-
-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate showing update notification #706
Comments
Some people do it with Tasker: https://www.reddit.com/r/tasker/comments/iduriz/bromite_updater/ |
what about reactivating omaha? here https://source.chromium.org/chromium/chromium/src/+/master:chrome/android/java/src/org/chromium/chrome/browser/omaha/RequestGenerator.java;l=35 the request and here https://source.chromium.org/chromium/chromium/src/+/master:chrome/android/java/src/org/chromium/chrome/browser/omaha/ResponseParser.java parsing the response in android it seems the necessary ui is already present |
I guess you already know, but here's the patch ready to use or maybe I misunderstood what you are asking? |
Yes, that was my plan. And point it to the GitHub releases.
No, I did not know. This could be usable, but I wanted to use the same mechanism used for the AdBlock filters: a check on This is how it would work:
The logic above pretty much all exists for the current AdBlock filters patch. If you are interested you could port the patch; if you find the logic above too complicated I can add it later myself. We will also need a mechanism to disable the auto-updates, and #691 becomes even more important (we should not perform update checks before that exists and is accepted; ideally we would even put a checkbox there for people to disable update checks from the get-go). |
no problem
I don't know, I have to take a closer look. that patch is all java side, I would be more interested in reactivating the native, because it may be necessary to reactivate the EDIT: and I checked, the component_updater has nothing to do with it (here the registration of components https://source.chromium.org/chromium/chromium/src/+/master:chrome/browser/component_updater/registration.cc;l=86;bpv=0;bpt=1). so two possibilities, either use that patch, or duplicate the adblock logic |
@csagan5 i am working on this now. the idea is to use as a suffix TARGET_CPU taken from the gn args, but I can't find |
Fixed in |
@uazo I am thinking that it would be best to enable the auto-update by default; I am generally against any update functionality enabled by default but I am thinking that it would be beneficial for the average user and right now it is practically impossible to discover this feature. When we implement #691 we could let the user toggle this on/off there on the first run welcome screen (and toggle also adblock filters updates, which is currently enabled by default and does not ask for permission: directly downloads the new filters). From privacy perspective it is still the same liability as the filters: GitHub collecting IP address and user agent (nothing else); this is already covered in https://www.bromite.org/privacy @uazo what do you think? |
fully agree.
yes, next step, I am looking - in the free time of the free time :) - for which way that costs less to develop and maintain.
but aren't there really privacy friendly proxy services that we can use for these things? |
I will enable it on next release.
No worries; I might also try, but cannot say when, feel free to assign it to yourself if/when you start.
It is unnecessary: the proxy can also gather the same information, and most proxies/VPNs are bad actors because they sell this information. The footprint is small (IP address + headers), and since there are no cookies I don't think that the information can be used for anything nefarious; I have read their privacy policy multiple times, they would only be able to tell that this IP connected at this time with this user agent. Ultimately the only reasonable thing to do is tell users to go read such policy in the welcome screen, so they make a conscious choice about what interactions with GitHub servers are enabled or not. I would be more concerned about vulnerable users in hostile countries where a "ping" to GitHub can be seen as something subversive if that country has blocked GitHub, but this should be addressed by #691 and anyways we advise in README that such users shall not use Bromite. |
look what I found. |
This post does not link to that repository, how is it a source for that?
It is snake oil. It contains two proposals:
You can stop reading there. It needs trust on a server; the browser has no authority to trust a server (the near-path NAT server) over another (GitHub), thus delegates the user to choose. That is because the browser is an user agent.
Again this requires trusting a certain server over another, and the browser has no authority on that. |
happened by chance here, one of the links in the Chrome Privacy Sandbox section
Sure, you are right |
Do they link to this repository? https://github.com/bslassey/ip-blindness I cannot find the link. |
wow, yes it was there, but now it's gone ... |
Yes, so it is a Google-backed proposal and it has the problems I outlined before. To my eyes this is still not a serious effort at providing any privacy to the user. |
Investigate whether it's feasible to use the update icon with some simple update mechanism (like the adblock filters do).
The text was updated successfully, but these errors were encountered: