====== Chromium's Flaws ======

As free software activists, we all enjoy using the latest and greatest in free software, but we need to make sure that **the software we are using really does respect our freedom**. Many users have expressed to us **their desire to run Chromium web browser**, since it appears to be fully free software, **but it still fails in several ways**.

In our research, we discovered that the situation is improving. Just a few years ago, **there were over one thousand unlicensed files** which were <color #B90B0B/#FFDDDD>considered to be nonfree</color>. Thanks to Debian's Lintian Reports and efforts, **it appears those issues have been solved**.

**However, Chromium, by default**, <color #B90B0B/#FFDDDD>still has a number of issues</color> that are of concern for free software users - **even if all the source code is licensed properly**.

===== What are the issues? =====

==== Queries to Google ====

**By default, Chromium source code still has many lines of code that makes direct internet connections to Google**.
When building the software unpatched, much of your browsing experience is under the control of Google's online web services.
As mentioned in the article [[https://www.gnu.org/philosophy/who-does-that-server-really-serve.html|Who does that server really serve?]], free software is only free when you are in control and should not be dependant on third-party web services. Some work has already been done to free Chromium from this problem, including the removal of "Google OK", a [[https://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html|Google web service plugin used for voice recognition, after user outcry]].

==== Pre-built Binaries ====

**By default, Chromium** <color #B90B0B/#FFDDDD>still includes some pre-built binaries</color> to aid in faster compiling. In order to have fully free software, **we require all software to be built from source**. Packagers should not use "use_prebuilt" as a compile option.

==== DRM and Proprietary Codecs ====

**Chromium supports** the use of <color #B90B0B/#FFDDDD>Widevine DRM, Adobe Pepper Flash, and third-party codecs which are nonfree</color>. **Packagers must ensure that these are removed from the source code** prior to compiling in order to be free software. **To disable them is not enough**. It is required to **remove (support and references about it) from the source** as per the [[https://www.gnu.org/distros/free-system-distribution-guidelines.en.html|FSDG]].

==== Privacy problems ====

While not specific to free software, **we would like for users to have control over their private information**. Chromium has a [[https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs|number of reported privacy concerns which made it ineligible for use with Tor]].
Issues include **outstanding proxy bugs** which **leak an user's IP address**, fingerprinting issues that **leak the computers hostname and hardware**, and **timing issues that enable timing attacks** even in the browser's "Incognitio" mode. **Free software users should be aware of these issues** and work to patch them upstream and in their packages as needed.

==== A work in progress ====

There is work being done to remove queries to Google and pre-built binaries, as well as strengthen user-privacy.

The patch-set called **ungoogled-chromium**, which itself is a **combination of Inox, Iridium, and Debian patches is one such effort**.
**Free software advocates are advised** to use these patchsets and help contribute to their maintenance, while pushing for a self-contained version of Chromium with these fixes built-in. With each consecutive Chromium release a new patchset must be created to remove Google specific code and binaries which affect your freedom. **Having a self-contained version** ensures that **no one will be forced to accidentally use nonfree software** during these updates.

===== The Bigger Picture =====

Chromium is also being used as an **embedded framework in various projects**.

Users should be aware that **Qt WebEngine is based on Chromium and therefore contains many of the same flaws**. [[https://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs|Proprietary codecs and other anti-features]] **must be removed at compile time** to ensure user's freedom is respected. Due to Qt being a primary component of KDE and many applications, ensuring it is compiled correctly and **removing nonfree software** is of even greater importance to the [[https://www.gnu.org/philosophy/free-software-intro.en.html|Free Software Movement]].

For our freedom's sake, **free software projects should take care about all kinds of freedom issues** when deciding what components to depend on.

We are hopeful that the various projects currently working with Chromium source code will make Chromium fully respect both **users' freedom and users' privacy**, making the internet safer, as well as more freedom respecting, for everyone.

===== Licensing =====

This is Free work, you can redistribute it and/or modify it under the terms of either:

The [[https://creativecommons.org/licenses/by-sa/4.0/|Creative Commons Attribution-ShareAlike 4.0 International License]] as published by Creative Commons; either version 4.0, or (at your option) any later version, or

The [[https://www.gnu.org/copyleft/fdl.html|GNU Free Documentation License]] as published by the Free Software; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

===== Acknowledgement =====

Most of this documentation was originally written by [[https://www.hyperbola.info/members/founders/#Gaming4JC|Luke .R]].