This is only a collection of user contributed notes. It will be reviewed, commented at a later time.
- 1 Firefox and Chromium Security
- 2 Chromium Doesnt give your Freedom of Modifications
- 3 Chromium and Google API keys
- 4 Chromium Unknown Licenses with automated tool
- 5 Distribution of Adobe "Pepper" Flash Player proprietary plugin
- 6 Chromium reduced capabilities to plugin with adblocker
- 7 Chromium: secretly stores referrer and URL for downloaded files
- 8 Chromium: unconditionally downloads binary blob
- 9 Questionable Chromium Privacy
- 10 Google Chrome and (weird) DNS requests
- 11 What Chromium features are removed for privacy/security reasons? (Done by Brave Browser)
Firefox and Chromium Security
Chromium Doesnt give your Freedom of Modifications
Chromium doesnt has the easiness of about:config in Firefox for e.g if you want to disable certain TLS ciphers its not possible because its not there, This will force the users to only stick to whatever comes by default.
Chromium and Google API keys
Chromium uses API resides in google, only keys shipped within Debian/Chromium .
Someone suggested this :
Why not modify chromium to read the api keys from a file, rather than
building them into the binary? The file could then be put in a separate package. If necessary in non-free.
This would have the additional benefit that those of us who want chromium to under no circumstances send every word we type and every website we visit to Google would no longer need to dig around in multiple prefereces dialogs to diable the multiple antifeatures enabled
by the keys.
Chromium Unknown Licenses with automated tool
Many of them comes with free software, but there is no indication all of them are . (+10 years ticket)
Distribution of Adobe "Pepper" Flash Player proprietary plugin
Chromium comes with proprietary abilities within itself one of them is Adobe Flash Player .
Chromium reduced capabilities to plugin with adblocker
Ad blocking poses an existential threat to publishers and big sellers of digital ads like Google — which is reported to have lost as much as $US6.6 billion in revenue to ad blockers last year.
Now one former Googler is fighting back against the blockers.
The move has angered Chrome users beyond belief, with many vowing to switch browsers, and many setting their eyes on Firefox, whose developers have been working to transform and rebrand the former fan-favorite into a privacy-first product.
But Google's planned Manifest V3 changes are being added to the Chromium base, meaning they'll also likely impact other Chromium-based browsers as well.
Chromium: secretly stores referrer and URL for downloaded files
Chromium: unconditionally downloads binary blob
Nasty bug,Got fixed .
Questionable Chromium Privacy
Chromium privacy infrastructure is basically Google :
Google Chrome and (weird) DNS requests
When Chrome is started it will lookup domain names for previously opened web pages early in the startup process so if the user clicks on one of those links Chrome can connect to the target site immediately.
What Chromium features are removed for privacy/security reasons? (Done by Brave Browser)
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
- https://lists.debian.org/debian-legal/2013/10/msg00021.html [archive]
- https://lists.debian.org/debian-legal/2013/10/msg00023.html [archive]
- https://bugs.chromium.org/p/chromium/issues/detail?id=28291 [archive]
- https://lists.debian.org/debian-legal/2013/02/msg00010.html [archive]
- https://www.businessinsider.com.au/former-google-exec-launches-sourcepoint-with-10-million-series-a-funding-2015-6 [archive]
- https://www.zdnet.com/article/opera-brave-vivaldi-to-ignore-chromes-anti-ad-blocker-changes-despite-shared-codebase/ [archive]
- https://green-possum-today.blogspot.com/2018/09/chromechromium-is-storing-url-and.html [archive]
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883746 [archive]
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 [archive]
- https://www.chromium.org/Home/chromium-privacy [archive]
- https://isc.sans.edu/diary/Google+Chrome+and+%28weird%29+DNS+requests/10312 [archive]
- https://sites.google.com/a/chromium.org/dev/developers/design-documents/dns-prefetching [archive]