GNU bug report logs - #28004
Chromium

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Mon, 7 Aug 2017 20:00:01 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #65 received at 28004 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Leo Famulari
 <leo <at> famulari.name>
Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org>
Subject: Re: [bug#28004] Chromium
Date: Mon, 06 Nov 2017 00:52:32 +0100

[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> I think we should make sure that our package does not call home in any
>> way.  That’s what I expect from a security- and privacy-conscious
>> distro.
>
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.

I tried picking two other Debian patches[0][1] to see if it helped with
the annoying splash screen and decided to verify whether the browser
still "calls home" from a clean profile.  The last time I checked was
many versions ago.

After dismissing the sign-in dialog, the "New Tab Page" loads a regular
Google search bar, and "pre-fills" two of the "most commonly used" slots
with Chrome URLs, (still) downloading a bunch of data in the process.

Not great, but maybe we could live with that if it was just for the
first run (it wasn't; had to change search engine to prevent the New Tab
Page from calling the mothership).

To my great surprise, while watching tcpdump from a different window, it
also called home *when I switched windows*.  Every time the Chromium
window was activated, some data was sent to Google servers.

Going into settings and toggling the "Use a prediction service to help
complete searches and URLs typed in the address bar" option (to off)
disabled that behaviour.

Not very confidence-instilling.

I'm going to try to incorporate the "Inox Patchset"[2], which is a set
of patches that attempts to remove all such misfeatures from Chromium.
They seem to have managed to stay on top of recent Chromium development,
unlike two other prominent privacy-focused "forks", so I'm optimistic.

But it might take some weeks before the next update.  Stay tuned..

[0] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch>
[1] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch>
[2] <https://github.com/gcarq/inox-patchset>

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.