Differences between Iridium and Chromium

jengelh edited this page Jan 24, 2017 · 22 revisions

Differences between Iridium and Chromium

This page describes the changes we did in Iridium compared to the Chromium base version. Please note that this list might not be exhaustive, so always check the Git repository at https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/ for the latest changes.

The Releases page contains information about changes between the different versions of Iridium.

For the exact changes on code level see https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/tree/?h=patchview

Security improvements

  • Increase RSA keysize to 2048 bits for self-signed certificates (used by WebRTC)
  • Generate a new WebRTC identity for each connection instead of reusing identities for 30 days
  • Generate a new ECDHE keypair for each WebRTC connection instead of reusing them for multiple connections
  • Disable using system-provided plugins (i.e. Java, Flash, etc.)

Privacy enhancements

  • Disable "Use a web service to help resolve navigation errors"
  • Disable autocomplete through prediction service when typing in Omnibox
  • Always send "Do-Not-Track" header
  • Network/DNS prediction is disabled by default
  • Block third-party cookies by default
  • Link auditing (<a ping="...">) is disabled by default
  • Fetch plugins list from iridiumbrowser.de where it will be updated regularly
  • Site data (cookies, local storage, etc.) is only kept until exit, by default
  • Passwords are not stored by default
  • Input form autofill is disabled by default
  • For IPv6 probes, use a DNS root server instead of Google
  • The default search provider is Qwant
  • Load "about:blank" on new tabs instead of the currently set search engine and/or promotions.
  • Don't report Safe Browsing overrides.
  • Don't use autofill download service.
  • Disable cookies for safebrowsing background requests.
  • Disable the battery status API.

Disabled features

  • Disable background mode
  • Disable EV certificates, so they are shown just like "normal" certificates
  • Disable Google cloud printing
  • Disable Google hot word detection
  • Disable Google experiments status check
  • Disable Google translation service
  • Disable Google promotion fetching
  • Disable Google Clould Messagin (GCM) status check
  • Disable Google Now
  • Disable automatic update check
  • Disable profile-import on first run

Networking changes

  • Network/DNS prediction is disabled by default
  • Link auditing (<a ping="...">) is disabled by default

Other changes

  • Add DuckDuckGo search provider
  • Add Qwant search provider
  • Add certificate pinning for iridiumbrowser.de
  • Let user confirm downloading translation dictionaries from Google
  • Always prompt for download directory
  • Don't ask to send settings to Google by default on profile reset
  • Don't warn about missing API keys (services are not used anyway)
  • Iridium will show a warning bar when running possibly unwanted requests (trk prefix)
  • Show all extensions (including internals) in chrome://extensions.

Google Safe Browsing

Iridium has Google Safe Browsing enabled by default. This means within 5 minutes after start and then periodically every 30(?) minutes, a request to iridiumbrowser.de (keeps a cache of the GSB data) is made to update the safe browsing database. You can disable it at any time in the settings by unchecking “Privacy -> Protect you and your device from dangerous sites” (advanced settings) to avoid this request.