• @kakes@sh.itjust.works
    link
    fedilink
    English
    1178 months ago

    It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.

        • @kava@lemmy.world
          link
          fedilink
          English
          118 months ago

          I remember back in the day everyone used Firefox. Then Chrome came out and there was a nice ad campaign and it was actually way faster.

          Then slowly everyone switched to Chrome. At some point in the last 15 years, it switched to Firefox being superior.

          I switched back to Firefox maybe like 7~ years ago? But I did it for open source reasons.

  • @nyan@lemmy.cafe
    link
    fedilink
    English
    1508 months ago

    Would everyone who is surprised by this please raise your hand? . . . That’s what I thought.

    • @sigmaklimgrindset@sopuli.xyz
      link
      fedilink
      English
      728 months ago

      What functionality would I lose/gain if I switch from Firefox to Librewolf? I’m admittedly an amateur in the privacy space, and I’ve been pretty content with Firefox + Ublock and container tabs for different profiles, but I consistently get the issue that my browser fingerprint is pretty unique, and I have no idea how to or even if I can anonymize that anymore.

      • @Imgonnatrythis@sh.itjust.works
        link
        fedilink
        English
        448 months ago

        Librewolf is not associated with Mozilla and does not receive their primary source of funding from Google like Mozilla does. I really like having the same browser and browser synchronization between my phone and desktop/laptop, so librewolf is out for me. They have no interest or resources to build an Android version. Waterfox does at least have desktop / android option and takes things at least one small step further away from Google.

        • Andromxda 🇺🇦🇵🇸🇹🇼OP
          link
          fedilink
          English
          19
          edit-2
          8 months ago

          It is the same browser. LibreWolf doesn’t change much of the Firefox code, mostly just the configuration. They enable various privacy/security settings by default and remove Mozilla telemetry. You can go to the LibreWolf settings and enable Firefox Sync, and it will work just fine with your Mozilla account and other Firefox browsers.

          For Android, I like to use Mull, it’s a hardened build of Firefox, similar to LibreWolf.

        • @sigmaklimgrindset@sopuli.xyz
          link
          fedilink
          English
          58 months ago

          Thanks for the answer! I run Windows, iOS and Linux across multiple devices, and sync is definitely needed for me as well. I’ll look into Waterfox!

          • Andromxda 🇺🇦🇵🇸🇹🇼OP
            link
            fedilink
            English
            118 months ago

            The previous answer is misleading and partially just wrong. Firefox Sync works just fine in LibreWolf, you just need to enable it in the settings. I currently sync my LibreWolf browser on my Linux desktop to Firefox on iOS and Mull on Android, no issues whatsoever. The only Mozilla services that LibreWolf intentionally removes are their telemetry and Pocket.

      • Mkengine
        link
        fedilink
        English
        158 months ago

        Switching from Firefox to Librewolf has some pros and cons. Librewolf is a fork of Firefox focused on privacy and security, with telemetry stripped out and privacy settings maxed out by default. You’ll gain better out-of-the-box privacy protections, meaning less tracking and data collection without having to tweak settings yourself.

        However, you might lose some convenience. Librewolf might not support certain Firefox features like Sync, since it relies on Mozilla’s servers (not sure about that point, maybe it does work). It can also break some websites due to the stricter privacy settings. Another thing to consider is that you won’t get updates as quickly as Firefox.

        Regarding browser fingerprinting, it’s a tricky beast. Librewolf can help somewhat by making your fingerprint less unique, but it’s not a silver bullet. Tools like uBlock Origin and container tabs are great, but adding something like the CanvasBlocker extension can also help reduce fingerprinting. Ultimately, no setup is perfect, but Librewolf is a solid step towards better privacy.

      • @Danitos@reddthat.com
        link
        fedilink
        English
        168 months ago

        Tangent note: I think browser fingerprinting is only a source of concern if you use VPN. Otherwise, your IP is already a good enough identifier, and quite likely doesn’t rotate often enough. Please someone correct me if I’m wrong.

        • @kava@lemmy.world
          link
          fedilink
          English
          18 months ago

          Yeah I’d only worry about it if I were trying to buy drugs on the dark net or something. I guess if torrenting became illegal I would also worry.

