From Whonix

< Dev

This is only a collection of user contributed notes. It will be reviewed, commented at a later time.

Firefox and Chromium Security[edit] [archive]

Chromium Doesnt give your Freedom of Modifications[edit]

Chromium doesnt has the easiness of about:config in Firefox for e.g if you want to disable certain TLS ciphers its not possible because its not there, This will force the users to only stick to whatever comes by default.

Chromium and Google API keys[edit]

Chromium uses API resides in google, only keys shipped within Debian/Chromium [1].

Someone suggested this [2]:

Why not modify chromium to read the api keys from a file, rather than

building them into the binary? The file could then be put in a separate package. If necessary in non-free.

This would have the additional benefit that those of us who want chromium to under no circumstances send every word we type and every website we visit to Google would no longer need to dig around in multiple prefereces dialogs to diable the multiple antifeatures enabled

by the keys.

Chromium Unknown Licenses with automated tool[edit]

Many of them comes with free software, but there is no indication all of them are [3]. (+10 years ticket)

Distribution of Adobe "Pepper" Flash Player proprietary plugin[edit]

Chromium comes with proprietary abilities within itself one of them is Adobe Flash Player [4].

Chromium reduced capabilities to plugin with adblocker[edit]

Ad blocking poses an existential threat to publishers and big sellers of digital ads like Google — which is reported to have lost as much as $US6.6 billion in revenue to ad blockers last year.

Now one former Googler is fighting back against the blockers.


The move has angered Chrome users beyond belief, with many vowing to switch browsers, and many setting their eyes on Firefox, whose developers have been working to transform and rebrand the former fan-favorite into a privacy-first product.

But Google's planned Manifest V3 changes are being added to the Chromium base, meaning they'll also likely impact other Chromium-based browsers as well.


Chromium: secretly stores referrer and URL for downloaded files[edit]

Can have impact on privacy and security [7], Bug was fixed later [8].

Chromium: unconditionally downloads binary blob[edit]

Nasty bug,Got fixed [9].

Questionable Chromium Privacy[edit]

Chromium privacy infrastructure is basically Google [10]:

"Additional Information on Chromium, Google Chrome, and Privacy Features that communicate with Google made available through the compilation of code in Chromium are subject to the Google Privacy Policy."

Google Chrome and (weird) DNS requests[edit]

This is part of chromium/chrome design [11] [12]:

When Chrome is started it will lookup domain names for previously opened web pages early in the startup process so if the user clicks on one of those links Chrome can connect to the target site immediately.

What Chromium features are removed for privacy/security reasons? (Done by Brave Browser)[edit]

- Disable google services in privacy settings #244 [archive]

- Disable Prediction Service - DNS prefetching #340 [archive]

- Disable Chrome Google URL Tracker #248 [archive]

- On startup disable connections to google domains #514 [archive]

- Disable chrome.webstore.install for inline extensions #614 [archive]

- Disable anchor ping attribute #764 [archive]

- Disabling getBattery | bluetooth | credential.get/store | navigator.usb apis #114 [archive]

- Disable network time tracker #792 [archive]

- Block ChromeMetadataSource network access #769 [archive]

- Remove repository from Linux packages #1078 [archive]

- Disabling metrics reporting; Updating ad-block deps to fix audit_deps error; Updating crypto deps to fix audit_deps error; #2029 [archive]

And Others you can check them here here [archive].

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables [archive]. Please come and introduce yourself in the development forum [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.