On 01/23/2017 12:00 AM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > Would someone here like to make a web page > _addressed to non-wizards_ > explaining all the flaws in Chromium? > > We could host it on gnu.org or fsf.org, but someone needs to write it. > > I wrote the following article/summary in the most non-technical way I could think of. Perhaps it can be of use:
------------------------------------------------------------------------ Chromium's subtle freedom flaws As free software activists, we all enjoy using the latest and greatest in free software. Many users have expressed to us their desire to run Chromium web browser since it appears to be fully free software. In our research, we discovered that the situation is improving. Just a few years ago, there were over one thousand unlicensed files which were considered to be non-free. Thanks to Debian's Lintian Reports and efforts, this number has come down to under 100 files as of this writing. Licensing the remaining code with GPL-compatible licensing is fairly trivial and is expected to be completed soon - the majority of it being minified javascript.[1] However, Chromium by default has a number of issues that are still a concern free software users - even if all the source code is licensed properly. -What are the issues?- Queries to Google --- By default, Chromium still has many lines of hard-coded internet queries to Google. Building it unpatched essentially puts your browser into the cloud. As mentioned in our article "Who does that server really serve?"[2], free software is only free when you are in control and should not be dependant on third-party web services. Some work has already been done to free Chromium from this enslavement, including the removal of "Google OK" after user outcry.[3] Pre-built Binaries --- By default, Chromium still includes some pre-built binaries to aid in faster compiling. In order to have fully free software, we require all software to be built from source. Packagers should not use "use_prebuilt" as a compile option. DRM and Proprietary Codecs --- Chromium supports the use of Widevine DRM, Adobe Pepper Flash, and third-party codecs which are non-free. Packagers must ensure that these are removed and disabled in the makefile options prior to compiling in order to be free software compliant. Privacy problems --- While not specific to free software, we would like for users to have control over their private information. Chromium has a number of reported privacy concerns which made it ineligible for use with Tor. Free software users should be aware of these issues and work to patch them upstream and in their packages as needed.[4] A work in progress --- There is work being done to remove queries to google and pre-built binaries, as well as strengthen user-privacy. The patch-set called ungoogled-chromium, which itself is a combination of inox, iridium, and Debian patches is one such effort.[5] Free software advocates are advised to use these patchsets and help contribute to their maintenance. With each consecutive Chromium release a new patchset must be created to remove Google specific code and binaries which affect your freedom. - The Bigger Picture Chromium is also being used as an embedded framework in various projects. Users should be aware that QTWebengine is based on Chromium and therefore contains many of the same flaws. Proprietary codecs and other anti-features must be disabled at compile time to ensure user's freedom is respected.[6] Due to QT being a primary component of KDE and many applications, ensuring it is compiled correctly and removing non-free software is of even greater importance to the free software movement. We are hopeful that the various projects currently working with Chromium will continue their efforts to liberate the code, making the internet safer, as well as more freedom respecting, for everyone. 1. https://lintian.debian.org/maintainer/pkg-chromium-ma...@lists.alioth.debian.org.html#chromium-browser 2. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html 3. http://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html 4. https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs 5. https://github.com/Eloston/ungoogled-chromium 6. http://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs This is Free work, you can redistribute it and/or modify it under the terms of either: The Creative Commons Attribution-ShareAlike 4.0 International License as published by Creative Commons; either version 4.0, or (at your option) any later version, or The GNU Free Documentation License as published by the Free Software Foundation; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts ------------------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list Dev@lists.parabola.nu https://lists.parabola.nu/mailman/listinfo/dev