<?xml version="1.0" encoding="utf-8" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>spiritofstar</title>
    <description>Independent research on browser security, memory safety, and privacy engineering</description>
    <link>https://spiritofstar.github.io/</link>
    <language>en</language>
    <lastBuildDate>Wed, 01 Jul 2026 00:00:00 GMT</lastBuildDate>
    <atom:link href="https://spiritofstar.github.io/rss.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Assessment over Authority: Methodology, Threat Modeling, and the False Binary in Browser Security</title>
      <link>https://spiritofstar.github.io/Assessment over Authority.html</link>
      <guid>tag:spiritofstar.github.io,2026-07-01:/blog/Assessment over Authority</guid>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
      <category>browser security</category>
      <category>methodology</category>
      <category>threat modeling</category>
      <category>Firefox</category>
      <category>Chromium</category>
      <category>security discourse</category>
      <description><![CDATA[
Independent research on browser security, memory safety, and privacy engineering

<a href="https://spiritofstar.github.io/Assessment over Authority.html">Read the full paper &rarr;</a>
      ]]></description>
    </item>
    <item>
      <title>Browser Security Analysis: New Discoveries and Reaffirmed Findings</title>
      <link>https://spiritofstar.github.io/responding-to-criticism.html</link>
      <guid>tag:spiritofstar.github.io,2026-07-01:/blog/responding-to-criticism</guid>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
      <category>browser security</category>
      <category>methodology</category>
      <category>security discourse</category>
      <category>Firefox</category>
      <category>Chromium</category>
      <category>comparative analysis</category>
      <description><![CDATA[
GrapheneOS responded to my first paper. Some of it was fair. I oversold isolatedProcess. Called it "the strongest sandbox" when it's just the standard Android option. Didn't mention V8 sandbox. Or Oilpan. Or CFI. Made the comparison look one-sided.

The core point still works. Chrome is built for containment. Sandboxes, site isolation, MTE, CFI. Firefox is built for prevention. Rust rewrites, RLBox, smaller API surface. Different approaches to the same problem.

I also missed things I should have caught. V8 has a memory sandbox that locks JIT code into a reserved region. SpiderMonkey has no CFI.

Fixed now.

<a href="https://spiritofstar.github.io/responding-to-criticism.html">Read the full paper &rarr;</a>
      ]]></description>
    </item>
    <item>
      <title>Comparative Analysis of Sandboxing and Mitigation Philosophies in Mobile User-Agent Architectures</title>
      <link>https://spiritofstar.github.io/blog.html</link>
      <guid>tag:spiritofstar.github.io,2026-07-01:/blog/sandboxing-mitigation-comparative-analysis</guid>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
      <category>browser security</category>
      <category>sandboxing</category>
      <category>Firefox</category>
      <category>GeckoView</category>
      <category>Chromium</category>
      <category>mobile security</category>
      <category>comparative analysis</category>
      <description><![CDATA[
GrapheneOS advises against Gecko-based browsers like Firefox, citing a security gap compared to Chromium-based alternatives such as Vanadium. Their core claim about the absence of Android's `isolatedProcess` sandboxing in GeckoView is accurate and acknowledged here. Several subsidiary claims mix up distinct mitigation layers (pre-compromise versus post-compromise) and don't account for threat-model dependencies that change the security calculus. This paper evaluates those claims through a multi-layered threat-modeling lens using publicly available sources. It covers the architectural evolution of GeckoView on Android, including the January 2026 shipping and subsequent rollback of Project Fission (Site Isolation) in Firefox 147, which remains disabled on release and beta channels due to unresolved crash bugs (Section 2.3). It covers structural pre-compromise defenses from Firefox's Rust adoption, WebExtension isolation, and declarative content-blocking. It looks at privacy controls intersecting with exploit-chain disruption. And it considers the systemic security risk of a Chromium monoculture. The analysis finds that categorical dismissal of either engine family isn't supported by current evidence. Browser selection is not a binary "secure versus insecure" metric but alignment with a specific threat model.

<a href="https://spiritofstar.github.io/blog.html">Read the full paper &rarr;</a>
      ]]></description>
    </item>
  </channel>
</rss>
