Add a section for why Chrome/Chromium should not be used just like the Windows 10 section? #274
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#274
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Chrome/Chromium is the most used browser currently. Adding warnings and reasons against it may be a good idea.
The security of Chromium is very solid tho.
https://www.chromium.org/Home/chromium-security/brag-sheet
@kewde
But the privacy that it provides is very weak. This is similar to how Windows 10 is the most secure Windows OS but it is also the weakest when it comes to privacy. (Also the landscape is changing, Firefox uses Chromium's sandboxing code, and it will integrate its sandboxed PDF viewer, and it will have many of its parts rewritten in a memory safe language - Rust)
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
I know, there is a project 'chromium ungoogled', which was student project at the time but I believe some new developers have picked it up. It removed the tracking things of chromium as much as possible (may even all, I need to look into it again).
I agree, it's not the best privacy-wise but we can't neglect security either. Warning seem reasonable.
Privacy and security go hand in hand tho!
@kewde
Removing the Google parts is, alas, insufficient to counter the fact that Chromium is very weak at fingerprinting resistance and first party isolation. Contrast this with how Firefox uplifts Tor Browser patches directly into Firefox (e.g. all it takes is to set
privacy.resistFingerprinting
andprivacy.firstparty.isolate
totrue
inabout:config
).@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
Agreed.
I'd recommend both ungoogled chromium and FF as some people may prioritize security over privacy, and even though we're a privacy website, we should focus on security as well.
This is individual, depends on what the user is looking for.
There is no privacy with ungoogled chromium, all the stuff that you can easily fingerprint with Chromium (fonts, canvas, ...) is fairly sufficient, and when coupled with the lack of any first party isolation, shows that one can't expect to be safe from browser fingeprinting and tracking with it.
I have a simple test for anyone on Windows who also has TCPView by Sysinternals (Free):
Browse any site with Firefox or Palemoon and look at TCPView after some pages load.
Browse same sites with Chrome or Chromium and look at TCPView.
In the latter case only, I see svchost.exe connecting to Google IP in a permanent way between different sites. I can confirm it happens with Chrome and Chromium (haven't tried with Ungoogled Chromium) as I have to allow svchost.exe connections on my firewall: something that doesn't happen with FF, Palemoon or similar browsers.
No need to test the obvious. We're talking about Ungoogled Chromium.
BTW, one of the things Chrome sends to Google is the URLs you visit. This will of course happen with FF Sync as well.
@Atavic
That's detailed in this discussion, https://github.com/nylira/prism-break/issues/169
I can also mention some more other problems with Ungoogled or Googled Chromium:
The worst offender on this front is the use of the Microsoft Windows CryptoAPI for certificate validation, without any alternative. This bug means that certificate revocation checking and intermediate certificate retrieval happen outside of the browser's proxy settings, and is subject to alteration by the OEM and/or the enterprise administrator. Worse, beyond the Tor proxy issues, the use of this OS certificate validation API means that the OEM and enterprise also have a simple entry point for installing their own root certificates to enable transparent HTTPS man-in-the-middle, with full browser validation and no user consent or awareness.
All of this is not to mention the need for defenses against third party tracking and fingerprinting to prevent the linking of Tor activity to non-Tor usage, and which would also be useful for the wider non-Tor userbase.
https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-hardening-study
Closing this out as WontFix.
At this point, it's a non-goal to have all networking go through configured proxy settings. There are already a number of things which ignore proxy settings/configuration (from recent events, Chromecast, GCM, Pepper sockets all come to mind)
Adding Justin because he has feels about this, and if he's got people to dedicate to this, we can look at what proactive steps we could take to design the codebase to require this. But in the absence of that, this is like putting a finger on a leaky dam, and that won't be a worthwhile use of time.
https://bugs.chromium.org/p/chromium/issues/detail?id=80722
https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
I think "Google Chrome" should be avoided but "Chromium" is fine.
Chromium is even the base for many fast / stable and some privacy focused browsers e.g. Brave.
Electron uses Chromium engine. It's a good engine. Just avoid the Google builds and get de-googled ones: https://chromium.woolyss.com/
Not pretty sure Chromium is completely un-googled at all.
Someone with more info, please?
I was not talking about stock version of chromium. I clearly linked a custom build. Someone built from source. That means they can add or remove any google as they like since chromium's source code is open. Many things like electron are built on chromium engine / core code.
Related: https://github.com/privacytoolsIO/privacytools.io/issues/380#issuecomment-353878470
@CHEF-KOCH
This is exactly the kind of research I appreciate - thank you for clearing up the svchost issue.
It seems like the author didn't include the link to his hardening project, so I'll link it here.
I think the general rule of thumb is: if you plan on using Tor - then go with the Tor Browser and don't use Chromium as certification retrieval (on Windows) is unproxied. I'm not sure if the same applies for VPNs - I would assume that a VPN will route connections of svchost through the VPN.
However, on platforms such as Linux and perhaps even Mac, I think given the right custom setup, you can achieve comparable levels of privacy and security.
I haven't seen any indication that chromium has more telemetry by default than Firefox.
What I would like to find out is how the different browsers (default & hardened) compare against fingerprinting. There's not "a" metric for fingerprinting, but we can use a variety of tools and compare results within each tool.
As far as security goes, I think Chromium wins hands down. I did hear Firefox recently landed namespace sandbox support (Linux) but it's still disabled or not compiled-in for quite a operating systems.
That's true. The purpose of this website is to provide a simple entry level to a more private life on the internet. It's aimed at providing solutions that do no require custom configurations (often prone to errors).
