Skip to content
Branch: master
Commits on Nov 7, 2019
  1. common: set Iridium version and change User-Agent accordingly

    jengelh committed Jul 8, 2015
    Reduced version number:
    We do not use @build@ or @patch@, in particular not in the User-Agent
    As for the user agent, continue providing Chrome/* for possible
    compatibility checks by the browser and/or websites, since we
    really are still Chromium.
    Note to self:
    Update "Chromium/*" in UA string when updating chrome/version.
  2. Disable smooth scrolling on Linux

    jengelh committed Apr 24, 2017
    Smooth scrolling (while using mousewheel or arrow keys) is a really
    dumb idea. Text naturally appears as a blur while it moves, and the
    animation takes that-many milliseconds to finish, so it's a time
    waster too.
    Only the fallback setting, which is used on Linux, is changed; on
    Windows/MacOS, smooth scrolling remains controlled by a system
  3. all: add trk: prefixes to possibly evil connections

    jengelh committed Sep 30, 2019
    Prefix URLs to Google services with trk: so that whenever something
    tries to load them, the developer will be informed via printf and
    dialog about this infraction.
    If you see such dialog, we know that (a) either the URL needs to be
    whitelisted, or (b) the feature that triggered it needs to be disabled
    by default.
  4. first_run: barf if metrics_reporting is activated

    jengelh committed Oct 1, 2016
    This patch is for debugging purposes and is meant for discovering
    whether  despite our patching efforts  metrics_reporting is still
    enabled somehow, and if so, say so on stderr.
    Result: As of October 2014, metrics_reporting seems successfully
    disabled, as no message is emitted.
  5. icons: iridium icons

    jengelh committed Mar 6, 2016
  6. battery_status_service: disable more privacy nightmares

    jengelh committed Aug 4, 2015
    The W3C Battery Status API[1] has quite a laughable statement:
    "The information disclosed has minimal impact on privacy or
    fingerprinting, and therefore is exposed without permission grants".
    Along comes a paper "The leaking battery, A privacy analysis of the
    HTML5 Battery Status API."
    Clean up after the W3C and disable the battery status updater which
    could be used to identity users[2].
  7. extensions: always show component extensions in the ext list

    jengelh committed Jun 25, 2015
    The attached patch makes sure that component extensions are always
    shown in "chrome://extensions".
    Currently these are
    - Bookmark Manager
    - Chromium PDF Viewer
    - CryptoTokenExtension
  8. Make default welcome page be blank

    jengelh committed Sep 30, 2019
    Because replacing kChromeUIWelcomeURL with about:blank leads the
    browser to load some broken URL instead.
  9. search: show blank tab for new tab page

    jengelh committed Jul 6, 2015
    Avoid loading the search page everytime, just show a blank one instead.
  10. safe_browsing: disable cookie transmission

    jengelh committed Jul 22, 2015
    Disables sending/setting cookies for Safebrowsing requests. This
    prevents the long-living tracking cookie from being set.
  11. safe_browsing: disable reporting of safebrowsing override

    jengelh committed Jul 7, 2015
    Disables reporting of the safebrowsing override, i.e. the report sent
    if a user decides to visit a page that was flagged as "insecure".
    This prevents trk:148 (phishing) and trk:149 (malware).
  12. safe_browsing: disable incident reporting

    jengelh committed Jul 7, 2015
    Disables the safebrowsing incident reporting where you could upload
    information about a blocked URL to Google (also added a trk prefix to
    the URL so we get notified if this happens again in the future).
  13. updater: disable updater pings

    jengelh committed Jun 2, 2015
    Despite auto-updater being arguably disabled (see previous commit),
    Chromium would still send background requests. Kill it.
    (trk:170, trk:171)
  14. net: add "trk:" scheme and help identify URLs being retrieved

