| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
en:philosophy:chromium_flaws [2022/03/23 06:07]
i3_relativism |
en:philosophy:chromium_flaws [2025/03/31 16:56] (current)
throgh [The Bigger Picture] |
| As free software activists, we all enjoy using the latest and greatest in free software, but we need to make sure that **the software we are using really does respect our freedom**. Many users have expressed to us **their desire to run Chromium web browser**, since it appears to be fully free software, **but it still fails in several ways**. | As free software activists, we all enjoy using the latest and greatest in free software, but we need to make sure that **the software we are using really does respect our freedom**. Many users have expressed to us **their desire to run Chromium web browser**, since it appears to be fully free software, **but it still fails in several ways**. |
| |
| In our research, we discovered that the situation is improving. Just a few years ago, **there were over one thousand unlicensed files** which were <color #B90B0B/#FFDDDD>considered to be nonfree</color>. Thanks to Debian's Lintian Reports and efforts, **it appears those issues have been solved**. | **Chromium, by default**, <color #B90B0B/#FFDDDD>has a number of issues</color> that are of concern for free software users - **even if all the source code is licensed properly**. |
| | |
| **However, Chromium, by default**, <color #B90B0B/#FFDDDD>still has a number of issues</color> that are of concern for free software users - **even if all the source code is licensed properly**. | |
| |
| ===== What are the issues? ===== | ===== What are the issues? ===== |
| |
| **By default, Chromium source code still has many lines of code that makes direct internet connections to Google**. | **By default, Chromium source code still has many lines of code that makes direct internet connections to Google**. |
| When building the software unpatched, much of your browsing experience is under the control of Google's online web services. | When building the software unpatched, much of the users browsing experience is under the control of Google's online web services. |
| As mentioned in the article [[https://www.gnu.org/philosophy/who-does-that-server-really-serve.html|Who does that server really serve?]], free software is only free when you are in control and should not be dependant on third-party web services. Some work has already been done to free Chromium from this problem, including the removal of "Google OK", a [[https://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html|Google web service plugin used for voice recognition, after user outcry]]. | As mentioned in the article [[https://www.gnu.org/philosophy/who-does-that-server-really-serve.html|Who does that server really serve?]], free and libre software is only free when you are in control and should not be depending on third-parties. Some work has already been done to free Chromium from this problem, including the removal of its so-called "speech assistant". |
| |
| ==== Pre-built Binaries ==== | ==== Pre-built Binaries ==== |
| |
| **By default, Chromium** <color #B90B0B/#FFDDDD>still includes some pre-built binaries</color> to aid in faster compiling. In order to have fully free software, **we require all software to be built from source**. Packagers should not use "use_prebuilt" as a compile option. | **By default, Chromium** <color #B90B0B/#FFDDDD>still includes some pre-built binaries</color> to aid in faster compiling. In order to have fully free software, **it is required that all software can be built from source**. |
| |
| ==== DRM and Proprietary Codecs ==== | ==== DRM and Proprietary Codecs ==== |
| |
| **Chromium supports** the use of <color #B90B0B/#FFDDDD>Widevine DRM, Adobe Pepper Flash, and third-party codecs which are nonfree</color>. **Packagers must ensure that these are removed from the source code** prior to compiling in order to be free software. **To disable them is not enough**. It is required to **remove (support and references about it) from the source** as per the [[https://www.gnu.org/distros/free-system-distribution-guidelines.en.html|FSDG]]. | **Chromium supports** the use of <color #B90B0B/#FFDDDD>Widevine DRM, Adobe Pepper Flash, and third-party codecs which are non-free</color>. **Building the software is therefore complicated and users must ensure that these are removed from the source code** prior to compiling in order to be called free software. **To disable them is not enough**. It is required to **remove (support and references about it) from the source** as per the [[https://www.gnu.org/distros/free-system-distribution-guidelines.en.html|FSDG]]. |
| |
| ==== Privacy problems ==== | ==== Privacy problems ==== |
| |
| While not specific to free software, **we would like for users to have control over their private information**. Chromium has a [[https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs|number of reported privacy concerns which made it ineligible for use with Tor]]. | **Users should always have full control over their private information**. Chromium has a [[https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs|number of reported privacy concerns which made it ineligible for use with Tor]]. |
| Issues include **outstanding proxy bugs** which **leak an user's IP address**, fingerprinting issues that **leak the computers hostname and hardware**, and **timing issues that enable timing attacks** even in the browser's "Incognitio" mode. **Free software users should be aware of these issues** and work to patch them upstream and in their packages as needed. | Issues include **outstanding proxy bugs** which **leak an user's IP address**, fingerprinting issues that **leak the computers hostname and hardware**, and **timing issues that enable timing attacks** even in the browser's "Incognitio" mode. **Free software users should be aware of these issues**. |
| |
| ==== A work in progress ==== | |
| |
| There is work being done to remove queries to Google and pre-built binaries, as well as strengthen user-privacy. | |
| |
| The patch-set called **ungoogled-chromium**, which itself is a **combination of Inox, Iridium, and Debian patches is one such effort**. | |
| **Free software advocates are advised** to use these patchsets and help contribute to their maintenance, while pushing for a self-contained version of Chromium with these fixes built-in. With each consecutive Chromium release a new patchset must be created to remove Google specific code and binaries which affect your freedom. **Having a self-contained version** ensures that **no one will be forced to accidentally use nonfree software** during these updates. | |
| |
| ===== The Bigger Picture ===== | ===== The Bigger Picture ===== |
| Chromium is also being used as an **embedded framework in various projects**. | Chromium is also being used as an **embedded framework in various projects**. |
| |
| Users should be aware that **Qt WebEngine is based on Chromium and therefore contains many of the same flaws**. [[https://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs|Proprietary codecs and other anti-features]] **must be removed at compile time** to ensure user's freedom is respected. Due to Qt being a primary component of KDE and many applications, ensuring it is compiled correctly and **removing nonfree software** is of even greater importance to the [[https://www.gnu.org/philosophy/free-software-intro.en.html|Free Software Movement]]. | Users should be aware that **Qt WebEngine is based on Chromium and therefore contains many of the same flaws**. [[https://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs|Proprietary codecs and other anti-features]] **must be removed at compile time** to ensure user's freedom is respected. Due to Qt being a primary component of KDE and many applications, ensuring it is compiled correctly and **removing non-free software** is of even greater importance to the [[https://www.gnu.org/philosophy/free-software-intro.en.html|Free Software Movement]]. |
| | |
| For our freedom's sake, **free software projects should take care about all kinds of freedom issues** when deciding what components to depend on. | |
| |
| We are hopeful that the various projects currently working with Chromium source code will make Chromium fully respect both **users' freedom and users' privacy**, making the internet safer, as well as more freedom respecting, for everyone. | For freedom's sake, **free software projects should take care about all kinds of freedom issues** when deciding what components to depend on. |
| |
| | **Chromium will always stay a pure corporate project** and therefore funded aside also controlled by Google / Alphabet. Therefore the software itself cannot be called free and libre in any given way when looking over the noted points and the background of the project itself. |
| ===== Licensing ===== | ===== Licensing ===== |
| |
| The [[https://www.gnu.org/copyleft/fdl.html|GNU Free Documentation License]] as published by the Free Software; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. | The [[https://www.gnu.org/copyleft/fdl.html|GNU Free Documentation License]] as published by the Free Software; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. |
| |
| ===== Acknowledgement ===== | |
| |
| Most of this documentation was originally written by [[https://www.hyperbola.info/members/founders/#Gaming4JC|Luke .R]]. | |