What does HackerNews think of ungoogled-chromium?
Google Chromium, sans integration with Google
And then this very site has an automatic playing video in the article lmao
Also a lot of these claims are so-so imo.
"Lighter on system resources"
"Speedier website browsing"
I usually have 60-70 tabs open across 5-6 windows. Firefox absolutely shits itself all the time but Chromium doesn't.
Anyways I use ungoogled-chromium https://github.com/Eloston/ungoogled-chromium
You mean like this? https://github.com/Eloston/ungoogled-chromium
To confirm I went to https://github.com/Eloston/ungoogled-chromium it says "NOTE: These binaries are provided by anyone who are willing to build and submit them. Because these binaries are not necessarily reproducible, authenticity cannot be guaranteed;"
Automatically translated.
https://github.com/Eloston/ungoogled-chromium https://github.com/bromite/bromite
Brave has crypto ads and a lot of other unnecessary stuff built in. They've also made questionable decisions in the past, like inserting referral codes in links. If anything, Brave is a worse choice than Firefox in terms of privacy even after enabling this new ad suggestions feature.
But over the last year or so, performance has continually degraded to the point were I'm upset and resort to Chrome more often (Ungoogled Chromium [1], to be precise).
I guess Specter mitigations and site process isolation might be related, but this does not make me happy...
(this is on Linux/Wayland)
[0] https://chromium.woolyss.com (look for the ungoogled tag)
https://github.com/Eloston/ungoogled-chromium
Obviously Firefox is an alternative, but i personally was turned off by recent censorship comments by Mozilla’s CEO which I won’t get into here.
Personal data harvesting. Its like feeding frenzy right now.
> This is not the way. It's either beat them at their game (not likely), or building/supporting/using alternatives (eg. Signal, Mastodon, maybe substack? nebula? Librem/microG/LineageOS?), but ultimately it's politics.
This is the way lol. Beating them is the only way that actually works, right now. Politics will takes decades, and will lead nowhere, like stupid cookies consent popups. Networking and web tech is too complex to put it into laws anyway.
Lets build better personal defence tools, browsers, routers, blockers, distributed VPNs that are not as easy to outlaw as Tor exit nodes. For example - https://github.com/Eloston/ungoogled-chromium. Add ignoramous CNAME backdooring ways to uBlock-Origin. That kind of ways.
Here's a fork of chromium with the other google bits removed. https://github.com/Eloston/ungoogled-chromium
That's not true. Servo is new, which is where Mozilla are picking their changes to Gecko/Quantum from. These false blanket statements aren't convincing me to use Vivaldi at all. Sure it has it's fair share of issues, but it "works" to a degree and maybe it'll chug along enough to finally be used by 2022.
Currently I'm using Ungoogled Chromium [1] on Windows and Bromite [2] on Android, but the latter will eventually be replaced with the former when I end up building Ungoogled Chromium TriChrome (it's a build mechanism for Android 10 and above to have a shared library package, as well as a WebView and browser package separately for Android).
Ungoogled Chromium is great because it accomplishes all that Vivaldi does, except syncing, all the while keeping the nice UI of Chrome. I'm not a fan of syncing, so that doesn't matter to me.
I used to use Firefox on desktop (prior to and after the Quantum update) but WebGPU was just way to slow for me and I switched to a Chromium-based application.
[1] - https://github.com/Eloston/ungoogled-chromium
[2] - https://www.bromite.org
For more technical people, ungoogled-chromium [1] is probably the cleanest option. It's completely free from ads, telemetry, "pings", "experiments", and the like.
Create Firefox Profile: firefox -ProfileManager
Use Firefox Profile: firefox --no-remote -private -P profile-name
Create & Use Chrome Profile: chromium --incognito --user-data-dir=location/profile-name
On top of seperate browser profiles (at least in your VPN profiles), you need to do browser hardening and use something like uBlock/uMatrix to block everything by default. [1] I do not recommend using regular Google Chrome for VPN at all. Use something like Ungoogled-Chrome. [2] or similar security browser instead.
Also it is highly recommented if you use Linux/Unix OS, to properly firewall your VPN connection. So for example if your VPN connection suddenly stops working, it will not leak out any data. There is many tutorials on how to do this. I'm sure it is possible to do something similar on Windows too.
