GrapheneOS but you're wrong about what the differences are.
What are the differences?
GrapheneOS but you're wrong about what the differences are.
What are the differences?
GrapheneOS and adds a bunch of questionable changes.
GrapheneOS Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.
Can you please go more in details and explain what?
I'm very interested in it.
Thanks a lot
GrapheneOS also not a trustworthy project. It may be marked with a warning in the future.
Why is this? Can you supply more info? I always thought Cromite had a good rep with the privacy community.
Thanks for the warning.
Could you recommend a different browser fingerprinting test tool?
Would be interested to read resources that explain modern browser fingerprinting methods in more detail.
Thanks again ~
GrapheneOS What would be, from a security perspective, the better choice then: Firefox as flatpak, Firefox as a distribution package, or tar.bz2 from the Mozilla website?
GrapheneOS Could you please elaborate on that?
As a user, I risk severe moderation or even banishment for baselessly claiming things in the forum, without some kind of 'proof' to my claim. Can a representative of the project please add some clarity to the claims against Cromite. I ask, as I use Cromite! Its a project often lauded in privacy circles, as Bromite was before it. I'm probably not the only one now a little concerned that the makers of the phone os we use states that a previously considered 'safe' browser is actually 'untrustworthy' in their opinion. Thanks.
locked Did they state that it was unsafe?
They said:
GrapheneOS Bromite is an insecure, dead project and we recommend against using Cromite since it rolls back security and adds a bunch of questionable changes. It's also not a trustworthy project. It may be marked with a warning in the future.
Cromite makes a lot of choices that make it a subpar choice, and in my opinion, doesn't prioritize security.
Some examples of this:
Cromite is the successor to Bromite, a now-dead project that changed its licensing to GPLv3 and wouldn't share patches with Vanadium despite taking from it. All in all, I personally see no reason why it's so widely recommended in so called "privacy circles".
matchboxbananasynergy they're all choices one makes when deciding in a browser to use for whatever task they choose.
I was more referring to the 'untrustworthy' label the project was designated by GraoheneOS a couple of comments ago. Its one thing having and opinion of unsatisfactory security, totally another to be deemed untrustworthy in general. I just really wanted to know why they're apparently untrustworthy as a whole.
Just to edit, I'm not arguing or making any point. I use Cromite for one aspect of my browsing and I am surprised by the designation.
mmmm Taking from Vanadium while preventing sharing code the other way is trustworthy behavior to you? The person behind Cromite was with Bromite too, although not the main person there. They can't do that anymore due to Vanadium being licensed GPLv2 now, but they do still have Vanadium patches in their browser, of course.
Being okay with groups that have been hostile to GrapheneOS numerous times in the past is also something we're unlikely to consider trustworthy, too.
matchboxbananasynergy Taking from Vanadium while preventing sharing code the other way is trustworthy behavior to you?
Was that a licensing issue?
matchboxbananasynergy Cromite does not support CFI. It used to, but then it broke, and instead of fixing the issue, they simply stopped using it.
Of course, they also don't use MTE, which Vanadium does on devices supporting it.
Tbf no Chromium browser outside of Vanadium and Mulch does that on Android
matchboxbananasynergy Taking from Vanadium while preventing sharing code the other way is trustworthy behavior to you?
I suppose not, from the projects point of view. But from a users point of view I dont see how its particularly relevant. Trustworthy from my point of view, with regards to a browser, is whether they're looking at what I browse, or logging my location, or helping profile me. The 'underworld' of open source coding ethics aren't really my forte, and i guess if i looked that deeply, 'untrustworthy' would take on a new meaning.
But yes I get your point. Thanks for clarifying the reason as to why it should be avoided from the projects point of view.
I dont think it will stop my minimal and particular usage of Cromite.
Edit to add, I am in the habit of having separate browsers for separating things. I have worked that way for years and you cant teach old dogs new tricks. I use several browsers to achieve this. However if I could have multiple instances of vanadium and mulch, I would ditch everything else!
mmmm They said it was not trustworthy, which I would define (in this context) to mean the developers are not trusted to make good security or privacy implementations to the cromite browser. Don't confuse that to necessarily mean unsafe. It does not meet GrapheneOS's security standards. Some reasons have been listed below...
TheGodfather Cromite makes changes which significantly reduce security, and most of their privacy changes are highly questionable.
@AlphaElwedritsch Your reply has been removed because you're citing a site full of false marketing claims and misinformation to promote a highly insecure product. Those folks are heavily involved in attacks on the GrapheneOS project through spreading misinformation about it and engaging in harassment targeting our team. Stop promoting it if you want to participate in our community.
Aside from that, GrapheneOS is not a "custom ROM". That's incorrect terminology and should not be used to refer to it.
mmmm locked They do not implement many of the features correctly and take problematic shortcuts. It leads to them having a long list of features which sound useful but which are largely reducing security and not working properly. They incorporate highly problematic third party code from Eyeo full of serious security bugs and full of invasive tracking code. Their technical decisions are not the full picture of what we were referring to though. It's quite relevant that they have no issue with plagiarism, scamming and harassment, even towards people they were taking substantial amounts of code from in the past which they then downplayed. You would be better off using Brave which despite the controversies about cryptocurrency, etc. is far more technically competent and also far more trustworthy than this.