• John Richard@lemmy.world
    link
    fedilink
    arrow-up
    5
    arrow-down
    17
    ·
    4 months ago

    Simply not true. The only way to stop Firefox from phoning home completely is via about:config or a policy template file:

    https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections https://mozilla.github.io/policy-templates/

    You can do the same with Chrome:

    https://chromeenterprise.google/policies/

    Firefox certainly phones home less by default, especially when opting out through various settings, but not completely. Chrome/Chromium isn’t evil either. Chromium sandboxing has long been praised as a more secure browser, hence why GrapheneOS (praised as the most secure phone distro) uses Chromium as their browser and not Firefox. Not saying Firefox is bad either. I actually prefer Firefox in certain scenarios and there is a reason that Tor and Mullvad use Firefox for their browsers too (easier to prevent JS from leaking system info), but Chromium is open source as well and used in things like Electron for Signal.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      4 months ago

      Simply not true.

      No, it is true.

      Making connections to mozilla != collecting boatload of telemetry. Every function in that page is to download FULL lists of information. Not specific tracking items. You don’t gain a whole lot of telemetry/metadata on someone who downloads a new blocklist. Rather that say someone who checks a specific domain on a blocklist. further, the vast majority of things (virtually all of it) is configurable in toggles. And many options in here don’t even send mozilla anything at all (prefetching for example.)

      Automatic connections != sending mozilla all your tracking information.

      Chrome/Chromium isn’t evil either.

      Hiding plugins that give google your hardware information when you visit any google domain without consent is pretty fucking evil.

      • John Richard@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        18
        ·
        4 months ago

        Again Chromium is open source. Chrome is Google’s bundled browser that includes API keys and plugins to share information for signing in to Google and syncing data with your Google account. You do not have to enable these, and they can be disabled using policies & flags.

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          1
          ·
          edit-2
          4 months ago

          The hidden plugins I’m talking about are BUILT INTO CHROMIUM.

          https://community.brave.com/t/hidden-extensions-in-chromium-source/557645

          Chromium based browsers (brave as an example linked above) ALSO had them present. It was only due to the new of this being a thing recently that brave (and probably others) made it disable-able (https://github.com/brave/brave-core/pull/24583 5 days ago).

          Screaming “it’s open source” means nothing if nobody ever reviewed the code, and disabled the google spyware shit that they put into chromium to begin with. Remember the Chromium is still a google product.

          I’d rather just Mozilla… You know… since they didn’t try to fuck me out the gate. I can accept “On by default, but we ask you during setup and you can access the setting at anytime” vs “Fuck you, you turned off all the telemetry but can’t reach the hidden add-ons we install without recompiling your own browser”. The mentality matters. I can trust the former to not screw me a bit more vs the latter rapist mentality.

          • John Richard@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            11
            ·
            4 months ago

            It is hard to have a discussion with you when you exaggerate. Rapist mentality is far from what Chromium is. You really can’t equate rape to technology, since you have a choice.

            The API you references communicates with Google using its own API when you use Google services, and as specifically designed for Google Hangouts at the time to report system information during calls. This has been known about since at least 2018. Any developer could have submitted a PR to have it removed. That is how open source works.

            This has already been disabled in other Chromium builds:

            https://github.com/ungoogled-software/ungoogled-chromium/blob/master/flags.gn#L5

            Just because Brave recently submitted a bug report doesn’t mean that others have noticed. Again, I encourage you to look at what can be disabled via policies in Chrome (like Firefox):

            https://chromeenterprise.google/policies/#WebRtcEventLogCollectionAllowed