Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

So is Chromium at risk of being "Googled"?

Post Reply
Message
Author
User avatar
KBD
Forum Guide
Forum Guide
Posts: 1161
Joined: Sun Jul 03, 2011 7:52 pm

So is Chromium at risk of being "Googled"?

#1 Post by KBD » Sun Sep 23, 2018 9:02 pm

It sounds like this is something that will get passed on to Chromium. If so, it should be removed or labelled with a warning:
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.
https://blog.cryptographyengineering.co ... ng-chrome/

I don't have Chromium installed right now, but users in the comment section say this applies to Chromium as well--you are logged into Gmail and suddenly you are logged into Chromium as well without realizing it.

User avatar
dreamer
Forum Regular
Forum Regular
Posts: 224
Joined: Sun Oct 15, 2017 11:34 am

Re: So is Chromium at risk of being "Googled"?

#2 Post by dreamer » Sun Sep 23, 2018 9:19 pm

Iridium browser seems to be a privacy focused browser based on Chromium so could be an alternative for those who are worried.

"Iridium Browser is based on the Chromium code base. All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user. In addition, all our builds are reproducible and modifications are auditable, setting the project ahead of other secure browser providers."

https://iridiumbrowser.de/

User avatar
KBD
Forum Guide
Forum Guide
Posts: 1161
Joined: Sun Jul 03, 2011 7:52 pm

Re: So is Chromium at risk of being "Googled"?

#3 Post by KBD » Sun Sep 23, 2018 9:24 pm

dreamer wrote:
Sun Sep 23, 2018 9:19 pm
Iridium browser seems to be a privacy focused browser based on Chromium so could be an alternative for those who are worried.

"Iridium Browser is based on the Chromium code base. All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user. In addition, all our builds are reproducible and modifications are auditable, setting the project ahead of other secure browser providers."

https://iridiumbrowser.de/
Thanks for the info, will check it out.
I used to have Chromium as a back up to Firefox. I think anyone using Chromium as a base needs to be wary of Google code changes.

User avatar
handy
Forum Regular
Forum Regular
Posts: 127
Joined: Mon Apr 23, 2018 2:00 pm

Re: So is Chromium at risk of being "Googled"?

#4 Post by handy » Mon Sep 24, 2018 12:06 am

To the best of my knowledge, the Vivaldi dev's do whatever is necessary to close G**gle privacy invasions. Any that are bought to their attention that they haven't already removed, they remove.

The following post is from the Vivaldi forum, it is by their security dev (or one of them):

"yngve VIVALDI TEAM 10 months ago
There is no "spyware" involved here.

The two main reasons for Vivaldi to access Google servers automatically are:

Downloading and updating necessary components, the two major ones are the Certificate component and the Widevine video decoder. The certificate component performs extra checks on certificates, including revocation. The list of components is available on this internal page vivaldi://components

Downloading and updating the Safe Browsing blacklist. This is a so-called Bloom filter. This system works by calculating a very big number (hash) for the URL and parts of it. Then a few digits (32 bits) of these numbers are used to check in the local filter database. If the entry corresponding to the smaller number indicates that the URL may be blacklisted, Vivaldi uses more digits from the candidate number to request more information from the online Safe Browsing database, if still a possible blacklist, more data, using more digits of the number, are requested, until the server sends a list of URLs that are blacklisted. If one of the URLs is a match, then the page is block. At no time does Vivaldi send the URL to the server. The use of calculated hashes means that two almost identical URLs have wildly different hashes, but two wildly different URLs can have the same calculated hash (especially if one is using just a few digits). It is also almost impossible to reverse the calculation to get the original URL. These two points mean that it is not really possible for Google (or anyone) seeing the hash to tell which URL the user visited (in the case of the URL list, one might reasonably assume it was one of those, but it is still not a sure thing).

In neither case does Vivaldi send any cookies to the servers; only the IP address is, as always, known to the servers.

With respect to the connections to mtalk.google.com, this server is Google's Push Notifications server aka (Google Cloud Messaging, GCM). One of its uses is updates for a user's Sync data, which we are have disabled, since our Sync system uses a different system for such notification. Another use of this service is "Push Notifications" aka "Notification" from web sites. Whenever the user accepts Notifications from a website, persistent actions for receiving and handling these notifications are registered in Vivaldi, and among these actions is the establishment of a persistent connection to the GCM server, to listen for the notifications, and these connections are re-established immediately when Vivaldi starts. IOW, the connections to mtalk.google.com were initiated and configured by the user. Relevant URLs for this is chrome://settings/content/notifications , chrome://settings/siteData and vivaldi://gcm-internals

I hope this clears up some of the questions about this.

