You are not logged in.

#1 2015-06-17 20:58:11

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Inox Browser - yet another Chromium Privacy Spin-off

Hi folks,


I created yet another Chromium spin-off called Inox (a synonym for stainless steel).
Inox goal is to provide a minimal chromium based browser with focus on privacy by disabling data transmission to google.

This is not a whole fork, but a set of patches applied on the arch chromium package. I do not want to create a whole fork to keep things as close as possible to Chromium.
At this state Inox and Chromium can't run in parallel, but they share the same Chromium user profiles.



Source code and a pre-built binary are available on AUR.

Links: github | source | binary

Screenshots: http://imgur.com/a/IUfqm

29yi5t.jpg


Edit 04.12.2015: The feature list below is not up to date, view the github page instead.

The following features are already available:

based on patches:

  • Disabled Google's Instant Extended API, this has the effect that the old "New Tab" is in place. (See disable-instant-extended-api.patch)

  • DuckDuckGo as default search engine.            (See add-duckduckgo-seaarch-engine.patch)

  • Disabled AutoFill data transmission                  (See disable-autofill-download-manager.patch)

  • All Browser Extensions are now visible             (See modify-default-prefs.patch)

  • Enabled user-modification for ALL extensions  (See disable-default-extensions.patch)

  • Removed following default extensions:             (See disable-default-extensions.patch)
            -> Hotword (incl. Shared Module)
            -> Google Now
            -> Google Feedback
            -> Cloud Print
            -> Google Webstore
            -> Network Speech synthesis
            -> Google Hangout

  • Disabled URLTracker data transmission. I know this class has a bad naming, but nevertheless it connects to Google. (See disable-google-url-tracker.patch)

  • Disabled promo-notification fetching                     (See disable-notification-promo-fetch.patch)

  • Disabled ipv6 probes to google servers                (See disable-google-ipv6-probes.patch)

  • Disabled Google Cloud Messaging status check  (See disable-gcm-status-check.patch)

  • Modified default settings:                                       (See modify-default-prefs.patch)
            -> DefaultCookiesSetting: CONTENT_SETTING_SESSION_ONLY
            -> EnableHyperLinkAuditing: false
            -> CloudPrintSubmitEnabled: false
            -> NetworkPredictionEnabled: false
            -> BackgroundModeEnabled: false
            -> BlockThirdPartyCookies: true
            -> AlternateErrorPagesEnabled: false
            -> SearchSuggestEnabled: false
            -> AutofillEnabled: false
            -> "Send feedback" checkbox if user triggers settings-reset: false
            -> BuiltInDnsClientEnabled: false
            -> SignInPromoUserSkipped: true
            -> SignInPromoShowOnFirstRunAllowed: false
            -> ShowAppsShortcutInBookmarkBar: false
            -> ShowBookmarkBar: true
            -> PromptForDownload: true
            -> SafeBrowsingEnabled: false
            -> EnableTranslate: false

based on build flags:

  • Disabled google now:                enable_google_now=0

  • Disabled WebRTC:                    enable_webrtc=0

  • Disabled Remote service:          emable_remoting=0

  • Disabled safe browsing:             safe_browsing_mode=0

  • Disabled RLZ Identifier:              enable_rlz=0

  • Disabled google hangouts:         enable_hangout_services_extension=0

  • Disabled wifi bootstrapping:        enable_wifi_bootstrapping=0

  • Disabled speech input:               enable_speech_input=0

  • Disabled pre backups on sync:   enable_pre_sync_backup=0

  • Disabled print preview:                enable_print_preview=0

  • Disabled Chrome build:               google_chrome_build=0


How to install extensions from Google WebStore?

Since there is no WebStore plugin, you cannot install extensions directly from the store, but there exists a workaround to download and install any extension manually.

https://clients2.google.com/service/update2/crx?response=redirect&prodversion=38.0&x=id%3D[EXTENSION_ID]%26installsource%3Dondemand%26uc

To download a extension just replace [EXTENSION_ID] with the extension-id from the WebStore.
To install it, just drag and drop the downloaded file into a chrome://extensions/ tab.

