This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use
idk what to tell you if you’re still using chrome
Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn’t surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn’t news for no reason. Don’t trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).
Relevant username.
People don’t hate Google as much as they should. It’s cringeworthy how much they promote this ad company on this platform. They don’t even realze themselves they got comprised.
Well pretty much all computers have a backdoor to the CPU. That hasn’t been proven for Pixel phones though.
No, only Google has backdoors that are coming to light tome after time. Stop defending them Google ad fan boi.
Is this trolling or are you for real?
I fucking hate Google and wouldn’t use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It’s based on the open RISC-V architecture, and it’s the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the “Secure Enclave” in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that’s a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can’t really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple’s Secure Enclave is also based on ARM, as well as Snapdragon’s SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn’t use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.
Google fan boy. Good luck promoting that shitty ad company.
Ah yes, definitely promoting Google
I fucking hate Google and wouldn’t use any of their (proprietary) software
I hope you realize how dumb your comment is
Wrll you have to use a pixel phone to use graphene os
Eat the ads then.
Yeah, I’m not super happy about that part, but don’t really know what to do
Use a Pixel phone. No more sketchy then any other popular phone manufacturer
It’s what I do. With degoogled os. But the proprietary blobs aren’t filling me with confidence.
Does your laptop run free software boot firmware? If not, it has the same issues as a phone, if not more. No smartphone runs fully free firmware.
I know all this and that’s not filling me with confidence, either. It’s why Framework is in my sights.
I do: DON’T
Yet another reason to switch to Firefox, or even better, a hardened fork like LibreWolf [email protected]
What functionality would I lose/gain if I switch from Firefox to Librewolf? I’m admittedly an amateur in the privacy space, and I’ve been pretty content with Firefox + Ublock and container tabs for different profiles, but I consistently get the issue that my browser fingerprint is pretty unique, and I have no idea how to or even if I can anonymize that anymore.
Librewolf is not associated with Mozilla and does not receive their primary source of funding from Google like Mozilla does. I really like having the same browser and browser synchronization between my phone and desktop/laptop, so librewolf is out for me. They have no interest or resources to build an Android version. Waterfox does at least have desktop / android option and takes things at least one small step further away from Google.
It is the same browser. LibreWolf doesn’t change much of the Firefox code, mostly just the configuration. They enable various privacy/security settings by default and remove Mozilla telemetry. You can go to the LibreWolf settings and enable Firefox Sync, and it will work just fine with your Mozilla account and other Firefox browsers.
For Android, I like to use Mull, it’s a hardened build of Firefox, similar to LibreWolf.
Tangent note: I think browser fingerprinting is only a source of concern if you use VPN. Otherwise, your IP is already a good enough identifier, and quite likely doesn’t rotate often enough. Please someone correct me if I’m wrong.
Yeah I’d only worry about it if I were trying to buy drugs on the dark net or something. I guess if torrenting became illegal I would also worry.
Became? 🤔
It’s sort of legally gray but generally speaking in the US downloading is a civil offense but not a criminal one. You can get sued by the copyright holder for example but you won’t end up in jail over it.
People usually never get sued for it because it’s not worth it for Comcast to pay for lawyers to try and extract any money out of regular people. Not only will they almost certainly be unable to even recoup the lawyer fees, they risk getting a lot of bad PR for no gain.
What’s usually considered an arrestable offense is uploading aka distribution. Once you start hosting seedboxes then you enter the area where you’re liable to go to prison.
This that and the article are very light on details, but I couldn’t find an article deeper in details
My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
That’s strange, I’ve never heard of that before
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.
Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.
This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).
Sounds easier to switch to another browser at that point
OP apparently needs Chrome to log into an enterprise GSuite account, which has specific requirements, that are enforced by Chrome’s enterprise policy system. I don’t think this works in Chromium.
Oh I didn’t catch that my bad. I hope they get a work computer where this kind of stuff doesn’t interfere with private life!
How long until it will be used as a backdoor to hack womeone’s PC?
Chrome is the backdoor and you already installed it
Seems google has already done that
“Don’t be evil”
Does this also affect Chromium, or is it just Google Chrome?
The article mentions it being affecting Google Chrome through Chromium, but it’s not clear if it also affects Chromium on its own, or other Chromium-based browsers.
Doesn’t seem to work on cromite desktop (good)
Would everyone who is surprised by this please raise your hand? . . . That’s what I thought.
I am
Why do people still use Chrome?
Please uninstall it from everyone’s home pc and phone that you come into contact with
Because it’s fast and works well enough to keep the fame acquired over the last 10 years.
At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.
It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.
It baffles me people use chrome.
Why? There was a time when chrome was significantly better, and most people hate change.
I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.
In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.
There are more options than GrapheneOS with broader device support, such as Calyx or LineageOS.
But if you use Android already, you can start by using F-Droid (or others) to install apps to find FOSS replacements for apps you use.
I’m also doing this. Proton is amazing, for the most part. Ente Photos is also incredible for ditching Google Photos, although I’ll probably switch to Proton Photos when that comes out since Ente is pricey.
Kagi is a great replacement for Google search. It does cost money though.
Or you can take a Duck. Then get one more Duck. Then you can Go.
I kinda want to, but I’m also a sucker for ease of use
For ease of use Apple might be the most convenient alternative to Google. At least for smartphones.
Ease of use and apple are not near each other in my dictionary.
I think a lot of things are designed very unlogical
That might be because you are just not used to it. Comparable to the switch from Windows to Linux.
I’m using Linux and tried different distros. I also used chrome os and windows Phone. I tried ios, hence my feelings towards it
If you’re still using Google Chrome in 2024, you might be a moron. #Firefox
I am “slightly” worried that there’s only a single option left. That’s only 1 organization’s corruption removed from total loss of control over browsing privacy :/
And Mozilla main source of income is… Google.
This is bad, very bad.
Google pays them to be the default search. FF is like Steve Irwin, you could have been the biggest poacher, if you gave him money he would use it to buy land to help protect animals. FF is pulling the same thing but for the intetnet