            • @kava@lemmy.world
              link
              fedilink
              English
              1
              edit-2
              8 months ago

              It’s sort of legally gray but generally speaking in the US downloading is a civil offense but not a criminal one. You can get sued by the copyright holder for example but you won’t end up in jail over it.

              People usually never get sued for it because it’s not worth it for Comcast to pay for lawyers to try and extract any money out of regular people. Not only will they almost certainly be unable to even recoup the lawyer fees, they risk getting a lot of bad PR for no gain.

              What’s usually considered an arrestable offense is uploading aka distribution. Once you start hosting seedboxes then you enter the area where you’re liable to go to prison.

            • @Mongostein@lemmy.ca
              link
              fedilink
              English
              2
              edit-2
              8 months ago

              Torrenting itself is not illegal. The distribution of copyrighted material that you don’t own is the illegal part.

            • @kava@lemmy.world
              link
              fedilink
              English
              1
              edit-2
              8 months ago

              I appreciate the list. I’m not saying there aren’t valid concerns, just that in my day to day life it’s one of those items where the steps needed to avoid browser fingerprinting is usually more work than the value I personally get from my perspective.

              I’ve looked into this, and I’m not clueless. I’ve developed websites, I’ve done a lot of stuff with Selenium / Puppeteer, and have toyed with Firefox browser extensions.

              I understand the tools they use and it’s just very tricky to fully eliminate this type of thing. For example they can even use the browser window size. Are you going to randomly change window size to some novel dimension when you open up a tab?

              What about the JS engine you use. For example using Firefox already narrows down your anonymity by like 95% or something because only a small amount of users use the browser. Etc etc

              It’s hard to do this correctly, and I feel like VPN + private window usually takes care of the price fixing thing on the list, for example. When I’m searching for flights I usually do this.

              I also use JS blockers in order to try and mess up the scripts that Facebook & Google have hidden over the internet to track you. But ironically, doing that again reduces your anonymity. They know that if their scripts don’t work on you, you get narrowed down again to a very small % of users.

              It only takes a few of those pieces of data to be reasonably sure that it’s you. Browser fingerprinting is tricky to really avoid. It’s not impossible, of course. Just saying to really do it right it might be more effort than it’s worth.

              • @brbposting@sh.itjust.works
                link
                fedilink
                English
                2
                edit-2
                8 months ago

                The depth of fingerprinting really bothers me and I have accepted that the best at it will succeed.

                It is tempting to find the world’s most popular default configuration and use that :) But that’s prob be something gross like Windows 10 & Chrome! In fact, that’d be second after Android & Chrome. Wonder how detectable VMing/emulating those configurations would be.

                Agree with you and appreciate the detailed response!

      • @TheGrandNagus@lemmy.world
        link
        fedilink
        English
        28 months ago

        Mostly it’s just FF but with more private defaults (that you can change in the settings trivially anyway), although there are one or two extras.

        There is a potential issue, though. Librewolf runs behind, so security vulnerabilities, particularly for zero-day exploits, take longer to be patched.

      • @PetroGuy@lemmy.ca
        link
        fedilink
        English
        28 months ago

        if it’s fingerprinting you care about, i’d give mullvad browser a try. it’s a firefox fork tailored to increase privacy and blend you into the crowd (as long as you don’t change any setting/install addons). it’s very very neat.

  • @faltryka@lemmy.world
    link
    fedilink
    English
    108 months ago

    Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?

  • @cubism_pitta@lemmy.world
    link
    fedilink
    English
    598 months ago

    Google does a lot of standards breaking things.

    Like allowing a link on Google Apps Marketplace to open a new window (like popup) with POST instead of GET. (This pretty much ensures that buying an app will fail for browsers that follow the spec)

    • Victor
      link
      fedilink
      English
      38 months ago

      This garbage behavior is in Chromium as well?

  • @Imgonnatrythis@sh.itjust.works
    link
    fedilink
    English
    498 months ago

    Ianal, but this sounds like something worthy of suing their ass over. There’s not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.

  • NutWrench
    link
    fedilink
    English
    468 months ago

    I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

      • Tywèle [she|her]
        link
        fedilink
        English
        08 months ago

        For ease of use Apple might be the most convenient alternative to Google. At least for smartphones.

        • @moonburster@lemmy.world
          link
          fedilink
          English
          38 months ago

          Ease of use and apple are not near each other in my dictionary.

