Add Sware Iron #169

eloydegen opened this Issue Jun 26, 2013 · 30 comments


None yet

Maybe some people like Chrome, because plugins or the speed :P

Zegnat commented Jun 26, 2013

Are there any third party reviews of SRWare’s Iron? I am hesitant to just accept any fork of Chrome.

If this is about getting a WebKit browser on the list I think I would prefer Midori (see #88).


I'm using SRWare Iron for years, but I won't recommend for newbies.

Iron is just like a Chromium(Chrome base),
it also access to *

I'm using Iron because I am blocking google's domain and IP range
using Firewall, Peerblock, Router DROP packet system.

Definitely, Iron is better than Chrome, but I say again:

Zegnat commented Jun 26, 2013

Iron is just like a Chromium(Chrome base), it also access to *

Are you saying it accesses Google services automatically without the user’s consent? If this is true than there is no way Iron will make it to the list.


Are you saying it accesses Google services automatically without the user’s consent?
Yep. Chromium is just a Google-spyware.

When I start Iron with "--incognito" (Privacy) option, it try to connect to:

Request: exskdbvyfw/


And also, AND
Of course, I always disable these 2 things:

Predict network actions to improve page load performance
Enable phishing and malware protection


And another funny thing to tell you;

I delete Google from Settings:Search section, and add Startpage, select as default.

Sometimes, in the old version 26 (current is 27, which I'm using),
it modifies search engine to Google. Without user notice.

If you select a word, and right-click it, it appears
"Search Google for ***"

This is bad because everytime I didn't check these words.

Select word -> First click -> This webpage is not available (Because I block Google-Spyware)
-> Oh, again... -> Right-click words again -> "Search Startpage for ***" -> Okay...

I _will_move to Firefox, if,

  1. Firefox is more faster and lighter than Chrome-base browser
  2. Firefox don't connect to * automatically without user notice (BAD THING)
Zegnat commented Jun 26, 2013

The first random requests (e.g. exskdbvyfw and juxbzdzmzx) are done by Chrome to see if your ISP is messing with the DNS. These should not really hurt your privacy as your ISP already knows who you are and what your IP is. If you use a good DNS provider they will simply return NXDOMAIN and nothing has happened. In theory your DNS provider now knows you use Chrome (or any other Chromium based browser… has Opera copied this behaviour?) but nothing else happened. Sources: and

The latter source also talks about another data leakage issue with Chrome. When is is guessing domain names it will request (China) when you are writing I expect this to go for Chromium as well and thus possibly for Iron.

The request for is where the browser checks if any of your extensions need to be updated. You can chose not to use any extensions and it should go away. According to this thread ( I can’t find anything concrete about but I would guess it fills a similar use case. Neither have I been able to find a way to turn this off. Maybe never installing extensions from the internet but always manually installing them from your hard drive would work but I do not have the time to test this and we are not recommending Chrome anyway.

While researching the above I found a topic that mentions all the way to so we can assume they spread out their hits over several domains and servers. This same topic made the following comment (

Latest version SRWare Iron 11.0.700.3 phoned home during launch

If this is true I would disqualify Iron too.

Thanks for all your input @ikurua22. I think it is safe to say Iron will not be accepted on the list for now.

@nylira, please close this issue.

@nylira nylira closed this Jun 26, 2013
This was referenced Jul 19, 2013
sjalq commented Aug 31, 2013

Since Chromium is OpenSource, and current quite a bit faster that the Fox, can't we just rip out the offensive bits and fork a NonNSA compliant Chromium?

Zegnat commented Aug 31, 2013

@sjalq, of course. If you were to make a fork of the browser that makes no external requests and it is scrutinized by experts (which might take some time…) than there is no reason it wouldn’t be included.

But until we hear from experts about a WebKit based browser that protects your privacy PRISM-Break will stick with Firefox.

Some good ones have been brought to our attention already, such as Midori. But they were either said to be buggy on several systems or have bad Tor integration. Something old and well tested like Firefox just feels better when you want to recommend something secure.


Just to point out: there is Chromium code search, you can find aforementioned servers there.


Can someone please go through the chromium code? I want to use it - it's much better than FF.

Things that are better: faster, better html5 videos, better webrtc implementation, uptodate flash, safer sandboxing, etc, etc, etc ....

Zegnat commented Sep 15, 2013

@gothmog123 there are several projects out there that try to do this. SRWare Iron is one of them, but @ikurua22 found it didn’t do a very good job of it. (Also [1] and [2].)

Another one that has recently gained publicity is the Epic Privacy Browser. But I haven’t seen any tests of it yet and therefore cannot recommend it. I also cannot find its source code anywhere. Note that these browsers are prone to overstating things in their marketing. E.g. I have no idea what the URLTracker is, as far as I know Chrome does not ‘track’ URLs in any real way, and the ‘RLZ-Tracking Number’ does not even exist in Chromium.

