-
-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check Certificate Transparency and reporting #1554
Comments
We should probably have all of them off.
I am going to need proof of this before any patch or change. Can you verify that reports are actually being sent from current Bromite? |
incredible... when is the windows version :) ?
Sure. I haven't seen anything about it yet, just marked. |
Currently all three features are disabled:
google is considering reactivating the feature in future versions (through
therefore, apart from the external reports to be deactivated, Certificate Transparency seems to me a positive thing to activate. Some technical documents in this regard:
Technically it works like this:
you find the various generators in
I provide you with the patch I made to check the code, then I modify you To check, you can use the developer tools, with active cts you have this: I hope I have not written incorrect things, and for my english, you know, it is the fault of the google translator :) |
Doesn't this code apply to all OSes?
Thanks for checking this.
So our patch about
We have to disable them all.
I am certain that there is no way that the browser can identify "reliable domains" (e.g. Google-owned domains).
I was trying to convey the same in the discussions of #995
Yes, I am aware of how this works; thanks for the recap, might be useful for others too.
Yes, I believe we should have this functionality and the update will happen as new Bromite releases are made. Most times there is a release within 10 weeks so this should not be a problem; we can study in future how to update this more often if needed (in case there is a big certificates revocation like it happened in the past for Symantec etc, it could be an useful feature). As for users proxying HTTPS: they would already have to enable the user certificates flag, doesn't that cover their use case already? |
in my opinion it's more prefetch (== data saver) which is anti-privacy, since it runs on external servers.
which code?
no, for chromium they are two different things.
if we decide to activate the CT, we will deactivate the reporting
I don't know, it must be verified, in my opinion not, as that is a hack of the code |
if you want, a patch is available |
Data saver is on its way out, finally.
I think ungoogled-chromium (by @Eloston & others) with is covering that pretty well; I would rather not. But in future if/when I release Bromite build tooling we could consider extending to build ungoogled-chromium with it as well.
I see it is already like this in your patch? e.g. the CT report is disabled, so CT works only in "passive" mode.
I will add your patch. |
fixed in 99.0.4844.55 |
Is your feature request related to privacy?
I don't know yet.
Is there a patch available for this feature somewhere?
No
Describe the solution you would like
I found other reports sent:
BUILDFLAG(IS_CT_SUPPORTED)
actually activeref https://github.com/GoogleChrome/CertificateTransparency/blob/master/ct_policy.md
Describe alternatives you have considered
none for now
The text was updated successfully, but these errors were encountered: