Is Google Chrome/ Chromium really THAT bad for privacy?

mmobder

mrket good source of information about this can be found at https://github.com/RKNF404/chromium-hardening-guide

This document is quite outdated, misleading, and it's intention is quite, mmm, fishy (hopefully not by intention).
An example would be it's claim that one of the browsers uses JXL. JXL was disabled in Aug'2024, however the document has added the blame that JXL is used only in Aug'2025, a !YEAR after it was removed.

Why?

mrket

mmobder An example would be it's claim that one of the browsers uses JXL. JXL was disabled in Aug'2024, however the document has added the blame that JXL is used only in Aug'2025, a !YEAR after it was removed.

It is clearly stated as an example of adding attack surface, and that support for JXL was eventually removed.
Either you need to work on your reading comprehension, or you're the one who's being intentionally misleading.

userofgos

mmobder a direct competitor of the questionable chromium browser, right?

Huh? I don't understand how you can come to that conclusion. This is a guide to harden Chromium, not a fork.

mmobder https://github.com/RKNF404/chromium-hardening-guide/issues/16

mmobder

Makalratlor The information @mrket linked is very well done and is 100% worth a read

As you recommend the doc, do you mind to verify if it's really worth the trust? https://discuss.grapheneos.org/d/27282-is-google-chrome-chromium-really-that-bad-for-privacy/8

mmobder

mrket so when you assess some tool in the fall of 2025, you ignore the decision process and info available back in 2023, and the fact that once certain issue was discovered and documented, it was eventually mitigated in 2024. Ok, seems legit.

Following this logic, GOS should be to Avoid, as sometime back there were many security issues - just check the issue tracker (and by a matter of fact, still are, just not discovered yet), that became resolved by GOS team, but who cares.

It's the same type of approach that GOS team and me as a user was not happy with when presumably competitors (now obsolete) pushed the wave of distrust into GOS based on false claims.
But when it's not your product, that's OK to use the same approach.
It's called hypocrisy, I think.

Vanadium is close to none re fingerprinting protection - easily verifiable on respective FP engines. No legit alternatives then.

mmobder

userofgos This is a guide to harden Chromium, not a fork.

you've overlooked this - https://github.com/secureblue/Trivalent , check contributions from https://github.com/RKNF404 here https://github.com/secureblue/Trivalent/graphs/contributors - so the guide is maintained by a competitor, kinda fishy

userofgos

mmobder I'm taking a wild guess here, seems like you might be the one that created the github issue I linked to userofgos

Revliss

mmobder

I wouldn't use anything Tor related: it raises enough suspicions for a warrant. Moreover recent updates (at least on desktop) leak hardware and OS information.

mmobder

Revliss enough suspicions for a warrant

Not my worry, one doesn't have much choice re anti-fingerprinting.

BuffaloStance

Revliss

No, accessing Tor is nowhere near enough for LEA to seek a warrant. That is an absurd, made-up take. Please do not spread disinformation.

mrket

mmobder Following this logic, GOS should be to Avoid, as sometime back there were many security issues - just check the issue tracker (and by a matter of fact, still are, just not discovered yet), that became resolved by GOS team, but who cares.

The GOS team doesn't have a track record of adding features which add attack surface for dubious benefit, and later reverting them.

userofgos

mmobder I'm aware that they are a contributer to Trivalant/Secureblue. I still don't understand your reasoning. How is Trivalent a competitor? And in what regard is that fishy?

It is only available on desktop/laptops, developed specifically for Secureblue, both of which GrapheneOS has recommended.

Also, from all the threads I've read that mention Trivalent/Secureblue, GrapheneOS doesn't view them as competitor's but as projects furthering security and privacy in the desktop/laptop world.

Edit: by competitor I assumed you meant of Vanadium. But it seems you have issues with their views of cromite and that Trivalent is therefore competing with cromite. Please correct me if I'm wrong

Revliss

Makalratlor

A decent firewall like rethink DNS has a lot of privacy and anti-tracking features but they still need to tune them: you can contact a different DNS server on each requests but that makes you more fingerprintable, it should be a new DNS for each network change like the MAC address. Don't get me started on weird DNS protocols anyone can flag. That's why having a good firewall would be a great but would likely make you more recognisable in the crowd if not implemented correctly.

mmobder

userofgos How is Trivalent a competitor?