    jengelh committed May 19, 2015
    The Chromium codebase has left us with a number of suspect URLs, and
    we want to know if the browser attempts to contact those sites.
    This patch introduces a new scheme, "trk:", which, when attempted to
    being processed, will dump a warning onto the screen as the resource
    is loaded. All URLs we think are suspect are "blacklisted" by
    prepending the new scheme to an existing URL:
    	trk: (unnumbered old variant)
    	trk:0.1234:https://... (stderr only, no UI reporting)
    Upon seeing a warning, we then know to investigate further, and either
    (a) whitelist the URL, that is, remove the trk: prefix and not show
    the warning, and/or (b) disable the particular feature which caused
    the loading of the URL in the first place, by default.
    We hack up the URLFetcher class which sits in the network stack, and
    most of the URL that get loaded pass through here. The trk: prefix is
    stripped and processing continues with the inner URL.
  15. google-cloud-messaging: disable experiment status check

    jengelh committed Jun 1, 2015
    This avoids trk:263 from triggering.
  16. Remove EV certificates

    jengelh committed Apr 2, 2015
    The team chose to let EV certificates appear just like normal
    certificates. The web of trust is considered a failure in itself, so
    do not give users a false sense of extra security with EV certs.
    Instead, let them appear just like regular ones.
  17. plugins: use cached copy of plugin description list at iridiumbrowsin…

    jengelh committed Apr 2, 2015
    The list contains mimetype-to-plugin mappins, as well as blacklists
    for security-impeded old versions of plugins.
    To avoid contacing Google, let the UA use the plugin list hosted at
    iridiumbrowser. The Iridium project re-gathers these lists on a
    regular basis.
  18. updater: disable auto-update

    jengelh committed Feb 12, 2015
    As per ,
    the auto update function is decidedly disabled on Linux, i.e.
    the following patch is for Windows and MacOS.
    For Windows, all we need is to build without -DGOOGLE_CHROME_BUILD (cf.
    chrome/installer/util/, which may already be
    the case anyway, since we are based off Chromium, not Chrome.
  19. build: build the sandbox with PIE

    jengelh committed Jan 29, 2015
    (Position Independent Executable.)
    This patch originally from openSUSE, chromium-sandbox-pie.patch.
  20. prefs: use system-provided preference skeleton

    jengelh committed Jan 29, 2015
    This patch makes it possible for distributions to have a global
    default preferences file in /etc/iridium-browser/preferences that get
    copied over to ~ when the user starts the program for the first time.
  21. src: use cached copy of safebrowsing lists at

    jengelh committed Jan 26, 2015
    To avoid contacing Google, let the UA use safebrowsing lists hosted at
    iridiumbrowser. The Iridium project re-gathers these lists on a
    regular basis.
  22. first_run: deactivate autoupdate globally

    jengelh committed Sep 13, 2014
    We currently do not have any update service infrastructure in place
    (i.e. on our webserver), and sending update requests to Google also
    sounds meh (wrong provider, after all).
    Also, there is no tunable in chrome://settings (or similar) yet to
    turn it back on.
  23. prefs: use separate directory for config

    jengelh committed Nov 8, 2014
    Do not overwrite an existing Chromium configuration.
  24. prefs: disable translation service

    jengelh committed Oct 30, 2014
    When translation is enabled, the translation manager will request a
    list of supported languages from
    As it is Google, we do not want that, at least not without more
    explicit user action. One should visit
    instead to request translations via Google.
  25. search_engines: add DuckDuckGo as selectable and default search engine

    jengelh committed Oct 19, 2014
    The default default's seem to default to index 0 in the
    "engines_default" (or language-specific engines_XX) array, so
    prepending &duckduckgo yields the desired result, for now at least.
  26. prefs: always prompt for download directory by default

    jengelh committed Feb 13, 2015
    If the user opens a link, one of two things might happen. The URI
    resolves to a "web page" and will be displayed, then everything is
    good. Or it has a MIME type like application/* or so that causes the
    browser to consider it a file download instead.
    In that case, one of two things might happen. The browser may display
    a dialog box asking explicitly for an action, then everything is
    good. Or it does not and instead readily stores the file on disk.
    (Modern browsers also download the file in the background when waiting
    for the dialog box confirmation, but that is a separate tuning knob.)
    When the file is chosen to be immediately stored on disk without user
    interaction, the visual feedback for this may be rather miniscule.
    And then, you have to open a terminal or file manager again just to
    move the file to the location you wanted it to be in in the first
    TLDR: Do not let files sneak onto the disk too easily.
You can’t perform that action at this time.