idk what to tell you if you're still using chrome
this post was submitted on 09 Jul 2024
465 points (99.2% liked)
Technology
59039 readers
3181 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn't surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn't news for no reason. Don't trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).
load more comments
(2 replies)
load more comments
(1 replies)
This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use
Vivaldi and Brave have the option to disable the Hangouts extension in settings, which should disable this.
As linked in the article, it is indeed used for "Hangouts" (Meet) troubleshooting.
load more comments
(1 replies)
load more comments
(6 replies)
How long until it will be used as a backdoor to hack womeone's PC?
Chrome is the backdoor and you already installed it
Seems google has already done that
Negative number.
If you're still using Google Chrome in 2024, you might be a moron. #Firefox
I am "slightly" worried that there's only a single option left. That's only 1 organization's corruption removed from total loss of control over browsing privacy :/
And Mozilla main source of income is... Google.
This is bad, very bad.
Google pays them to be the default search. FF is like Steve Irwin, you could have been the biggest poacher, if you gave him money he would use it to buy land to help protect animals. FF is pulling the same thing but for the intetnet
load more comments
(1 replies)
load more comments
(1 replies)
Yet another reason to switch to Firefox, or even better, a hardened fork like LibreWolf [email protected]
What functionality would I lose/gain if I switch from Firefox to Librewolf? I'm admittedly an amateur in the privacy space, and I've been pretty content with Firefox + Ublock and container tabs for different profiles, but I consistently get the issue that my browser fingerprint is pretty unique, and I have no idea how to or even if I can anonymize that anymore.
Librewolf is not associated with Mozilla and does not receive their primary source of funding from Google like Mozilla does. I really like having the same browser and browser synchronization between my phone and desktop/laptop, so librewolf is out for me. They have no interest or resources to build an Android version. Waterfox does at least have desktop / android option and takes things at least one small step further away from Google.
It is the same browser. LibreWolf doesn't change much of the Firefox code, mostly just the configuration. They enable various privacy/security settings by default and remove Mozilla telemetry. You can go to the LibreWolf settings and enable Firefox Sync, and it will work just fine with your Mozilla account and other Firefox browsers.
For Android, I like to use Mull, it's a hardened build of Firefox, similar to LibreWolf.
U can sync regular mobile ff and librewolf. Thats what i currently have.
load more comments
(3 replies)
load more comments
(20 replies)
I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.
In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.
There are more options than GrapheneOS with broader device support, such as Calyx or LineageOS.
But if you use Android already, you can start by using F-Droid (or others) to install apps to find FOSS replacements for apps you use.
Searching for "Calyx" got me a lot of results that had nothing to do with the Android ROM, so for the convenience of anyone else reading this thread their URL is https://calyxos.org/
load more comments
(1 replies)
load more comments
(1 replies)
I already ditched Windows for Linux a month ago because of spyware.
Great!
Everything Google-related is next.
Even better.
My phone is going to be the hardest thing to de-infest.
If you plan on getting a new phone soon, I recommend a Google Pixel, on which you can install GrapheneOS. Yes, ironically Google devices are the best for installing alternative operating systems and removing all the Google BS. GrapheneOS is completely free and open source, and based on the Android Open Source Project. It incorporates many privacy and security enhancements, and gives you total freedom and control over your device. In my opinion, it's the best option for degoogling a phone.
load more comments
(3 replies)
load more comments
(16 replies)
Remember when Google pushed for use of open standard in the browser to force Microsoft IE out of the market? Oh yeah I ‘member
load more comments
(1 replies)
Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.
There's a bunch of stuff in Chrome that's special-cased to only allow Google to access it.
Not sure if it's still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can't remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.
Turns out the Chromium codebase had a hard-coded allowlist that only allowed *.google.com to use the API!
Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.
load more comments
(3 replies)
Does this also affect Chromium, or is it just Google Chrome?
The article mentions it being affecting Google Chrome through Chromium, but it's not clear if it also affects Chromium on its own, or other Chromium-based browsers.
It allegedly also affects Edge and Vivaldi, so it seems to be chromium not chrome
Just now tested in Vivaldi and it works, so yeah seems like Chromium 🥲
load more comments
(3 replies)
Would everyone who is surprised by this please raise your hand? . . . That's what I thought.
load more comments
(6 replies)
This that and the article are very light on details, but I couldn't find an article deeper in details
My laptop, that I own and runs Linux that I installed, has chrome in it. I'm order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
That's strange, I've never heard of that before
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.
Docker (or containers in general) aren't meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.
This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).
load more comments
(3 replies)
It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.
load more comments
(3 replies)
this just in: google is still spying on you in every way possible
Ianal, but this sounds like something worthy of suing their ass over. There's not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.
Refreshing change from reading about some new AI powered tracking nonsense in Windows.
Hmmm, no way this could ever turn into a security hole, I'm sure of it.
view more: next ›