The guide maintained by co-author of Trivalent (desktop browser) targets another (primarily) desktop browser with fishy claims (ignores context, refers to heavily outdated items, etc).

mmobder

userofgos But it seems you have issues with their views of cromite and that Trivalent is therefore competing with cromite. Please correct me if I'm wrong

Yep. The disclosure you're referring to is in the middle of the doc. It's made in a form of "I will not over-advertise", but doesn't promise not to run false claims. Typically, the expectation is to put such disclaimer on the top (just like with all the product reviews we find over the web).

Alvyn

mmobder author clearly stated in his guide that he is Trivalent contributor. I do not see anything wrong about it. Its up to reader and as with everything else. Check more sources and create your opinion. No fishy for me.

mmobder

mrket of adding features

But jxl was already in Chromium, it wasn't added, isn't it, so why call it "adding features" ?
And in Cromite it was hidden behind the flag, isn't it?

That's why adding reference to the issue in the fall of 2025 while it was removed back in 2024 is fishy. All decision process is mentioned here https://github.com/uazo/cromite/issues/351 (as well as in Brave's https://github.com/brave/brave-browser/issues/28411#issuecomment-1480668264 that doesn't mention any security risks)

Inserting fishy claims like it about your competitors into the guide is not a good move. And it's the one of two I've checked (including AdBlock Plus). What else in the guide is a (unintended) manipulation?
The forum was full of text when GOS' competitor did the same to GOS. Just like in Session vs SimpleX where SimpleX promotes quite questionable use cases to put distrust into Session.

mrket

mmobder But jxl was already in Chromium, it wasn't added, isn't it, so why call it "adding features" ?

JXL was removed due to security concerns, and was re-added later by reverting the removal from Chromium.
I don't want to argue further about this, you seem to be twisting facts to fit your narrative, for an unclear purpose, while also wasting the time of the developers of both Cromite and Trivalent (I'm assuming you are "onetimecontributor" on GitHub based on the timing and content of the posts there).
The issue you linked clearly shows the main developer of Cromite also agrees that JXL support has dubious benefit while introducing potential security issues, the fact he chose to support it anyway does not support your case that Cromite is a secure choice.

mmobder

mrket JXL was removed due to security concerns

Really? Where is it in Google's reasoning that they've published?

"
Thank you everyone for your comments and feedback regarding JPEG XL. We will be removing the JPEG XL code and flag from Chromium for the following reasons:
Experimental flags and code should not remain indefinitely
There is not enough interest from the entire ecosystem to continue experimenting with JPEG XL
The new image format does not bring sufficient incremental benefits over existing formats to warrant enabling it by default
By removing the flag and the code in M110, it reduces the maintenance burden and allows us to focus on improving existing formats in Chrome
" https://issues.chromium.org/issues/40168998

Makalratlor

@mmobder

I've had enough experience with most of these browsers to know myself. (both in regards to Chromium based and Firefox/Gecko based) that is why I recommended it cause most of these claims I have already self verified. I did not once take this persons word for it. Ideally people shouldn't take their word for it especially since most of the information is actually pretty easily verifiable simply by examining the browser and using some basic logic.

Although that doesn't mean I particularly agree with every point. I disagree with the fact of Cromite and Brave allowing for MV2 extensions being problematic

Cause while yes MV2 extensions are a security nightmare and MV3 should absolutely be preferred the User should still have the choice to use said extensions if they wish. This is not regressing security until the user chooses to do so and I don't think this change was implemented as a disregard for security but rather a regard for the fact the user should have choice.

However having said that the purpose of the documentation is focused on browser security over everything else so at the same time I cannot entirely say it's invalid in pointing that out either. Cause again this is about security.

And in regards to Cromite I am not sure how I feel about bringing up that whole JPEG XL situation. Cause yes it was implemented but then reverted due to the acknowledgement that it was more problematic than beneficial.

Me personally I wouldn't hold that specific part against Cromite or it's dev but at the same time I can see why others would.

Either way the fact it actively regresses security by refusing to fix CFI and introducing a very terrible content blocker that is memory unsafe i do find very problematic.

And their content blocker has the exact same issues of Brave's such as constantly downloading updates from sources. To Cromite and Brave's credit they did make this lower risk by having all the default lists come from their own servers so the lists are technically coming from a trusted source. But it still doesn't change the fact it is still a regression in security as it would be better if there were no remotely downloaded lists.

Vanadium's way is far superior even if it has less functionality currently as it still gives you efficient and effective blocking while introducing very little to no security risk as it just uses the content filtering engine already present in Chromium so therefore basically little to no extra attack surface is added.

I would actually have a lot less of an issue with Cromite if it would just get rid of that highly questionable adblocker and implemented a solution similar to this instead. But they aren't going to do that.

And yes I am aware the dev does a lot of patching to it beforehand but that still doesn't change a lot of the general problems with it particularly it being memory unsafe. Futhermore the fact it is optional doesn't really matter as it is still the default behaviour. It would be more okay if it was something the user had to opt into rather than opt out of. It's one thing not to have security improving configurations turned off by default, it is entirely another thing when you have security regressing features and configurations turned on by default.

Brave has similar issues of extra attack surface but they are a lot more careful about how and what they implement. Brave is not a good option but is certainly better than Cromite.

And as for the rest of the browsers covered in it.

Chrome is Chrome.
Edge is Edge. Though it is worth noting edge on Android does have some questionable design choices such as including ABP itself with the user being required to opt into it and it went out of its way to start adding extension support which given the context of this documentation would be a disregard for security. Also I'm not sure if Edge on Android allows for setting a custom DOH resolver which isn't the worst but is still highly questionable. In short while Edge definitely is a good option on Windows it doesn't bring much to android and I'd actually even potentially argue in regards to Android Brave would be a better option. I wouldn't recommend Edge on Android in particular due to it not offering much of anything security wise. Also unless something changed I don't think Android Edge supports a JITless mode like the Desktop version does.
- Safari I wouldn't know I don't have any apple devices so can't really verify this myself
- Opera and Vivaldi are genuinely the worst options out of all of them if someone is concerned about security. Aside from having absolutely atrocious update cycles they both add more attack surface than any of the other options and Vivaldi has a adblocker that shares all the same flaws of Cromite's except even worse cause Cromite does at least try to lower the risk and harm of what external filters can cause by cutting out some of the available rules and not allowing every list access to every rule.

And Opera also has a similarly problematic adblocker.
And the documentation forgets to mention Opera also does enable MV2 aswell.

Vanilla Chromium I'm not going to go over as the simple answer is it varies.
Ungoogled Chromium is a similar case to Vanilla Chromium but also has similar issues to Cromite just minus the horrendous built in adblocker and other things.
Webview Browsers are also a pretty terrible option due to the inherent limitations of the Webview.
Flatpak packaging breaks/cripples all Chromium and Firefox browser sandboxes. This is easily and trivially avoidable by just not using Flatpak packaging for your browser and using the actual compatible packaging provided by the devs for your distribution instead.

I'm not going to go over Firefox or any of it's forks cause well. It's been covered so many times and has constantly shown little to no improvement so my input here would not add much to what is already widely known.

Epiphany never used or tested I wouldn't know.

In summary one problem that I noticed with the documentation after saying this is lacking complete information in some browser descriptions.

I'm not going to provide any links cause in reality that wouldn't really do much of anything? I mean that's just shifting from one source to another. If you really want to verify this you are going to have to do it yourself. Which you are free to do as matter of fact I would prefer if you didn't take my word for it as taking someone's. Anyone's. Word for something is not much different from saying "just trust me" when in reality I'm just someone online.

Furthermore how many of my claims here even have legitimate official sources? Most of these Browsers are Operated by for Profit companies and as such it is in their best interest to lie to their users about their security. Which most do in fact do in their own official documentation whilst simultaneously providing no effective way to backup what they say. The only effective way to verify anything is to test.

Regardless however the documentation does have good coverage on actually good and secure browsers and is still easily recommendable compared to most other guides with recommendations as most other guides often times yield actual misinformation.

Furthermore I would argue you calling Trivalent and Vanadium competitors is actual misinformation. Literally neither one seeks to actually compete with eachother and Trivialent literally admits that a significant amount of it's hardening are patches borrowed directly from Vanadium. Nothing about what they do fits the definition of a competitor at all.

And furthermore this wouldn't be the first time a browser maintainer has devised their own comparison table. The DivestOS developer did the same when they were around and only ever recommended Mull(which was their own browser) and Tor due to being mainly focused on Firefox based browsers.

Though they did not deny that Chromium Browsers did have massive security benefits and also maintained their own Chromium Browser called mulch. Which just like Trivalent also used a substantial amount of Vanadium's hardening. Yet despite all of this no one ever called them a "competitor"

But anyways I have spent way too much time writing this.

Point being you are free to disagree with people here you are free to disagree with the person who made the documentation but PLEASE do not go making accusations that someone is spreading misinformation or being misleading when you literally do not have any sort of substantial evidence to back it up. Just cause the person has a large hand in Trivalent means literally nothing. The info the documentation left out about Cromite is minimal and doesn't take away from it's biggest problems. If you really think that these things are worth mentioning then open a issue on github and kindly explain why they should be included.

