Why I'm Switching from Firefox to Ungoogled-Chromium

So let's get this committed. Are you in contact with the maintainer of Chromium?

This is a big deal given that we said "all that sandboxing stuff is disabled on FreeBSD" just last week.
 
cracauer@ said:
So let's get this committed. Are you in contact with the maintainer of Chromium?

This is a big deal given that we said "all that sandboxing stuff is disabled on FreeBSD" just last week.
Click to expand...

Kind of, I talked to him last week on another issue I noticed while working on this. Alright I messaged him (and mentioned that you gave it some testing too).
 
The fact that Firefox is a base for such an important security/privacy/anonymity tool like Tor Browser is worth nothing? It seems that all those tor developers made fundamental mistake by choosing Firefox, buts still somehow, it is (and was, and will be) THE ONLY solution that prioritizes the security/privacy/anonymity of user of the technology. And think what you can do with plain about:config in Firefox. The fact that you need to install add-on to stop leaking your LOCAL NETWORK IP address (again you need to trust someone else than your browser itself and your ability to define what that security should be) speaks volumes against Chromium.
 
neimsaci said:
The fact that Firefox is a base for such an important security/privacy/anonymity tool like Tor Browser is worth nothing? It seems that all those tor developers made fundamental mistake by choosing Firefox, buts still somehow, it is (and was, and will be) THE ONLY solution that prioritizes the security/privacy/anonymity of user of the technology. And think what you can do with plain about:config in Firefox. The fact that you need to install add-on to stop leaking your LOCAL NETWORK IP address (again you need to trust someone else than your browser itself and your ability to define what that security should be) speaks volumes against Chromium
Click to expand...

Without asking the Tor Browser team my first guess would be the maintenance cost of a fork could have been the factor for that decision. Chromium's build tool is notoriously difficult to use for good reason and it was worse when Chromium was initially released.

Reading through the madaidans-insecurities source, has been pretty interesting. The section on memory protection in and around the javascript engine mirrors items I uncovered in my own work on selinux policies for Firefox. It was easier to confine the entire Firefox process tree than to harden the memory policy for Firefox itself. Think dynamically put Firefox into a jail with only a few folders null mounted into it.
 
It's the privacy/security conundrum: Very secure software can securely convey your personal information and location to a 3rd party.

While chromium is more secure, it is by no means privacy focused - in fact it's developed to be a surveillance tool by google.

Firefox is not configured for privacy out of the box however. There are various look ups to google services such as safebrowsing and geo location. This due to where mozilla's funding comes from... Despite that, firefox can be configured for privacy, chromium is a different story.

I'm sure there is an article on Tor project's site which explains why chromium should not be used.
 
rrbrussell said:
Without asking the Tor Browser team my first guess would be the maintenance cost of a fork could have been the factor for that decision. Chromium's build tool is notoriously difficult to use for good reason and it was worse when Chromium was initially released.

Reading through the madaidans-insecurities source, has been pretty interesting. The section on memory protection in and around the javascript engine mirrors items I uncovered in my own work on selinux policies for Firefox. It was easier to confine the entire Firefox process tree than to harden the memory policy for Firefox itself. Think dynamically put Firefox into a jail with only a few folders null mounted into it.
Click to expand...
How much of that all helps you stop leaking internal IP address? And what SELinux have to do with FreeBSD? Architecture of Chromium in fact is very similar to Linux, e.g., WebKit/Blink = kernel, Chromium = Distribution, while Firefox maintains whole stack, much like BSD's. If you think in this way then it becomes very clear that Chromium (Led by Google) need in some way keep an edge over all other competitors that uses same "kernel", and guess what, it not first time (nor last) when you end up with extremely difficult to use build tools, hidden, hardcoded functionality, obscure documentation, and god knows what else, all of what is signal in itself to avoid it. All that security you mention, does not give any benefit at all to the user of Chromium itself, maybe to the developer but not to the user. The main reason why that security is put in place in a way it is, has nothing to do with security/privacy of the user, e.g., you. To me it looks like it's main purpose is to distribute modular components to the untrusted parties with varying level of visibility (understanding) across modualr architecture. All of a sudden, that kind of security makes sense.
And lastly, I want to clarify some things:
1. The post you referenced, explicitly, mentions only Firefox v95.
2. Spectre is CPU (Hardware) vulnerability.
3. The post referenced PaX Team post from 2015
Conclusion:
That post is, mostly, speculation.
Please, do not advertise Chromium, I will not use it anyway.
 
You must log in or register to reply here.
Back
Top