Iridium and Brave browsers

13 respuestas [Último envío]
Sabrinakitty
Desconectado/a
se unió: 06/17/2020

Hello
https://directory.fsf.org/wiki/Brave_Browser
https://directory.fsf.org/wiki/Iridium_Browser
Fsf states both browsers have antifeature.
Are those browsers safe to use. Can I trust those browsers with my private data: logins, passwords, web-mail?
Strangely, Iridium browser does not have a wikipedia page. A lot of users use wikipedia to learn about programs.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

The only Chromium-based browser I recommend is Ungoogled Chromium.

Maybe Iridium is not notable enough to have a Wikipedia page.

Magic Banana

I am a member!

Desconectado/a
se unió: 07/24/2010

I looked at Iridium more than one year ago and easily found problems: https://directory.fsf.org/wiki/Talk:Iridium_Browser

The first one mentioned (at least) is still there, i.e., Iridium includes a nonfree utility to deal with RAR: https://raw.githubusercontent.com/iridium-browser/iridium-browser/master/third_party/unrar/LICENSE

Checking whether the same problem exists in Brave is harder, because the code repository only includes scripts that download Chromium's source and modifies it. Brave's binaries are nonfree: https://trisquel.info/fr/forum/rust-non-free#comment-142907

Also, chaosmonk recently wrote about Brave's practices in https://trisquel.info/forum/know-about-brave-browser#comment-146645

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> The first one mentioned (at least) is still there, i.e., Iridium includes a nonfree utility to deal with RAR: https://raw.githubusercontent.com/iridium-browser/iridium-browser/master/third_party/unrar/LICENSE

Note that Debian is aware of this and [excludes][1] that file, and that Ungoogled Chromium applies Debian's [patch][2] to do so.

[1]: https://metadata.ftp-master.debian.org/changelogs//main/c/chromium/chromium_83.0.4103.116-1~deb10u3_copyright

[2]: https://github.com/Eloston/ungoogled-chromium/blob/df199c04ff367da59ce52a23a3f3b305dd3b00c3/patches/core/debian/disable/unrar.patch

Magic Banana

I am a member!

Desconectado/a
se unió: 07/24/2010

Thank you for the info.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

Btw, I'm not 100% sure that all versions of Ungoogled Chromium are free. It's possible that some versions have non-free bundled files. However, the version they distribute for Debian is based on Debian's Chromium package, and Debian [checks the license][1] of every file in their main distribution. The version in Guix should also be fine.

[1]: https://metadata.ftp-master.debian.org/changelogs//main/c/chromium/chromium_83.0.4103.116-1~deb10u3_copyright

FindEssential
Desconectado/a
se unió: 08/23/2017

Chromium is free software in the same way those cheap Easter eggs are chocolate. Its literally true, but clearly not the same. Chromium was released after Chrome to accelerate the release of ports (profit, not community driven), it has a permissive license, but isn't copyleft. Whats worse is that because Chromium us a derivative of Chrome and not the other way around various problematic bits have slipped through in the past. Never mind the fact that it exists solely to benefit Google, who has a long history of breaching trust for profit.

Brave is an ad network masquerading as a software company. It still displays ads, but it shares the revenue through a blockchain mechanism. Basically they pay off their users with pennies so that they and their partners can make dollars. Its basically a half stop up from Ad Block Plus.

Iridium does its very best to take a problematic stack and make it more respectful, though I am not sure its a worthwhile endeavor. Privacy wise though, some of the more important claims by the team have been shown to be false, notably with phoning home to the Google SafeBrowsing database. The developers claim they enable this feature by redirecting it to their server instead of Googles, but this has been debunked and shown to be untrue. Sort of hard to support a "privacy" focused browser that "oops" phones home to Google while the developers claim it doesn't.

The best method is to either use mainline Firefox with privacy focused add-ons or Tor depending on your use case.

Magic Banana

I am a member!

Desconectado/a
se unió: 07/24/2010

Chromium is free software in the same way those cheap Easter eggs are chocolate. Its literally true

I do not think it is. See for instance the presence, which I pointed above, of a nonfree RAR utility.

Chromium was released after Chrome to accelerate the release of ports (profit, not community driven), it has a permissive license, but isn't copyleft.

None of that a is a deal breaker, for me. Notice that if you reject permissive licenses (which are free software licenses), you should use neither X nor Wayland: your browser and the rest of your computing would have to run in a terminal.

Privacy wise though, some of the more important claims by the team have been shown to be false, notably with phoning home to the Google SafeBrowsing database.

Notice that Safe Browsing can be very respectful of the privacy, even if it uses Google's server. Firefox is an example. I wrote about it in https://trisquel.info/forum/web-browser#comment-126276

Anyway, Iridium developers indeed lie. When asked in https://github.com/iridium-browser/tracker/issues/93 "when the developers of Iridium can verify that it is entirely free software", one of the developers replies (and no other developer contradicts him):

yes we can confirm Iridium Browser is fully Open-Source! (...) fully Open-Source means 100% including any and all components, plugins, extensions, patches, snippets and everything else it is shipped with by default.

Yet, https://raw.githubusercontent.com/iridium-browser/iridium-browser/master/third_party/unrar/LICENSE is still in the source tree and there are certainly other freedom issues.

The best method is to either use mainline Firefox with privacy focused add-ons or Tor depending on your use case.

Why "mainline Firefox"? Trisquel ships with Abrowser and all Firefox's add-ons are compatible with Abrowser. Also, GNU IceCat, with enhanced protection of the privacy, is in the repository.

FindEssential
Desconectado/a
se unió: 08/23/2017

I had actually forgotten about the RAR thing, there were some other issues too since Chrome pulls software from so many places, but I wrote it off awhile ago, and stopped paying attention. I don't have an issue with permissive licenses, I just don't trust Google, full stop.

I don't use Abrowser or Icecat for reliability reasons. A browser is too important to have it break or not receive updates in a timely manner. I have had both issues with these browsers in the past. With other applications this is less of a concern, with a browser it is not something I can put up with.

Magic Banana

I am a member!

Desconectado/a
se unió: 07/24/2010

Abrowser is quite well following Firefox. It is currently at version 78.0.2, the latest upstream.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> Iridium does its very best to take a problematic stack and make it more respectful, though I am not sure its a worthwhile endeavor. Privacy wise though, some of the more important claims by the team have been shown to be false, notably with phoning home to the Google SafeBrowsing database.

Ungoogled Chromium is more thorough than Iridium. They borrow a [few patches][1][2] from Iridium, but do [much more][3] in addition to that.

> The developers claim they enable this feature by redirecting it to their server instead of Googles, but this has been debunked and shown to be untrue.

One step of the build process for Ungoogled Chromium is domain substitution:

"Replaces Google and several other web domain names in the Chromium source code with non-existent alternatives ending in qjz9zk. These changes are mainly used as a backup measure to detect potentially unpatched requests to Google. Note that domain substitution is a crude process, and may not be easily undone.

"With a few patches from ungoogled-chromium, any requests with these domain names sent via net::URLRequest in the Chromium code are blocked and notify the user via a info bar."

This makes it harder for issues like the one you describe to slip through.

> The best method is to either use mainline Firefox with privacy focused add-ons

Mainline Firefox is at least as bad as mainline Chromium in terms of privacy, and none of the Firefox forks that I know of do as throrough a job as Ungoogled Chromium. Ideally we would not need to use Chromium-based or Firefox-based browsers. Unfortunately, the web is so broken I don't see an alternative in the near future. See [4] for a good breakdown of the problem. A pretty crazy statistic:

"The total word count of the W3C specification catalogue is 114 million words at the time of writing. If you added the combined word counts of the C11, C++17, UEFI, USB 3.2, and POSIX specifications, all 8,754 published RFCs, and the combined word counts of everything on Wikipedia’s list of longest novels, you would be 12 million words short of the W3C specifications."

It's impossible at this point to create a new web engine from scratch and difficult to maintain an existing one, which is why browsers (including Firefox) have one-by-one been switching to Chromium's.

[1]: https://github.com/Eloston/ungoogled-chromium/tree/master/patches/extra/iridium-browser
[2]: https://github.com/Eloston/ungoogled-chromium/tree/master/patches/core/iridium-browser
[3]: https://github.com/Eloston/ungoogled-chromium/blob/master/docs/design.md
[4]: https://drewdevault.com/2020/03/18/Reckless-limitless-scope.html

Magic Banana

I am a member!

Desconectado/a
se unió: 07/24/2010
chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

Sorry, for some reason I had it in my head that Quantum uses some WebEngine/Blink code, but I can't track down where I thought I had read this, so perhaps I was mistaken or thinking of another browser's engine.

Jaret
Desconectado/a
se unió: 12/19/2018

Ungoogled Chromium, you say. Is this site correct about browser privacy rating?
https://spyware.neocities.org/articles/browsers.html