From a9f0ea37ea63317e19a9381d403631410ac9903f Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Mon, 15 Apr 2024 19:39:25 -0500
Subject: [PATCH] Revise notes on Mull/GeckoView Android

---
 docs/mobile-browsers.md | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md
index f8383d1a43..1b20d9cb05 100644
--- a/docs/mobile-browsers.md
+++ b/docs/mobile-browsers.md
@@ -130,13 +130,6 @@ Brave allows you to select additional content filters within the internal `brave
 
 ### Mull
 
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-Firefox (Gecko)-based browsers on Android [lack per-site process isolation](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196), a powerful security feature that offers additional protection against a malicious website exploiting a security vulnerability. Missing this feature likely won't pose an issue for low-risk web browsers who keep their browser up-to-date, but those visiting higher-risk sites or at risk of targeted/0-day attacks should strongly consider a Chromium-based browser like [Brave](#brave) instead.
-
-</div>
-
 <div class="admonition recommendation" markdown>
 
 ![Mull logo](assets/img/browsers/mull.svg){ align=right }
@@ -157,6 +150,16 @@ Firefox (Gecko)-based browsers on Android [lack per-site process isolation](http
 
 </div>
 
+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
+
+Firefox (Gecko)-based browsers on Android [lack](https://bugzilla.mozilla.org/show_bug.cgi?id=1610822) per-site [process isolation](https://wiki.mozilla.org/Project_Fission),[^1] a powerful security feature that offers additional protection against a malicious website exploiting a security vulnerability.[^2] Chromium-based browsers like [Brave](#brave) will provide more robust protection against malicious websites.
+
+</div>
+
+[^1]: This should not be mistaken for per-site *data* isolation (dynamic [first party isolation](https://2019.www.torproject.org/projects/torbrowser/design/#identifier-linkability)) or [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), where website data such as cookies and cache is restricted so that a third-party embedded in one top-level site cannot access data stored under another top-level site. This is an important privacy feature to prevent cross-site tracking and **is** supported by Firefox on Android.
+[^2]: GeckoView [does not](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196) take advantage of Android's [isolatedProcess](https://developer.android.com/guide/topics/manifest/service-element#isolated) flag either, which would further isolate the process from the rest of the system.
+
 Enable DivestOS's [F-Droid Repo](https://divestos.org/fdroid/official) to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer.
 
 Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.
@@ -167,6 +170,8 @@ We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin)
 
 Mull comes with privacy protecting settings configured by default. You might consider configuring the **Delete browsing data on quit** options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically.
 
+Because Mull has more advanced and strict privacy protections enabled by default compared to most browsers, some websites may not load or work properly unless you adjust those settings. You can consult this [list of known issues and workarounds](https://divestos.org/pages/broken#mull) for advice on a potential fix if you do encounter a broken site. Adjusting a setting in order to fix a website could impact your privacy/security, so make sure you fully understand any instructions you follow.
+
 ## iOS
 
 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.