[1] firefox hardening; https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/
[2] https://github.com/Eloston/ungoogled-chromium
[3] chrome hardening; https://peter.sh/experiments/chromium-command-line-switches/
Tho the .deb binary is not up to date yet https://ungoogled-software.github.io/ungoogled-chromium-bina...
Edit: I wonder if this is intended to be an attack on browsers like Ungoogled Chromium that Google doesn't like? (https://github.com/Eloston/ungoogled-chromium)
The ungoogled-chromium project [0] presumably doesn't take all that much manpower as it's just taking Chromium and paring it down a little. A true alternative browser codebase like Firefox, with its own rendering engine and JavaScript engine, takes a great deal of effort, of course.
I switched recently based on a recommendation from a HN reader, and so far it has been a surprisingly seamless transition. I have yet to encounter any issues aside from being unable to install extensions directly from the Chrome Web Store, which was easily remedied by first installing the chromium-web-store extension [1].
My biggest gripe is that there are no 'official' binaries, so you'd either have to build your own or trust the user-submitted builds, though apparently the project owner is currently working on setting up an official build server [2].
[0] https://github.com/Eloston/ungoogled-chromium
[1] https://github.com/NeverDecaf/chromium-web-store
[2] https://github.com/Eloston/ungoogled-chromium/issues/1198
Does anyone know a Webkit browser that runs on Win - preferably with some kind of debugger?
Stop the madness
Bromite: https://www.bromite.org
Ungoogled Chromium: https://github.com/Eloston/ungoogled-chromium
Try ungoogled-chromium:
https://github.com/Eloston/ungoogled-chromium
Put uMatrix, HTTPS everywhere
My advice:
Install ungoogled-chromium: https://github.com/Eloston/ungoogled-chromium
Install these extensions: https://github.com/gorhill/uBlock https://github.com/ilGur1132/Smart-HTTPS
There is also a Chromium extension that lets you install from Chrome Web Store: https://github.com/NeverDecaf/chromium-web-store
Set duckduckgo.com as your default search engine with a blank home page. But you could also use @pkrumins home pages of https://techurls.com or https://finurls.com as nice home pages.
Use Mullvad VPN: https://mullvad.net/ (They are EVEN available on F-Droid now, which is AMAZING)
Security harden your Android device: https://niftylettuce.com/posts/google-free-android-setup/
Security harden your Mac: https://gist.github.com/niftylettuce/39597a7b3bc0660ffe1e09d...
P.S. If you need email forwarding for your domain name, you can use something I made. https://forwardemail.net - it is 100% open source.
Follow me @niftylettuce on GitHub and Twitter for more
[0]: https://github.com/Eloston/ungoogled-chromium
[1]: https://github.com/bromite/bromite/blob/79.0.3945.139/build/...
[2]: https://github.com/bromite/bromite/issues/480#issuecomment-5...
Chrome does a lot of calling home. Like, a LOT [1][2]. For example, it checks sites are "safe" (as according to Google's standards) running every website you visit through their servers.
Brave tries to disable most of this.
1. https://github.com/Eloston/ungoogled-chromium
2. https://brave.com/brave-tops-browser-first-run-network-traff...
It’s just a renderer that calls home with hardcoded references to Google’s services. You can’t avoid Google if you use Chromium’s source code without patching it [1].
ungoogled-chromium A lightweight approach to removing Google web service dependency
ungoogled-chromium is Google Chromium, sans dependency on Google web services. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).
ungoogled-chromium retains the default Chromium experience as closely as possible. Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.
Surely there are great options, depending your needs, for example Ungoogled Chromium or Brave Browser, if you're looking for something that gives a Chrome-like experience, but without all the data gathering from Google (Ungoogled Chromium) or with some privacy-minded features already integrated (Brave).
There's also Waterfox, which is a Firefox fork (I can be wrong with this description! But that is how I understand it) that is still compatible with the old addons (XUL). There's also another project on GitLab named LibreWolf that it will be (or already is) a Firefox fork that (based on the Librefox project), in a similar fashion to Ungoogled Chromium), it has removed several mozilla-only features such as the integrated telemetry, and I think that also the "studies" feature. It also attempts to integrate some privacy-minded features in a similar way that Brave browser do. As the last time that I checked the project, they already have created some builds for Linux. I'm not quite sure if they have started to work on OSx/Windows builds.
I don't know which are your parameters to determine which browser could be better than Firefox, but it could help to take a look at those (and perhaps other) projects, use them for a while, and see which of them suits better for you.
Links:
Ungoogled Chromium: https://github.com/Eloston/ungoogled-chromium
Brave Browser: https://brave.com/
Waterfox: https://www.waterfox.net/
LibreWolf: https://gitlab.com/librewolf-community
Kind regards.
The caveat with this software is that it doesn't really have good automatic update support so there's a high user spend on managing security.
And if it's relevant Tor Browser
While I agree with the gist of the article, this is worth pointing out since a lot of people do use Chromium because it is advertised this way, thinking that somehow they are not playing into the Chrome/Google monopoly. For those interested, there is an alternative build without all the google stuff baked in: https://github.com/Eloston/ungoogled-chromium
I do not understand what this means, the code is open isn't it?[0]
This sounds very over exaggerated and alarmist, just like Android and for example Chromium people have forked it and removed all the Google proprietary stuff from it[1], I am sure you and other privacy conscious developers in the future will do the same for Fuchsia.
For me, Google's hold also manifested as complete absence of support for H.264 on Mac, because calling the Cisco's freely available openh264 is ‘too slow.’ In Linux, distro maintainers patch in the support for openh264.
You're wrong and sorry to be blunt. If you think Chromium is pure technical code and no Google hooks, you're wrong.
1. I've been working on it for over a year and it's rife with Google hooks. 2. When we have a thriving project named Ungoogled Chromium, you'd start believing point 1.
Another is UnGoogled-Chromium: https://github.com/Eloston/ungoogled-chromium
Would love to see this latter option becoming something that appeals to a very large, mainstream market rather than just a few techies.
https://github.com/Eloston/ungoogled-chromium
DuckDuckGo is the default search engine, and most of the Google-related tracking is disabled or removed. You can see the details in the repository's README.md.
This works well for privacy-conscious users who, for some reason, don't want to use Firefox. If you have no objection to Firefox, it would be in your best interest to use Firefox since it's backed by a non-profit dedicated to open web standards.
That said, look into Ungoogled-Chromium or Iridium :
https://github.com/Eloston/ungoogled-chromium
Both projects try to clean up the spyware that Chromium essentially is by design.
See Bromite for Android :
This exists as:
The general concern about projects along these lines, e.g. IceWeasel, is that they won't keep up with security patches as quickly as the project it's forking. Maybe that's less of a concern here since they aren't trying to recreate an older version but are just tearing out some "phone home" calls and changing some defaults.
Not sure why you don't like Brave? You can turn off all of the crypto currency and advertising stuff. I think its a good idea personally. What is the problem in usurping googles ad business, exactly?
Also, for those who care about licensing, chromium is a licensing nightmare. half (or more?) of the repos in the externals directory when building chromium have no license specified.
I've really tried to use Firefox... Chrome just runs so much smoother, especially for media.
This is ungoogled chromium: https://github.com/Eloston/ungoogled-chromium
Frankly, I am amazed every day that Ungoogled Chromium, Firefox, & DDG.co are as good as they are. (aka: slightly inferior to Google regarding product polish, but truly "good enough" 98% of the time - without selling my future data down the drain)
(edited: to fix typos)
The same is obviously true for Firefox, with Mozilla being the gatekeeper, but this is where non-profit vs. for-profit does come back into play.
As for bad things in Chromium, as well as a fork that tries to fix it: https://github.com/Eloston/ungoogled-chromium
As for news articles: When Mozilla does things, they're open about it, which is why news articles get written about their fuck-ups. And they're held to a much higher standard by journalists, as they are a non-profit.
When Google does something shitty on the other hand, people are quick to dismiss it as them needing to make money somehow. And there's lots of instances where Firefox goes the extra mile, where Chromium conveniently forgets about it and then no one blames them, because it is the extra mile, not the standard among browsers.
A prominent example is Chrome Sync. It's not end-to-end-encrypted and Google does state in their Privacy Policy that they use the browsing history submitted to them with Sync for other purposes. Your browsing history being stored on Google's server in decryptable form also means that NSA, CIA, FBI have access to it. You can make it end-to-end-encrypted, which however requires a second password and is therefore something that only users will do that really care about it. Basically, it's there to calm those that would complain otherwise. Firefox Sync is end-to-end-encrypted by default, only one password needed.