I have reread the documentation over and over again this past hour probably like 5 times and could find no misinformation. Nor any misleading things about it. Yet you have been attacking this person on this Forum (and possibly on github)

Note that this portion is a response to all of your posts and not just what you asked me.

Oh and by the way.

mmobder Literally removed threads and comments = banned conversations, no need to be ashamed

That is because these people were constantly spreading misinformation about these projects you can still find plenty of talks where they are still around on the forum.

You won't get banned for simply discussing it but depending on what you say might get your post or thread removed yes. Cause that has been a genuine problem on this Forum in the past where people were blindly recommending things like Cromite and in some cases straight up ignoring it's security drawbacks which downplaying security is a big no no here.

mmobder

Makalratlor

So you've lied about the reasons why Google have excluded libjxl at that time, and once your lie was debunked with the direct link to Google issue and official reasoning from GGl team https://issues.chromium.org/issues/40168998, you've decided to write a long post without referring to your lie? Nice)

Can you admit you've lied about the reason for exclusion, or link to the official Google statement about security issues as the reason for exclusion?
I've provided the one https://issues.chromium.org/issues/40168998 that clearly debunks your lie.

And yes, it's nice to keep clean of a lie your main forum account under this 2-days old one.

mrket

mmobder So you've lied about the reasons why Google have excluded libjxl at that time, and once your lie was debunked with the direct link to Google issue and official reasoning from GGl team https://issues.chromium.org/issues/40168998, you've decided to write a long post without referring to your lie? Nice)

I was the one who "lied" (what I wrote was not accurate but not maliciously written), and the reason I haven't clarified what I meant was, as I wrote in my last response to you, that I don't wish to argue any further about this as I feel you are arguing in bad faith.

I only respond now because I take issue with you attacking someone else for my mistake.

Makalratlor

mmobder speaking of degrading security, that is based on a lie why Google has excluded libjxl (real official reason is here https://issues.chromium.org/issues/40168998). I guess the rest from competitor's "misguide"

It does degrade security simply on the fact it's a nearly useless format that is not needed whatsoever. Every single thing that is added is attack surface and if there is not a good reason to add it.... It is large attack surface over Chromium.

"By removing the flag and the code in M110, it reduces the maintenance burden and allows us to focus on improving existing formats in Chrome"

This is exactly the problem. Nothing truly beneficial about it and hinders development. This is objectively a security regression.

mmobder you've decided to write a long post without referring to your lie? Nice)

Also. You have provided literally zero valid arguments and like I said. Verify it with other sources instead of thinking for yourself instead.

You

continue to spread misinformation constantly and attack a completely honest documentation. Furthermore you make it worse by the fact you did not take it up with the person who made the documentation.

Instead you ramble about it here instead of being actually productive when this time could have been a lot better spent and I have to spend here wasting my time cause of someone who refuses to actually accept the truth. But either way I'm not going to stop until this discussion gets stopped one way or another cause I'm realistically not going to let someone sit here and spread misinformation and attack a perfectly good and honest developer.

SPEAKING OF the fact that they literally prioritize a hardened Chromium browser and assist in the development of it should say a lot in itself. Cause they prioritize security more than the Chromium Team themselves do. Yet here you are saying they are spreading misinformation when it is literally in their benefit to tell the truth here. Trivalent is a niche browser meant for security conscious linux users. As such it's accessibility is rather low there would be no reason to maliciously lie furthermore proving if you really think the dev is wrong then you should open a issue.

Even if the Google didn't remove it for security it is still obviously a security risk it isn't that hard to see once again you are looking for other sources of validation when really all it takes is some logical thinking.

"Oh I should just add a whole bunch of code for a format that is REALLY not needed" regardless of Google's actual reasoning it doesn't make a lot of sense at all for security. Every single thing has attack surface

But furthermore you seemed to ever so not kindly gloss over the fact that I didn't even push against Cromite for this. I actually mentioned i wasn't sure how to feel about it. Regardless i pushed against it for the other much more problematic aspects of it.

But if you want to continue defending a browser that is honestly terrible for security go ahead. You still have not provided valid arguments to it's bigger issues by the way (if you can even call this one with the JPEG XL a valid argument cause it's really not.)

mmobder that clearly debunks your lie.

Could you ever so kindly provide the exact text that debunks my "lie"? Cause I keep reading it over and over again and literally see more things confirming that I am correct.

And also even if SOMEHOW JPEG XL wasn't a lot of attack surface the implication alone that JPEG XL is complex and a maintenance burden would naturally imply a security regression. As good security requires good maintenance.