          I think a lot of things are designed very unlogical

          • Tywèle [she|her]
            link
            fedilink
            English
            38 months ago

            That might be because you are just not used to it. Comparable to the switch from Windows to Linux.

            • @moonburster@lemmy.world
              link
              fedilink
              English
              38 months ago

              I’m using Linux and tried different distros. I also used chrome os and windows Phone. I tried ios, hence my feelings towards it

              • Tywèle [she|her]
                link
                fedilink
                English
                18 months ago

                And many people tried Linux and were having difficulties adapting to it at first and most probably gave up. Just like you did with iOS.

                • @moonburster@lemmy.world
                  link
                  fedilink
                  English
                  18 months ago

                  Pff, sure buddy. Used it for 4 months due to my phone being dead. Go shill someone else. If the adoption of a new os goes against what I want of said os, then it’s not an os for me. Simple as that

    • @flop_leash_973@lemmy.world
      link
      fedilink
      English
      148 months ago

      In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.

    • Andromxda 🇺🇦🇵🇸🇹🇼OP
      link
      fedilink
      English
      98 months ago

      I already ditched Windows for Linux a month ago because of spyware.

      Great!

      Everything Google-related is next.

      Even better.

      My phone is going to be the hardest thing to de-infest.

      If you plan on getting a new phone soon, I recommend a Google Pixel, on which you can install GrapheneOS. Yes, ironically Google devices are the best for installing alternative operating systems and removing all the Google BS. GrapheneOS is completely free and open source, and based on the Android Open Source Project. It incorporates many privacy and security enhancements, and gives you total freedom and control over your device. In my opinion, it’s the best option for degoogling a phone.

    • @asdfasdfasdf@lemmy.world
      link
      fedilink
      English
      58 months ago

      I’m also doing this. Proton is amazing, for the most part. Ente Photos is also incredible for ditching Google Photos, although I’ll probably switch to Proton Photos when that comes out since Ente is pricey.

      • @pathief@lemmy.world
        link
        fedilink
        English
        28 months ago

        Isn’t proton photos built into their Proton Drive already? It’s implementation is… barebones… On Android but it works.

        • @asdfasdfasdf@lemmy.world
          link
          fedilink
          English
          18 months ago

          It is, but I’d barely consider it a launch of anything. It displays photos, but that’s it. I could already upload and view photos on Proton Drive before they “launched” this.

      • Tywèle [she|her]
        link
        fedilink
        English
        18 months ago

        Or if you have the skills you can selfhost Immich which is an excellent replacement for Google Photos.

    • @CheeseNoodle@lemmy.world
      link
      fedilink
      English
      18 months ago

      Honestly I just keep my phone as my designated privacy nightmare so I can get free phone calls on wifi and keep in touch with family members who are still on facebook.

    • @nossaquesapao@lemmy.eco.br
      link
      fedilink
      English
      78 months ago

      Welcome to the world of freedom. The first months may be a bit uncomfortable, but it’s a journey worth taking. Be welcome!

    • GoogleSellsAds
      link
      fedilink
      English
      378 months ago

      Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn’t surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn’t news for no reason. Don’t trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).

        • GoogleSellsAds
          link
          fedilink
          English
          18 months ago

          People don’t hate Google as much as they should. It’s cringeworthy how much they promote this ad company on this platform. They don’t even realze themselves they got comprised.

        • 𝕸𝖔𝖘𝖘
          link
          fedilink
          English
          58 months ago

          Yeah, I’m not super happy about that part, but don’t really know what to do

            • 𝕸𝖔𝖘𝖘
              link
              fedilink
              English
              28 months ago

              It’s what I do. With degoogled os. But the proprietary blobs aren’t filling me with confidence.

              • @Emerald@lemmy.world
                link
                fedilink
                English
                38 months ago

                Does your laptop run free software boot firmware? If not, it has the same issues as a phone, if not more. No smartphone runs fully free firmware.

                • 𝕸𝖔𝖘𝖘
                  link
                  fedilink
                  English
                  18 months ago

                  I know all this and that’s not filling me with confidence, either. It’s why Framework is in my sights.

      • Andromxda 🇺🇦🇵🇸🇹🇼OP
        link
        fedilink
        English
        38 months ago

        I fucking hate Google and wouldn’t use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It’s based on the open RISC-V architecture, and it’s the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the “Secure Enclave” in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that’s a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can’t really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple’s Secure Enclave is also based on ARM, as well as Snapdragon’s SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn’t use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.

          • Andromxda 🇺🇦🇵🇸🇹🇼OP
            link
            fedilink
            English
            18 months ago

            Ah yes, definitely promoting Google

            I fucking hate Google and wouldn’t use any of their (proprietary) software

            I hope you realize how dumb your comment is

      • @Emerald@lemmy.world
        link
        fedilink
        English
        68 months ago

        Well pretty much all computers have a backdoor to the CPU. That hasn’t been proven for Pixel phones though.

  • @_sideffect@lemmy.world
    link
    fedilink
    English
    208 months ago

    Why do people still use Chrome?

    Please uninstall it from everyone’s home pc and phone that you come into contact with

    • @Tja@programming.dev
      link
      fedilink
      English
      268 months ago

      Because it’s fast and works well enough to keep the fame acquired over the last 10 years.

      • @_sideffect@lemmy.world
        link
        fedilink
        English
        58 months ago

        At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.

        • @IronKrill@lemmy.ca
          link
          fedilink
          English
          6
          edit-2
          8 months ago

          Which is invisible to users, meaning they can ignore it or handwave it with “I haven’t got anything to hide”.

          • @RobotZap10000@feddit.nl
            link
            fedilink
            English
            4
            edit-2
            8 months ago

            Or worse, “They already know everything about me, so why bother?”. One of my relatives says this. Kill me now.

        • @Tja@programming.dev
          link
          fedilink
          English
          88 months ago

          I use both for my job and my subjective feeling is that chrome is faster. Js benchmarks seems to confirm it. Privately I use Firefox 95% of the time but I understand people who stay on chrome just out of inertia.

        • @IronKrill@lemmy.ca
          link
          fedilink
          English
          38 months ago

          There was a short period a few years ago after the Quantum update that I would have partially agreed, because Firefox’s renderer was much smoother. But Chrome seems to have caught up, because it’s been much faster every time I test something in it in the yesrs since.

        • Victor
          link
          fedilink
          English
          58 months ago

          I’m a Firefox user on desktop and mobile, and I definitely feel like Chrome is faster on both platforms when I (have to) use it. But I prefer Firefox for the ideology and dev tools (on desktop), since I’m a web developer by trade, so the dev tools make a big difference for me.

  • @ComeHereOrIHookYou@lemmy.world
    link
    fedilink
    English
    94
    edit-2
    8 months ago

    This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use

  • @T156@lemmy.world
    link
    fedilink
    English
    168 months ago

    Does this also affect Chromium, or is it just Google Chrome?

    The article mentions it being affecting Google Chrome through Chromium, but it’s not clear if it also affects Chromium on its own, or other Chromium-based browsers.

    • Krzd
      link
      fedilink
      English
      258 months ago

      It allegedly also affects Edge and Vivaldi, so it seems to be chromium not chrome

    • Jay
      link
      fedilink
      English
      78 months ago

      Chromium alone depends on if it’s the Google version or the Un-Googled version. For the Google version of Chromium, it still has that hangouts extension. However, the Un-Googled Chromium has that extension removed via the build flags, the one to note is enable_hangout_services_extension=false.

      As others have said though, it can also depend on what other Chromium-based is being used. Some browsers like Brave and including Vivaldi can have this turned off in the settings. Others like Edge and Opera are affected as well. However it doesn’t affect every Chromium-based browser.

  • @trolololol@lemmy.world
    link
    fedilink
    English
    15
    edit-2
    8 months ago

    This that and the article are very light on details, but I couldn’t find an article deeper in details

    My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

    Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

    • Andromxda 🇺🇦🇵🇸🇹🇼OP
      link
      fedilink
      English
      98 months ago

      My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

      That’s strange, I’ve never heard of that before

      Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

      There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.

      Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.

      This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).

        • Andromxda 🇺🇦🇵🇸🇹🇼OP
          link
          fedilink
          English
          48 months ago

          OP apparently needs Chrome to log into an enterprise GSuite account, which has specific requirements, that are enforced by Chrome’s enterprise policy system. I don’t think this works in Chromium.

          • @beeb@lemm.ee
            link
            fedilink
            English
            38 months ago

            Oh I didn’t catch that my bad. I hope they get a work computer where this kind of stuff doesn’t interfere with private life!