And this is just the biggest and clearest example. We're talking about millions of lines of code with tens of thousands of design decisions. Google will have opted every time for the option that's not yet quite bad enough to gather bad press. Mozilla on the other hand has no reason not to protect users, if possible, even if it does not gather them good press.
My understanding is that statement is false; let's be careful not to mislead people about these issues. And in that spirit, I should make clear that my understanding is based only on the following, not on direct knowledge:
* The ungoogled-chromium project, which aims to remove from Chromium the privacy threats from Google:
https://github.com/Eloston/ungoogled-chromium
A number of features or background services communicate with Google servers despite the absence of an associated Google account or compiled-in Google API keys. Furthermore, the normal build process for Chromium involves running Google's own high-level commands that invoke many scripts and utilities, some of which download and use pre-built binaries provided by Google. Even the final build output includes some pre-built binaries.
* There's also the Inox patchset, with similar aims:
https://github.com/gcarq/inox-patchset
Inox patchset is applied on the chromium source code and tries to prevent data transmission to Google to get a minimal Chromium based browser
* And finally, Iridium, a browser based on Chromium:
Chromium (which Iridium is based on) is a very secure browser, yes. But it does call home to Google and we did even more to enhance security to the maximum extent possible.
2) We don't really know, Chrome is not open-source and it's hard to tell from network traffic, since nowadays pretty much every webpage loads something from a Google server in encrypted form anyways (and with those request, Google could send all kinds of data).
3) For Chromium (which's source code is basis for Google Chrome), this project tries to collect and fix all the privacy-infringing stuff: https://github.com/Eloston/ungoogled-chromium
4) There's many ways in which Chrome doesn't actively track you, but infringes on your privacy by just being terrible at protecting it from webpages' tracking. As in millions of lines of code, tens of thousands of design decisions, all made by the biggest tracking company on the planet. No journalist can report about all of these, but it'd be foolish to assume innocence until proven guilty.
To give some rough image from what I know about the browsers and what I've heard other people say:
Performance: Roughly equal, Chrome seems to still be more consistently fast, which Mozilla is still cleaning up after that big architecture change. Mozilla also has more in the pipeline, which I'm not seeing as much from Chrome.
RAM use: Firefox is still considerably lower here, even though the Quantum iteration needs more RAM. There's little motivation for Google to have users use software outside of their web browser, they can't display ads or gather data in those, so there's little motivation for them to not eat up all of the RAM.
Customizability: Clear win for Firefox. You can drag UI elements everywhere you want, color the whole UI with extensions as you like or even fuck around with CSS to alter its look.
Extensibility: Chrome still has more extensions in numbers, mainly because Mozilla does not allow telemetry in add-ons (unless the users opts in). Firefox extensions are more capable, though.
And Chrome's extension store is a dumpster fire, filled with malware. Mozilla vets extensions with actual human beings, which Google doesn't consider an option.
Security against script-kiddies: Also roughly equal. Chrome has to a minor degree still a more secure architecture (sandboxes each tab individually most of the time, whereas Firefox sandboxes them in groups of how many cores your CPU has, for performance reasons), but Chrome on the other hand has some glaring idiocies here and there.
For example Chrome's autofill fills in data in all input fields on the page at once, meaning that it will also fill input fields that you as a user can't see, so you might send off your address to a sketchy site without knowing about it. Another example is them shipping the WebUSB-API in a form that made Yubikey Neos completely exploitable, as webpages could literally just connect to the Yubikey on their own and read out the secret, bypassing the U2F API that Google had built into Chrome.
Security against Google and in extension US intelligence agencies (and in extension non-US intelligence agencies): Well, you can probably guess by yourself. Chrome Sync by default uploads your browsing history and such to Google's server in decryptable form. So, Google can access it, and because of US law, the US intelligence agencies can grab it from Google's servers, too. And because those intelligence agencies are friends with other intelligence agencies (Five Eyes etc.), those likely have your browsing history, too. Obviously depends how much you consider these a threat, but it's certainly not in your favor for these groups to have your data.
You can bypass that, by enabling end-to-end-encryption, which Google requires a second password for, so it's not necessarily an argument when you know about it, but that brings us to what the article mentions, too.
Defaults: Firefox Sync is end-to-end-encrypted by default. Only one password needed. Firefox's Private Browsing mode ships with Tracking Protection, no (potential malware) extension needed to block trackers, not that Chrome even allows extension to run in Incognito mode.
