-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Sware Iron #169
Comments
Are there any third party reviews of SRWare’s Iron? I am hesitant to just accept any fork of Chrome. If this is about getting a WebKit browser on the list I think I would prefer Midori (see #88). |
I'm using SRWare Iron for years, but I won't recommend for newbies. Iron is just like a Chromium(Chrome base), I'm using Iron because I am blocking google's domain and IP range Definitely, Iron is better than Chrome, but I say again: |
Are you saying it accesses Google services automatically without the user’s consent? If this is true than there is no way Iron will make it to the list. |
When I start Iron with "--incognito" (Privacy) option, it try to connect to:Request: exskdbvyfw/ wdvlhiylzo/And also, clients2.google.com AND clients4.google.com.
|
And another funny thing to tell you; I delete Google from Settings:Search section, and add Startpage, select as default. Sometimes, in the old version 26 (current is 27, which I'm using), If you select a word, and right-click it, it appears This is bad because everytime I didn't check these words. Select word -> First click -> I _will_move to Firefox, if,
|
The first random requests (e.g. The latter source also talks about another data leakage issue with Chrome. When is is guessing domain names it will request The request for While researching the above I found a topic that mentions
If this is true I would disqualify Iron too. Thanks for all your input @ikurua22. I think it is safe to say Iron will not be accepted on the list for now. @nylira, please close this issue. |
Since Chromium is OpenSource, and current quite a bit faster that the Fox, can't we just rip out the offensive bits and fork a NonNSA compliant Chromium? |
@sjalq, of course. If you were to make a fork of the browser that makes no external requests and it is scrutinized by experts (which might take some time…) than there is no reason it wouldn’t be included. But until we hear from experts about a WebKit based browser that protects your privacy PRISM-Break will stick with Firefox. Some good ones have been brought to our attention already, such as Midori. But they were either said to be buggy on several systems or have bad Tor integration. Something old and well tested like Firefox just feels better when you want to recommend something secure. |
Just to point out: there is Chromium code search, you can find aforementioned servers there. |
Can someone please go through the chromium code? I want to use it - it's much better than FF. Things that are better: faster, better html5 videos, better webrtc implementation, uptodate flash, safer sandboxing, etc, etc, etc .... |
@gothmog123 there are several projects out there that try to do this. SRWare Iron is one of them, but @ikurua22 found it didn’t do a very good job of it. (Also [1] and [2].) Another one that has recently gained publicity is the Epic Privacy Browser. But I haven’t seen any tests of it yet and therefore cannot recommend it. I also cannot find its source code anywhere. Note that these browsers are prone to overstating things in their marketing. E.g. I have no idea what the URLTracker is, as far as I know Chrome does not ‘track’ URLs in any real way, and the ‘RLZ-Tracking Number’ does not even exist in Chromium. Also, as far as the ‘uptodate flash’ is concerned, Flash is not included in Chromium. It is one of the things that Google adds to turn Chromium into Chrome. I have no idea if other Chromium builds (Iron, Epic, etc) include it or not. Other things you can look for are WebKit based browsers. WebKit is what Chrome is originally based on. (Nowadays they have forked WebKit into Blink). So these browsers are able to reach the same speeds and renderings as you are used to. If you can live with the instabilities you might want to give Midori a try, although it is not officially endorsed by PRISM Break (cf. #88). |
@Zegnat it is possible to run pepper flash in chromium in archlinux for example, where it's packaged for it. Sorry I didn't make it clear. I only have up-to-date flash in chromium because i use linux. Regular Linux flash plugin is not supported anymore by Adobe. Seems like EPB has no Linux support though... shame. Midori, nor any other browser, has nowhere near the web technologies support that chromium does. Anyway, you're right, it's not 'officially proven' that chromium spies on users, is it? Might as well use it. There is also the chromium privacy promise http://www.chromium.org/Home/chromium-privacy hehe |
Ah yes, the policy that states that if Chromium sends any data to Google, it is protected by Google's "privacy" policy. Which itself states that Google can do anything it wants with any data uploaded to its servers or services. e.g.: "We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads." http://www.google.com/policies/privacy/ Safe as houses! (Glass houses.) |
I don't know if that makes any difference, but I wrote an extension which can block those "behind-the-scene" requests: https://github.com/gorhill/httpswitchboard |
@gorhill, props for the nice looking extension. But is this able to block any of the requests the browser makes behind the scenes – rather than just those by websites? Does it see any of the clients*.google.com calls, or the random requests (e.g. |
It is able to block the behind-the-scene requests (hence the ability to turn off the feature, as I found out soon enough this was breaking chrome store from working properly). Obviously the extension can't block anything before it is loaded and working, so yes, whatever is sent before the extension is active can't be blocked. Otherwise when the extension is active, I've seen these web requests being blocked:
|
So is chromium safe to use now with this extension? Experts? |
@gothmog123, I don’t think it is safe, just safer than by default. It can still only block things sent after Chrome loads the extension and only the things that go through extensions are block-able. If Chrome decides to make behind-the-scenes requests these could easily be routed around it, it is also not clear if the random DNS requests mentioned earlier in this issue are even seen by it. |
Just for the record, Chromium !== Chrome. |
Err... what about aviator browser? |
@hoodanity If you think a case can be made for recommending it, please open a new issue with the suggestion (and why you think it should be included ) rather than tagging onto this old one about another browser. That will ensure it gets proper consideration and feedback. |
@hoodanity #882
|
#1311 Iridium browser. Also, just as a note, Chromium downloads a binary blob unconditionally: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909. Just another obstacle to getting it on prism break. |
The binary blob no longer automatically downloads. |
Hi all, |
Brave browser? It's chromium based. |
@gothmog123 Brave is a good potential candidate for PRISM-Break, but this issue is not the place for it. A new issue should be opened with that suggestion and some background on the project and why it's an appropriate recommendation. In the mean time this issue was about Sware Iron and should be left alone unless something changes in regard to that project. |
Hello, I am rather new to this. Are the default KDE browsers, konqueror and rekonq, safe for my privacy, and should they be added to prism-break ? Thanks |
@aznakh Please see the comment exactly above yours. Don't discuss other browsers in this thread. |
I'd like to note that no extension can block QUIC requests from Chromium, at least the last time I audited it. Since Google is migrating a lot of their privacy-busting requests to QUIC it's probably not ever going to be secure to use Chromium-based browsers. If it helps: last I checked, RLZ tracking is present in binary builds of Chromium, but not enabled by default in source builds. This is why most forks probably won't have it. |
(This has been moved over to https://gitlab.com/prism-break/prism-break/issues/169). |
QUIC - Wikipedia RLZ - Wikipedia |
@Hillside502 and @awilfox lets keep discussion on this at one place. The canonical location for issue discussion is now Gitlab. Can we please lock this issue? |
I followed a link from the site to this issue, but I haven't said anything since the move was noted. I don't need to be @'d. |
Some people would probably prefer a Chrome based browsed, because of the plug-ins or the performance.
The text was updated successfully, but these errors were encountered: