I’m not the original person you responded to, but I am going to go out on a limb here and say that I disagree. While I personally do not think that all Chromium browsers (especially since there are projects like ungoogled-chromium) transmit your personal data, I can’t verify this myself because the Chromium codebase is far too much of an undertaking for myself to review.
While the same is also true for Firefox (and really any potential open source browser), on a pure personal-trust factor I trust Mozilla/Firefox to be more caring about protecting my personal data than I do Google, who literally revolves around data collection. Inevitably its a moot point for me since I do use Google services anyways, but I don’t think its that far reaching for someone who potentially doesn’t to take the original person’s stance.
While I personally do not think that all Chromium browsers (especially since there are projects like ungoogled-chromium) transmit your personal data, I can’t verify this myself because the Chromium codebase is far too much of an undertaking for myself to review.
Don’t you think that, with so many contributors and projects having eyes on it (arguably more so than on gecko), if there was foul play wouldn’t anyone have sounded the alarm?
but they did sound the alarm? Debian took Chromium out of their repos for a time because they found unreported telemetry sent encrypted back to Google. All the info is on the net. You just need to read it.
Argh, I originally finished typing out a reply and went to upvote your reply - which apparently causes Lemmy to close the reply box, sending my original reply to /dev/null, sigh…
What I was originally going to say, in a more abridged version is that plenty of people audit and review open source libraries such as OpenSSL which ended up having a massive vulnerability that no one knew about in the form of Heartbleed for two years - so while its possible someone would ring the alarm bell on Chromium, its also possible that they wouldn’t (through no fault of their own).
At the end of the day, I still believe that my own personal trust in a project is going to trump the stamp of approval from people that I have zero connection to. There have been countless times in my life where someone said that X was okay, and I blindly trusted them instead of relying on my own judgment only to inevitably bitten in the ass when they ended up being wrong. Even down to medications that I’ve taken in the past that were deemed fine by multiple doctors, which have now resulted in me having permanent negative side effects that I’ll have to deal with for the rest of my life.
I appreciate your level headed reply (as opposed to the passive aggressive “people do not understand chromium is NOT CHROME” reply), and to your credit I would say its probably significantly harder to forget to remove a ton of telemetry from a project than it is to not catch one line of code that accidentally causes a massive vulnerability to a project - but if Firefox works just fine for me, I don’t see a need to even have to take a (probably small) gamble on Chromium.
I don’t even advocate to others that they shouldn’t use Chromium for the reason that was listed in the top parent comment (usually if someone does ask me how I feel about my choice of browser, I will tell them that I prefer Firefox because it doesn’t have a dominant position of marketshare over web standards), but I did feel it was worth retorting that the parent comment was in fact, not really a “ridiculous position to take”.
Fair enough! FWIW, I also think your stance on the matter is fairly level-headed and well thought out, even if I’m more or less on the other side of the fence.
You don’t need to trust us. Trust Google, they are telling you legally if you want to listen.
Also, look up the handful of open bugs on the Debian but tracker, where known people, with name and faces (I’ve met some on conferences), showcase and share how Chromium calls home and sends encrypted data. They share their Wireshark logs.
Look up how Debian removed Chromium for a time, until some of it got removed upstream.
And all of this doesn’t mean that Google cannot re-introduce it or add different approaches in new updates.
Plus, Google actively creates and pushes for their “standards” via Chrome(ium), which allows them to push for even more surveillance.
In addition, Chromium is not a community project. It’s developed behind closed doors, with a secret roadmap, and a code dump happens on release. That’s no way to develop the 90% of web browser market that society needs in this day and age. But, don’t think you will care about that, do you? you are happy with papa Google for the foreseeable.
You don’t think Google themselves admitting that Chromium has the same privacy notice is substantial? What more could you possibly need?
What’s worse is that Vivaldi took an open source browser with a bunch of privacy concerns, added some things and closed the source. And you think it’s somehow less of a cause of concern.
Google does not and cannot have any control over any Chromium forks
That is not true. I remember several chromium-based browser developers saying for several changes made by google to chromium that they can’t afford the maintenance burden to reverse it.
One instance of that happening is switching the addon framework to manifest v3, which severely degrades the functionality of browser firewalls, like uBlock Origin, by restricting (for “security reasons”, apparently) the amount of network filters they can apply (and maybe with other changes too, I don’t remember it exactly).
But there were also other instances of this happening, which I don’t remember right now. Maybe also when they released the first version with FLoC.
And then I think these 2 (anti)features (even any of them alone) also qualify for invasions of privacy, and they are present in most of the chromium based browsers.
Of course I have. I’ve never found any substantiation, which is why I’m asking. I use them every day so I would certainly like to know if there is, but the concerns I constantly see only apply to Chrome, and not Chromium-based browsers.
Just run WIreshark against your Chromium then. Enjoy.
This is specifically for the Chromium browser, not Chromium-based browsers. I know, it’s confusing. Chromium is basically just the open-sourced version of Chrome.
Additional Information on Chromium, Google Chrome, and Privacy
Features that communicate with Google made available through the compilation of code in Chromium are subject to the Google Privacy Policy.
There, you have it. Now you can try moving more goalposts again, and provide excuses for them.
This is yet another item attributed to Chrome and it’s users. You can totally create a Chromium fork that adheres to conventional standards.
Nah it’s not. I’m talking about Google pushing and implementing IETF standards that hamstring privacy. They are open standards, but they are malicious. That a standard is open doesn’t mean is doing things that are not ethical.
To me, it’s obvious that you don’t even want to look for proof. Why so hell-bent on taking the stance of a state-level billionare corporation built by extracting privacy from users? How do you think they got there?
Or do you have something specific against the legal non-profit organization that is Mozilla?
The mere fact that you’re forced to use a Google service for synchronicity between devices? Yes, Firefox has the same but i find them much more trustworthy.
Give me a browser that allows for using a synchronization service of my own choice.
Probably more/better fingerprinting techniques for chromium engine browsers but I feel like if invasive telemetry was discovered in the open-source codebase of the chromium engine we’d hear about it.
Removed by mod
I’m not the original person you responded to, but I am going to go out on a limb here and say that I disagree. While I personally do not think that all Chromium browsers (especially since there are projects like
ungoogled-chromium
) transmit your personal data, I can’t verify this myself because the Chromium codebase is far too much of an undertaking for myself to review.While the same is also true for Firefox (and really any potential open source browser), on a pure personal-trust factor I trust Mozilla/Firefox to be more caring about protecting my personal data than I do Google, who literally revolves around data collection. Inevitably its a moot point for me since I do use Google services anyways, but I don’t think its that far reaching for someone who potentially doesn’t to take the original person’s stance.
Don’t you think that, with so many contributors and projects having eyes on it (arguably more so than on gecko), if there was foul play wouldn’t anyone have sounded the alarm?
but they did sound the alarm? Debian took Chromium out of their repos for a time because they found unreported telemetry sent encrypted back to Google. All the info is on the net. You just need to read it.
Removed by mod
Argh, I originally finished typing out a reply and went to upvote your reply - which apparently causes Lemmy to close the reply box, sending my original reply to
/dev/null
, sigh…What I was originally going to say, in a more abridged version is that plenty of people audit and review open source libraries such as OpenSSL which ended up having a massive vulnerability that no one knew about in the form of Heartbleed for two years - so while its possible someone would ring the alarm bell on Chromium, its also possible that they wouldn’t (through no fault of their own).
At the end of the day, I still believe that my own personal trust in a project is going to trump the stamp of approval from people that I have zero connection to. There have been countless times in my life where someone said that
X
was okay, and I blindly trusted them instead of relying on my own judgment only to inevitably bitten in the ass when they ended up being wrong. Even down to medications that I’ve taken in the past that were deemed fine by multiple doctors, which have now resulted in me having permanent negative side effects that I’ll have to deal with for the rest of my life.I appreciate your level headed reply (as opposed to the passive aggressive “people do not understand chromium is NOT CHROME” reply), and to your credit I would say its probably significantly harder to forget to remove a ton of telemetry from a project than it is to not catch one line of code that accidentally causes a massive vulnerability to a project - but if Firefox works just fine for me, I don’t see a need to even have to take a (probably small) gamble on Chromium.
I don’t even advocate to others that they shouldn’t use Chromium for the reason that was listed in the top parent comment (usually if someone does ask me how I feel about my choice of browser, I will tell them that I prefer Firefox because it doesn’t have a dominant position of marketshare over web standards), but I did feel it was worth retorting that the parent comment was in fact, not really a “ridiculous position to take”.
Fair enough! FWIW, I also think your stance on the matter is fairly level-headed and well thought out, even if I’m more or less on the other side of the fence.
Brave Browser
Brave is icky. It’s smeared in crypto and they were caught injecting affiliate links in 2020.
Removed by mod
Evidence? OF COURSE!
Have you even tried searching for it?
Google even says so for Chromium on its own official page!
https://security.stackexchange.com/questions/144289/privacy-with-chromium
You don’t need to trust us. Trust Google, they are telling you legally if you want to listen.
Also, look up the handful of open bugs on the Debian but tracker, where known people, with name and faces (I’ve met some on conferences), showcase and share how Chromium calls home and sends encrypted data. They share their Wireshark logs.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580;msg=53
Look up how Debian removed Chromium for a time, until some of it got removed upstream.
And all of this doesn’t mean that Google cannot re-introduce it or add different approaches in new updates.
Plus, Google actively creates and pushes for their “standards” via Chrome(ium), which allows them to push for even more surveillance.
In addition, Chromium is not a community project. It’s developed behind closed doors, with a secret roadmap, and a code dump happens on release. That’s no way to develop the 90% of web browser market that society needs in this day and age. But, don’t think you will care about that, do you? you are happy with papa Google for the foreseeable.
Removed by mod
How hard can you simp for Vivaldi. Jesus Christ.
You don’t think Google themselves admitting that Chromium has the same privacy notice is substantial? What more could you possibly need?
What’s worse is that Vivaldi took an open source browser with a bunch of privacy concerns, added some things and closed the source. And you think it’s somehow less of a cause of concern.
You’re nuts.
Removed by mod
That is not true. I remember several chromium-based browser developers saying for several changes made by google to chromium that they can’t afford the maintenance burden to reverse it.
One instance of that happening is switching the addon framework to manifest v3, which severely degrades the functionality of browser firewalls, like uBlock Origin, by restricting (for “security reasons”, apparently) the amount of network filters they can apply (and maybe with other changes too, I don’t remember it exactly).
But there were also other instances of this happening, which I don’t remember right now. Maybe also when they released the first version with FLoC.
And then I think these 2 (anti)features (even any of them alone) also qualify for invasions of privacy, and they are present in most of the chromium based browsers.
Removed by mod
“several changes made by google to chromium”
No, they don’t. They released a lite version that will attempt to do it’s thing in the limited environment of up to date chromium browsers.
(Edit: here are the differences between the normal and this lite version as explained by the developer: https://libreddit.pussthecat.org/r/uBlockOrigin/comments/1067als/eli5_ublock_lite_vs_ublock_origin/j3h00xj/?context=3)
And then here is something new that shows how google can not only easily control chroimum based browsers, but basically every other one too, by creating their own definition of “open web”:
Their vision: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
Users thoughts: https://github.com/RupertBenWiser/Web-Environment-Integrity/issues
A specific issue (there are more) where the standpoint of googlers (you are dumb! (does not explain why)) and the users (we don’t want this!) can be clearly seen: https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/36
Discussion on lemmy: https://lemmy.blackeco.com/post/25574
Do you really think there is Google telemetry in all chromium based browsers? lol
Just run WIreshark against your Chromium then. Enjoy.
Did you read the link I posted?
Let me copy-paste directly from the Chromium office page for you then:
There, you have it. Now you can try moving more goalposts again, and provide excuses for them.
Nah it’s not. I’m talking about Google pushing and implementing IETF standards that hamstring privacy. They are open standards, but they are malicious. That a standard is open doesn’t mean is doing things that are not ethical.
To me, it’s obvious that you don’t even want to look for proof. Why so hell-bent on taking the stance of a state-level billionare corporation built by extracting privacy from users? How do you think they got there?
Or do you have something specific against the legal non-profit organization that is Mozilla?
Removed by mod
deleted by creator
The mere fact that you’re forced to use a Google service for synchronicity between devices? Yes, Firefox has the same but i find them much more trustworthy.
Give me a browser that allows for using a synchronization service of my own choice.
Decentralize!
Removed by mod
Probably more/better fingerprinting techniques for chromium engine browsers but I feel like if invasive telemetry was discovered in the open-source codebase of the chromium engine we’d hear about it.
Removed by mod