And these are just superficial examples. We're talking about millions of lines of code, tens of thousands of design decisions. In one case made by a non-profit, that always tries to protect users while trying to not piss off webpage owners too much, in the other case made by a company that always tries to satisfy its own needs in the hope that users don't notice or don't complain too much. And again, millions of lines of code. Lots of shit goes under the radar that no journalist reports about. Even in Chromium.
This is for example a project that tries to fix Chromium and it admits that it's an uphill battle: https://github.com/Eloston/ungoogled-chromium
Well, it's trying to be. It's still millions of lines of code and tens of thousands of design decisions made by Google.
The same would be true for your wish of a Firefox-fork, though I'm not sure there's that much sense in it, since what Mozilla has been doing has not infringed on privacy. You'd be patching out things that are harmless.
Fork of Firefox: https://www.waterfoxproject.org
Fork of Chrome: https://github.com/Eloston/ungoogled-chromium
It's a fork of Chrome, with all links and connections to Google compiled out.
I'm not a fan of using a fork of a major browser for the same reason that a fork of Firefox relies on the continued existence of Mozilla - but I guess I trust Google to continue existing more than I trust Mozilla.
It's a shame. I want to like Firefox. But I'm finding it hard to find the trust.
Security and privacy is just a marketing gig for Firefox in my personal opinion. Not truly reflecting the reality.
Additionally you can use ungoogled-chromium to take it to the next level.
https://github.com/Eloston/ungoogled-chromium
[1] Some chrome flags worth knowing...
--incognito
--disable-sync
--disable-reading-from-canvas
--disable-voice-input
--disable-system-timezone-automatic-detection [When VPN from different timezone]
--connectivity-check-url= [set 204 from your trusted location]
--disable-remote-fonts
--no-referrers
--disable-physical-keyboard-autocorrect
--no-pings
Plus Decentral Eyes plugin...
If this was a feature that was shown to be highly beneficial to your users, then why deploy it to just 1%? Super shady. This is Pocket all over again.
Will this be something that can be fully disabled?
Not something I ever expected to see out of privacy-focused Mozilla. Are we going to need a world with unmozillad-firefox, à la https://github.com/Eloston/ungoogled-chromium ?
Sad day.
As for other modern open-source browsers, http://otter-browser.org/ is still in relatively early development AFAIK, but sort of like Vivaldi, it's trying to recreate Opera 12.
There is also netsurf and dillo but they are not as compatible due to the lack of js and incomplete css support.
inox-patchset - https://github.com/gcarq/inox-patchset
ungoogled-chromium - https://github.com/Eloston/ungoogled-chromium
Iridium Browser - https://iridiumbrowser.de/
This means that if an open-source project does nefarious things, there's a good chance that a fork will come along and that people will start using that fork instead. So, you yourself don't have to read every single line of code for it to be relatively certain that an open-source project does not do bad things.
There are of course exceptions to this. For example there are a lot of things that a lot of people are not fond of with Chromium. There are forks which try to address this (for example [0]), but Google has so much development workforce behind Chromium that such a fork has a hard time keeping up with merging security patches and updates in general.
But even in that case, open-source offers protection without you reading every line of code. Because there's people out there who earn their daily bread by uncovering these sort of things: Journalists.
Due to the source code being available, they have definitive proof and can slap these kind of stories on the front page. I mean, heck, Heart Bleed came on national TV in my country. If that vulnerability had been in closed-source software, they could have only ever reported about rumors.
But unless you audited the chrome code (with a team of 1000 experts) you have already trusted them, both to write quality code and to prevent malicious code sneaking in. Why not trust them to patch your browser against malware?
Feel free to contribute to ungoogled chromium: https://github.com/Eloston/ungoogled-chromium
i really believe they are signing their own death certificate. neither google nor yahoo will pay much for search traffic of a browser no one uses. i say this as a long-time fan, nightly firefox user and bug submitter (since v1.5). everything since Australis has been an unmitigated trainwreck :/. When Classic Theme Restorer [1] stops working, i'm sorry but i'm out....probably to https://github.com/Eloston/ungoogled-chromium for the time being.
my hope is that someone builds out a nice cross-platform browser around servo, or at least i can hack on https://github.com/browserhtml/browserhtml
http://electron.atom.io/ is an option, too
[1] https://addons.mozilla.org/en-US/firefox/addon/classicthemer...