====== Chromium's Flaws ====== As free software activists, we all enjoy using the latest and greatest in free software, but we need to make sure that **the software we are using really does respect our freedom**. Many users have expressed to us **their desire to run Chromium web browser**, since it appears to be fully free software, **but it still fails in several ways**. In our research, we discovered that the situation is improving. Just a few years ago, **there were over one thousand unlicensed files** which were considered to be nonfree. Thanks to Debian's Lintian Reports and efforts, **it appears those issues have been solved**. **However, Chromium, by default**, still has a number of issues that are of concern for free software users - **even if all the source code is licensed properly**. ===== What are the issues? ===== ==== Queries to Google ==== **By default, Chromium source code still has many lines of code that makes direct internet connections to Google**. When building the software unpatched, much of your browsing experience is under the control of Google's online web services. As mentioned in the article [[https://www.gnu.org/philosophy/who-does-that-server-really-serve.html|Who does that server really serve?]], free software is only free when you are in control and should not be dependant on third-party web services. Some work has already been done to free Chromium from this problem, including the removal of "Google OK", a [[https://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html|Google web service plugin used for voice recognition, after user outcry]]. ==== Pre-built Binaries ==== **By default, Chromium** still includes some pre-built binaries to aid in faster compiling. In order to have fully free software, **we require all software to be built from source**. Packagers should not use "use_prebuilt" as a compile option. ==== DRM and Proprietary Codecs ==== **Chromium supports** the use of Widevine DRM, Adobe Pepper Flash, and third-party codecs which are nonfree. **Packagers must ensure that these are removed from the source code** prior to compiling in order to be free software. **To disable them is not enough**. It is required to **remove (support and references about it) from the source** as per the [[https://www.gnu.org/distros/free-system-distribution-guidelines.en.html|FSDG]]. ==== Privacy problems ==== While not specific to free software, **we would like for users to have control over their private information**. Chromium has a [[https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs|number of reported privacy concerns which made it ineligible for use with Tor]]. Issues include **outstanding proxy bugs** which **leak an user's IP address**, fingerprinting issues that **leak the computers hostname and hardware**, and **timing issues that enable timing attacks** even in the browser's "Incognitio" mode. **Free software users should be aware of these issues** and work to patch them upstream and in their packages as needed. ==== A work in progress ==== There is work being done to remove queries to Google and pre-built binaries, as well as strengthen user-privacy. The patch-set called **ungoogled-chromium**, which itself is a **combination of Inox, Iridium, and Debian patches is one such effort**. **Free software advocates are advised** to use these patchsets and help contribute to their maintenance, while pushing for a self-contained version of Chromium with these fixes built-in. With each consecutive Chromium release a new patchset must be created to remove Google specific code and binaries which affect your freedom. **Having a self-contained version** ensures that **no one will be forced to accidentally use nonfree software** during these updates. ===== The Bigger Picture ===== Chromium is also being used as an **embedded framework in various projects**. Users should be aware that **Qt WebEngine is based on Chromium and therefore contains many of the same flaws**. [[https://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs|Proprietary codecs and other anti-features]] **must be removed at compile time** to ensure user's freedom is respected. Due to Qt being a primary component of KDE and many applications, ensuring it is compiled correctly and **removing nonfree software** is of even greater importance to the [[https://www.gnu.org/philosophy/free-software-intro.en.html|Free Software Movement]]. For our freedom's sake, **free software projects should take care about all kinds of freedom issues** when deciding what components to depend on. We are hopeful that the various projects currently working with Chromium source code will make Chromium fully respect both **users' freedom and users' privacy**, making the internet safer, as well as more freedom respecting, for everyone. ===== Licensing ===== This is Free work, you can redistribute it and/or modify it under the terms of either: The [[https://creativecommons.org/licenses/by-sa/4.0/|Creative Commons Attribution-ShareAlike 4.0 International License]] as published by Creative Commons; either version 4.0, or (at your option) any later version, or The [[https://www.gnu.org/copyleft/fdl.html|GNU Free Documentation License]] as published by the Free Software; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. ===== Acknowledgement ===== Most of this documentation was originally written by [[https://www.hyperbola.info/members/founders/#Gaming4JC|Luke .R]].