On 01/23/2017 12:00 AM, Richard Stallman wrote:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> Would someone here like to make a web page
> _addressed to non-wizards_
> explaining all the flaws in Chromium?
>
> We could host it on gnu.org or fsf.org, but someone needs to write it.
>
>
I wrote the following article/summary in the most non-technical way I
could think of. Perhaps it can be of use:

------------------------------------------------------------------------


Chromium's subtle freedom flaws

As free software activists, we all enjoy using the latest and greatest
in free software.
Many users have expressed to us their desire to run Chromium web browser
since it appears to be fully free software.

In our research, we discovered that the situation is improving. Just a
few years ago, there were over one thousand unlicensed files which were
considered to be non-free. Thanks to Debian's Lintian Reports and
efforts, this number has come down to under 100 files as of this
writing. Licensing the remaining code with GPL-compatible licensing is
fairly trivial and is expected to be completed soon - the majority of it
being minified javascript.[1]

However, Chromium by default has a number of issues that are still a
concern free software users - even if all the source code is licensed
properly.


-What are the issues?-


Queries to Google
---

By default, Chromium still has many lines of hard-coded internet queries
to Google.
Building it unpatched essentially puts your browser into the cloud.
As mentioned in our article "Who does that server really serve?"[2],
free software is only free when you are in control and should not be
dependant on third-party web services. Some work has already been done
to free Chromium from this enslavement, including the removal of "Google
OK" after user outcry.[3]

Pre-built Binaries
---

By default, Chromium still includes some pre-built binaries to aid in
faster compiling. In order to have fully free software, we require all
software to be built from source. Packagers should not use
"use_prebuilt" as a compile option.

DRM and Proprietary Codecs
---

Chromium supports the use of Widevine DRM, Adobe Pepper Flash, and
third-party codecs which are non-free. Packagers must ensure that these
are removed and disabled in the makefile options prior to compiling in
order to be free software compliant.


Privacy problems
---

While not specific to free software, we would like for users to have
control over their private information. Chromium has a number of
reported privacy concerns which made it ineligible for use with Tor.
Free software users should be aware of these issues and work to patch
them upstream and in their packages as needed.[4]


A work in progress
---

There is work being done to remove queries to google and pre-built
binaries, as well as strengthen user-privacy.

The patch-set called ungoogled-chromium, which itself is a combination
of inox, iridium, and Debian patches is one such effort.[5]
Free software advocates are advised to use these patchsets and help
contribute to their maintenance. With each consecutive Chromium release
a new patchset must be created to remove Google specific code and
binaries which affect your freedom.


- The Bigger Picture

Chromium is also being used as an embedded framework in various projects.

Users should be aware that QTWebengine is based on Chromium and
therefore contains many of the same flaws. Proprietary codecs and other
anti-features must be disabled at compile time to ensure user's freedom
is respected.[6] Due to QT being a primary component of KDE and many
applications, ensuring it is compiled correctly and removing non-free
software is of even greater importance to the free software movement.

We are hopeful that the various projects currently working with Chromium
will continue their efforts to liberate the code, making the internet
safer, as well as more freedom respecting, for everyone.


1.
https://lintian.debian.org/maintainer/pkg-chromium-ma...@lists.alioth.debian.org.html#chromium-browser
2. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
3.
http://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html
4.
https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
5. https://github.com/Eloston/ungoogled-chromium
6. http://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs

This is Free work, you can redistribute it and/or modify it under the
terms of either:
The Creative Commons Attribution-ShareAlike 4.0 International License as
published by Creative Commons; either version 4.0, or (at your option)
any later version, or
The GNU Free Documentation License as published by the Free Software
Foundation; either version 1.3, or (at your option) any later version;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts

------------------------------------------------------------------------


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dev mailing list
Dev@lists.parabola.nu
https://lists.parabola.nu/mailman/listinfo/dev

Reply via email to