The maintainers of projects like this one, where we try to cover a large and broad range of applications, are at the mercy of their community. This project is only as smart as its community. As a maintainer my job is to analyze the evidence and supplemental resources that are provided by the community.
I know my set of skills and I know that compared to the broad set of tools we're covering, many areas of my knowledge are lacking hence I rely on having people smarter than me around.
I attempt to be a judge - but again, in threads like these when there is a single narrative pushed like 'google is evil', I will resort to doing my own research rather than verifying the research provided to me by you guys.
I've recently been digging into Electron and Muon (I call it chromium with a twist), and I'm learning more of the nitty gritty. I've found isolated worlds to be an interesting feature, mostly because it's breaking my app hehe. I don't think Firefox supports that yet?
Also the namespace sandbox support is very debated issue - two divided sides - yet no clear answer.
@CHEF-KOCH you cannot disable all integrations from a vanilla Chrome/Chromium, even when using policies (which a regular user would not know how to accomplish anyways).
I agree that there is a lot of misinformation and a connection or data transfer to a Google server does not mean automatically that there is active spying going on (it never is a form of spying anyways if the user has accepted a contract). However let's stick to facts, shall we? Conflating the hyperbole "X is spying on me through these connections!!" to "there are no privacy concerns here" is flatly absurd and a FUD strategy by itself.
Facts (as I reckon):
We have nowadays this project (privacytools.io) and the projects you mentioned (of different quality and effectiveness) because of the failure (lack of interest/motivation/pressure in doing so?) at giving users (of any level of expertise) an easy choice on all the server-side integrations.
Since you mentioned that you are involved in Chromium development, let me ask this direct question: is there a Privacy cross-team panel that evaluates privacy concerns from the user perspective? I assume that you have a similar cross-team group of people for the security aspect of the browser, which is massively important.
If there is, can you elaborate on how big is the privacy evaluation group compared for example to some other group that works on the UI or anything else, and if it has importance and effectiveness in its reviews/vetoes?
This would tell a lot about the dynamics of privacy assessment in the development of the Chromium browser, but you probably cannot comment on this (and I understand); I hope you understand why I am asking this in first place.
In short: your project (chromium hardening), is it about security hardening or increasing privacy? Why is there a list of Firefox privacy scandals? I am not a fan or Firefox or anything, I am just asking why is that on-topic for a security hardening project, as I would have expected links to CVE rather than media coverage (all that media coverage to "disprove" and put other projects in a bad light makes it look like a gaslighting operation).
because the usage of the chromium engine does not in itself means that its privacy unfriendly, means that it should not be warned against like windows 10, which unlike chromium, IS always privacy unfriendly. closing issue.
first of all, we are about to list one chromium based browser because of the security benefits on android, and are still searching for an desktop one.
Second of all, which products do you think are listed because of popularity.
And as third, if you were in our shoes, what would you recommend ;).
I think you would like to see our current PR to improve the browser section, we list chromium based alternative bromite for android there, and firefox is a recommendation across all three platforms:https://github.com/privacytoolsIO/privacytools.io/pull/1256
The project now has a pretty stable team who constantly works on it, me included. So things will be a lot less about whats more popular, and more about actual facts. We are now also redoing most of the webpage, re-investigating listed software, and adding a clear minimum criteria, you can take a look at the vpn section, which was recently redone.
About being against a list of applications not to use, we are against those as well, as you can see in this issue we closed:https://github.com/privacytoolsIO/privacytools.io/issues/1264
In any case, the project has grown more mature now. so past things you saw that were annoying, should be much less of a problem nowadays.
First: I am sorry if you have been attacked on the internet for your opinions, everyone should (ideally) respect each other's opinions and be polite online. I felt compelled to write because I saw in your post some inexact statements and some of the techniques you criticise. But there is a simple way to dispel FUD (claimed or real): fact checking.
I am glad you agree that not all interactions with services can be disabled, because it is exactly what a lot of developers have figured out already. To give another little evidence: Chromium requires users to agree to ToS before starting using it because a lot of data transmission (think about metrics on the usage of various features, experiments etc) cannot be opted out. Thus, by law, the browser must ask user permission and/or it says that by starting to use it the user automatically agrees to service usage conditions.
One can argue till the end of time that there is no PII in such data, it does not matter: modern privacy legislation requires consent for almost any type of information exchange and that is exactly why user must accept (explicitly second GDPR, implicitly in most other countries) a service agreement.
It is IMO nothing else that a dark pattern, on a larger scale.
I proposed this versus listing opinion pieces. My critique/suggestion is that at least CVEs are recorded facts. Opinions do not go through the same criteria of acceptance as a CVE. I see you disagree with some CVEs; fine, they are still better than average Joe's opinion expressed in a blog post.
That is not what I asked. I asked whether they have steering power to protect user privacy. Security, it's a different beast. Treating the two altogether is damaging for both the privacy and security aspects (although privacy violations have begun being addressed as security violations).
It's not just that, Firefox markets itself to be better for this reason (as Brave does). Competing browsers do not have any other choice than to show that they are better in what the dominating browser is perceived to be worse. They locate the weakest aspect of the dominating browser and try to win there. Now, one could say that such user perception is completely manoeuvred by marketing and propaganda. I politely disagree; once again, the history of browser changes (in features) can tell us more than 1000 blog posts.
I agree with other parts of your posts, not cited here, for example regarding the more general role of this project and how to be of service to users.