Is Google Chrome/ Chromium really THAT bad for privacy?

mrket

mmobder So you've lied about the reasons why Google have excluded libjxl at that time, and once your lie was debunked with the direct link to Google issue and official reasoning from GGl team https://issues.chromium.org/issues/40168998, you've decided to write a long post without referring to your lie? Nice)

I was the one who "lied" (what I wrote was not accurate but not maliciously written), and the reason I haven't clarified what I meant was, as I wrote in my last response to you, that I don't wish to argue any further about this as I feel you are arguing in bad faith.

I only respond now because I take issue with you attacking someone else for my mistake.

mmobder

mrket was not accurate

you see, it works;), so you can back your statement with the link to official Google comment that supports your "not a lie" that it was security concern, right?
Because https://issues.chromium.org/issues/40168998 states you're a lier, as you lie about exclusion reason and you're in a hard denial re you being wrong.

mmobder

mrket I was the one who "lied"

you've just started to lie and @Makalratlor supports and shares your lie here https://discuss.grapheneos.org/d/27282-is-google-chrome-chromium-really-that-bad-for-privacy/4 speaking of degrading security, that is based on a lie why Google has excluded libjxl (real official reason is here https://issues.chromium.org/issues/40168998). I guess the rest from competitor's "misguide" https://github.com/RKNF404/chromium-hardening-guide is of the same quality

mmobder

mrket you are arguing in bad faith.

orly? I'm the one who supports debunk of a lie you and other spreads here about browsers by providing links to ! official google statements and not a generic groundless fishy claims from a competitors.

Your the one who is not sorry for not being critical to the misguided you promote and not saying you was wrong to begin with.

libjxl is a good example of a competitor's (Trivalent) lie, I guess the rest claims are of the same quality at least for the concerned browser.

Makalratlor

mmobder speaking of degrading security, that is based on a lie why Google has excluded libjxl (real official reason is here https://issues.chromium.org/issues/40168998). I guess the rest from competitor's "misguide"

It does degrade security simply on the fact it's a nearly useless format that is not needed whatsoever. Every single thing that is added is attack surface and if there is not a good reason to add it.... It is large attack surface over Chromium.

"By removing the flag and the code in M110, it reduces the maintenance burden and allows us to focus on improving existing formats in Chrome"

This is exactly the problem. Nothing truly beneficial about it and hinders development. This is objectively a security regression.

mmobder you've decided to write a long post without referring to your lie? Nice)

Also. You have provided literally zero valid arguments and like I said. Verify it with other sources instead of thinking for yourself instead.

You

continue to spread misinformation constantly and attack a completely honest documentation. Furthermore you make it worse by the fact you did not take it up with the person who made the documentation.

Instead you ramble about it here instead of being actually productive when this time could have been a lot better spent and I have to spend here wasting my time cause of someone who refuses to actually accept the truth. But either way I'm not going to stop until this discussion gets stopped one way or another cause I'm realistically not going to let someone sit here and spread misinformation and attack a perfectly good and honest developer.

SPEAKING OF the fact that they literally prioritize a hardened Chromium browser and assist in the development of it should say a lot in itself. Cause they prioritize security more than the Chromium Team themselves do. Yet here you are saying they are spreading misinformation when it is literally in their benefit to tell the truth here. Trivalent is a niche browser meant for security conscious linux users. As such it's accessibility is rather low there would be no reason to maliciously lie furthermore proving if you really think the dev is wrong then you should open a issue.

Even if the Google didn't remove it for security it is still obviously a security risk it isn't that hard to see once again you are looking for other sources of validation when really all it takes is some logical thinking.

"Oh I should just add a whole bunch of code for a format that is REALLY not needed" regardless of Google's actual reasoning it doesn't make a lot of sense at all for security. Every single thing has attack surface

But furthermore you seemed to ever so not kindly gloss over the fact that I didn't even push against Cromite for this. I actually mentioned i wasn't sure how to feel about it. Regardless i pushed against it for the other much more problematic aspects of it.

But if you want to continue defending a browser that is honestly terrible for security go ahead. You still have not provided valid arguments to it's bigger issues by the way (if you can even call this one with the JPEG XL a valid argument cause it's really not.)

mmobder that clearly debunks your lie.

Could you ever so kindly provide the exact text that debunks my "lie"? Cause I keep reading it over and over again and literally see more things confirming that I am correct.

And also even if SOMEHOW JPEG XL wasn't a lot of attack surface the implication alone that JPEG XL is complex and a maintenance burden would naturally imply a security regression. As good security requires good maintenance.

other8026

mmobder I see you said the word "lie" or called another person a liar a total of eleven times. I personally don't know all of this stuff, but it doesn't matter. In our community spaces, people should be respectful of one another. If someone wrote something that's incorrect, it's okay to point that out and to share proof. But, it's not really polite to accuse people of lying.

Please be more polite moving forward.

mmobder

other8026 If someone wrote something that's incorrect, it's okay to point that out and to share proof. But, it's not really polite to accuse people of lying.

If you read it chronologically, it was without a word "lie" till the moment the person has proved his intention not to seek truth in the conversation - as the decision was to ignore an argument (a link to official statement from Google) that contradicts original claim that some feature was removed due to Google engineers consider it to be insecure.
Literally a ton of text instead of "wow, haven't realized it, yep, I will revise my claim and will hold on recommending the 'guide' till I re-assess the rest".
So the use of the word "lie" is just as per MW dictionary.

If one accuses an application to be insecure appealing to a strong team of Google engineers, it's better not to misuse this "appeal to authority".

mmobder

other8026 and I thought GOS community may be more sensitive to attacking other projects on shady grounds just because it (creators) was fighting back the same opinion-based and somewhat manipulative attacks in the media from "competitors".

BuffaloStance

Revliss

No, accessing Tor is nowhere near enough for LEA to seek a warrant. That is an absurd, made-up take. Please do not spread disinformation.

Makalratlor

Also @mmobder

See here. Since you like reference links.
https://github.com/mozilla/standards-positions/issues/522#issuecomment-1409539985
https://github.com/mozilla/standards-positions/pull/1064

Even Mozilla. The people behind Firefox. A browser notorious for being extremely insecure. Agreed that JPEG XL in it's current state is massive attack surface.

It is important to note it seems both Mozilla and Google are trying to work towards a much safer implementation of it and then may consider adding it back in.

The only part where I am inclined to agree with you is I'm not sure if Google's decision to drop it was actually even remotely security driven. However that still doesn't change the fact it is currently a security regression.

mmobder

It has appeared the author has explained/addressed the rest of claims here https://github.com/uazo/cromite/issues/2343

other8026

mmobder Using attacks targeting GrapheneOS and its members in this way is also not appropriate. I'm not going to look past you being impolite just because you're bringing that up. I was not telling you to stop because you're wrong, I wasn't even asking people to stop the discussion. I asked you to stop using the word "lie" and calling others "liars" because it comes off as impolite, that's it. I don't think it's too much to ask. But, if people can't have a level-headed discussion, then that's when a moderator needs to step in.

So, I'm locking this thread because the discussion has gotten too heated, I am getting pushback when asking for things to be toned down, and as a result I don't feel this discussion will be productive anymore.

« Previous Page