Developer and Security Expert at Vivaldi."
Clevo N'book (2014): P150SM-A
CPU: i7-4810MQ (Haswell) Speed: 2800/3800 MHz
RAM: 16 GiB 1600 MHz DDR3
GPU-1: i915
GPU-2: NVIDIA GK104M [GeForce GTX 880M] vRAM: 8GB 2500 Mhz DDR5
Storage: TOSHIBA 931.51 GiB. HGST 931.51 GiB. Crucial 223.57 GiB (M.2 SSD)

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2030
Joined: Wed Apr 11, 2018 5:09 pm

Re: So is Chromium at risk of being "Googled"?

#5 Post by fehlix » Mon Sep 24, 2018 10:45 am

I must admit, I don't even understand the question.
Chromium is "powered" by Google - full stop. :alien:
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
KBD
Forum Guide
Forum Guide
Posts: 1161
Joined: Sun Jul 03, 2011 7:52 pm

Re: So is Chromium at risk of being "Googled"?

#6 Post by KBD » Mon Sep 24, 2018 12:35 pm

It was understood that Chromium is the open source code Google bases Chrome browser on. We probably naively believed it was free of Google spying and prying, especially if you were not signed in to sync your Google account. Now none of that supposed freedom from Google privacy issues appears to be true.

clicktician
Forum Regular
Forum Regular
Posts: 192
Joined: Sat May 02, 2015 4:35 pm

Re: So is Chromium at risk of being "Googled"?

#7 Post by clicktician » Mon Sep 24, 2018 1:20 pm

The problem with the auto sign-on is misunderstood, I believe.

It doesn't matter at all if Chrome or Chromium sync with Google whenever you sign-on to a Google service like Maps or G-mail as long as you're on your own machine. You control all the sync settings. Simply turn auto-sync off if it bothers you. It's no biggie.

The ugly happens when you sign-on to G-Mail or your Calendar from someone else's machine using their copy of Chrome (like at work, friend's laptop, or at a kiosk or hotel). In those cases, if you have auto-sync turned on, the browser will sync just because you checked your G-Mail. Who wants an untrusted machine to sync? NO ONE!

You can prevent this by opening an incognito window before going to a Google service, and I hope I always remember to do that.
Son, someday all this will belong to your ex wife.

User avatar
dreamer
Forum Regular
Forum Regular
Posts: 224
Joined: Sun Oct 15, 2017 11:34 am

Re: So is Chromium at risk of being "Googled"?

#8 Post by dreamer » Mon Sep 24, 2018 4:46 pm

clicktician wrote:
Mon Sep 24, 2018 1:20 pm
The problem with the auto sign-on is misunderstood, I believe.

It doesn't matter at all if Chrome or Chromium sync with Google whenever you sign-on to a Google service like Maps or G-mail as long as you're on your own machine. You control all the sync settings. Simply turn auto-sync off if it bothers you. It's no biggie.
It matters if you want to be signed in to Gmail, but not to Youtube or other Google services.
You can prevent this by opening an incognito window before going to a Google service, and I hope I always remember to do that.
Yeah, I think incognito mode can solve this problem. Only use non-incognito on sites you want to be signed in to, that will stop a lot of tracking too.

clicktician
Forum Regular
Forum Regular
Posts: 192
Joined: Sat May 02, 2015 4:35 pm

Re: So is Chromium at risk of being "Googled"?

#9 Post by clicktician » Tue Sep 25, 2018 7:52 am

dreamer wrote:
Mon Sep 24, 2018 4:46 pm
It matters if you want to be signed in to Gmail, but not to Youtube or other Google services.
Very valid concern. In my case, I have never believed it is my right to use Google's services, or even this MX forum, anonymously. Encouraging login is consistent with their profit and security models, which I'm comfortable with. But I'm sure I'm the exception to the rule here.

What really frosts me is the neutrality hypocrisy. Google, as an edge provider, is the first to pound the desk about internet favoritism and a level playing field, but their own products clearly favor their services over those of other edge providers. When you log into Facebook will your Chromebook automatically log you into Instagram, too? Nope.

If Microsoft had pulled such a stunt with an OS built around their browser, Google would be screaming for US Senate hearings and demanding the UK assess anti-competitive fines.
Son, someday all this will belong to your ex wife.

Post Reply

Return to “Chat”