Also, as far as the ‘uptodate flash’ is concerned, Flash is not included in Chromium. It is one of the things that Google adds to turn Chromium into Chrome. I have no idea if other Chromium builds (Iron, Epic, etc) include it or not.

Other things you can look for are WebKit based browsers. WebKit is what Chrome is originally based on. (Nowadays they have forked WebKit into Blink). So these browsers are able to reach the same speeds and renderings as you are used to. If you can live with the instabilities you might want to give Midori a try, although it is not officially endorsed by PRISM Break (cf. #88).


@Zegnat it is possible to run pepper flash in chromium in archlinux for example, where it's packaged for it. Sorry I didn't make it clear. I only have up-to-date flash in chromium because i use linux. Regular Linux flash plugin is not supported anymore by Adobe.

Seems like EPB has no Linux support though... shame.

Midori, nor any other browser, has nowhere near the web technologies support that chromium does.

Anyway, you're right, it's not 'officially proven' that chromium spies on users, is it? Might as well use it.

There is also the chromium privacy promise



Ah yes, the policy that states that if Chromium sends any data to Google, it is protected by Google's "privacy" policy. Which itself states that Google can do anything it wants with any data uploaded to its servers or services.


"We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads."

Safe as houses! (Glass houses.)

gorhill commented Nov 13, 2013

I don't know if that makes any difference, but I wrote an extension which can block those "behind-the-scene" requests:

Zegnat commented Nov 13, 2013

@gorhill, props for the nice looking extension. But is this able to block any of the requests the browser makes behind the scenes – rather than just those by websites? Does it see any of the clients* calls, or the random requests (e.g. exskdbvyfw and juxbzdzmzx)?

gorhill commented Nov 13, 2013

It is able to block the behind-the-scene requests (hence the ability to turn off the feature, as I found out soon enough this was breaking chrome store from working properly).

Obviously the extension can't block anything before it is loaded and working, so yes, whatever is sent before the extension is active can't be blocked. Otherwise when the extension is active, I've seen these web requests being blocked:

  • http://suggestions/ (???... after entering the word "suggestions" in omnibox while using as search engine)
  • [I remember an oauth2 request at some point, I suspect it was related to "signing in" to chromium, I will write down here when I see this again]
  • [I will add more here as I find new ones]

So is chromium safe to use now with this extension? Experts?

Zegnat commented Dec 17, 2013

@gothmog123, I don’t think it is safe, just safer than by default.

It can still only block things sent after Chrome loads the extension and only the things that go through extensions are block-able. If Chrome decides to make behind-the-scenes requests these could easily be routed around it, it is also not clear if the random DNS requests mentioned earlier in this issue are even seen by it.

gorhill commented Jan 6, 2014

after Chrome loads the extension

Just for the record, Chromium !== Chrome.

This was referenced Feb 24, 2014

Err... what about aviator browser?

alerque commented Aug 7, 2014

@hoodanity If you think a case can be made for recommending it, please open a new issue with the suggestion (and why you think it should be included ) rather than tagging onto this old one about another browser. That will ensure it gets proper consideration and feedback.

vyp commented Aug 7, 2014

@hoodanity #882

  • proprietary
  • only supports proprietary operating systems (windows, mac)

#1311 Iridium browser.

Also, just as a note, Chromium downloads a binary blob unconditionally: Just another obstacle to getting it on prism break.


The binary blob no longer automatically downloads.

i90rr commented Sep 9, 2015

Hi all,
PaleMoon should definitely be on the list; project's lead as well its community are though defenders of privacy and surfing freedom -- they even decided to not include WebRTC because the privacy issues and potential security issues involved.

alerque commented Sep 9, 2015

@msx This issue is for discussion of Sware Iron, not Palemoon. Please see issue #1385 and review the discussion to date and then comment there if you have something to add.

@Synzvato Synzvato referenced this issue in Synzvato/decentraleyes Apr 4, 2016

Add support for Chromium-based browsers #1


Brave browser? It's chromium based.

alerque commented May 7, 2016

@gothmog123 Brave is a good potential candidate for PRISM-Break, but this issue is not the place for it. A new issue should be opened with that suggestion and some background on the project and why it's an appropriate recommendation. In the mean time this issue was about Sware Iron and should be left alone unless something changes in regard to that project.

aznakh commented May 29, 2016


I am rather new to this. Are the default KDE browsers, konqueror and rekonq, safe for my privacy, and should they be added to prism-break ?



@aznakh Please see the comment exactly above yours. Don't discuss other browsers in this thread.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment