate and acknowledged here. Several subsidiary claims mix up distinct mitigation layers (pre-compromise versus post-compromise) and don&#x27;t account for threat-model dependencies that change the security calculus. This paper evaluates those claims through a multi-layered threat-modeling lens using publicly available sources. It covers the architectural evolution of GeckoView on Android, including the January 2026 shipping and subsequent rollback of Project Fission (Site Isolation) in Firefox 147, which remains disabled on release and beta channels due to unresolved crash bugs (Section 2.3). It covers structural pre-compromise defenses from Firefox&#x27;s Rust adoption, WebExtension isolation, and declarative content-blocking. It looks at privacy controls intersecting with exploit-chain disruption. And it considers the systemic security risk of a Chromium monoculture. The analysis finds that categorical dismissal of either engine family isn&#x27;t supported by current evidence. Browser selection is not a binary &quot;secure versus insecure&quot; metric but alignment with a specific threat model.</p><p><a href=\"https://spiritofstar.github.io/blog.html\">Read the full paper \u2192</a></p>",
      "date_published": "2026-07-01T00:00:00Z",
      "date_modified": "2026-07-01T00:00:00Z",
      "tags": [
        "browser security",
        "sandboxing",
        "Firefox",
        "GeckoView",
        "Chromium",
        "mobile security",
        "comparative analysis"
      ]
    }
  ]
}