Thanks to the guys from Iridium Browser for pushing in the right direction.
I hope someone find it useful and I'd be happy to hear about your thoughts and feature requests. (issue tracker follows)



Edit:

Spelling, Title, changed URL to AUR4


Edit2:

I finally managed to push the package to AUR4. I had to force SSH to use IPv4  neutral
The default profile is now in ~/.config/inox instead of ~/.config/chromium (See branding.patch). This means Inox and Chromium are able to run in parallel.
I also removed the Google API key, Client Id and Client Secret

Edit3:

Added link to binary version. (See links)
Added link to github


Michael

Last edited by gcarq (2016-01-25 20:49:34)

Offline

#2 2015-06-17 21:04:37

genEric
Member
From: Sweden
Registered: 2013-09-26
Posts: 38

Re: Inox Browser - yet another Chromium Privacy Spin-off

Great. Looks promising. I will try this one.


[genEric@…] ~$

Offline

#3 2015-06-17 21:28:40

runical
Member
From: The Netherlands
Registered: 2012-03-03
Posts: 896

Re: Inox Browser - yet another Chromium Privacy Spin-off

Looks good, but please also push it to AUR4.

Offline

#4 2015-06-17 21:38:18

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Re: Inox Browser - yet another Chromium Privacy Spin-off

runical wrote:

Looks good, but please also push it to AUR4.

I tried but I think it takes some time before my SSH key gets activated. (double checked my key)

Cloning into 'inox'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Offline

#5 2015-06-18 05:55:57

thoffmeyer
Member
From: Chi
Registered: 2006-07-27
Posts: 91

Re: Inox Browser - yet another Chromium Privacy Spin-off

Please push a binary version as I don't want to end up compiling this for the next week. (Alright maybe an over-exaggeration but still..) smile Cheers

Offline

#6 2015-06-18 08:06:32

router
Banned
Registered: 2015-06-01
Posts: 9

Re: Inox Browser - yet another Chromium Privacy Spin-off

thoffmeyer wrote:

Please push a binary version as I don't want to end up compiling this for the next week. (Alright maybe an over-exaggeration but still..) smile Cheers

Take your time and read everything https://bugs.debian.org/cgi-bin/bugrepo … bug=786909

Offline

#7 2015-06-18 09:22:58

runical
Member
From: The Netherlands
Registered: 2012-03-03
Posts: 896

Re: Inox Browser - yet another Chromium Privacy Spin-off

gcarq wrote:
runical wrote:

Looks good, but please also push it to AUR4.

I tried but I think it takes some time before my SSH key gets activated. (double checked my key)

Cloning into 'inox'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Strange. Are you sure you set it up correctly?

Other than that, I tried to build it just now and it seems there is a version conflict for python2-ply. The PKGBUILD states python2-ply<3.5, but the version in the repos is 3.6. Is it really needed to use 3.5?

Last edited by runical (2015-06-18 09:23:20)

Offline

#8 2015-06-18 09:41:17

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Re: Inox Browser - yet another Chromium Privacy Spin-off

runical wrote:

Strange. Are you sure you set it up correctly?

I will try again as soon I'm at home, I was tired yesterday. smile

runical wrote:

Other than that, I tried to build it just now and it seems there is a version conflict for python2-ply. The PKGBUILD states python2-ply<3.5, but the version in the repos is 3.6. Is it really needed to use 3.5?

Yeah unfortunatly chromium compiles only with python2-ply<3.5 for now.
sl1pkn07 pointed out this issue on chromium-dev.
With the latest version ninja will raise a TypeError exception during compilation.

Offline

#9 2015-06-18 09:57:39

runical
Member
From: The Netherlands
Registered: 2012-03-03
Posts: 896

Re: Inox Browser - yet another Chromium Privacy Spin-off

gcarq wrote:
runical wrote:

Other than that, I tried to build it just now and it seems there is a version conflict for python2-ply. The PKGBUILD states python2-ply<3.5, but the version in the repos is 3.6. Is it really needed to use 3.5?

Yeah unfortunatly chromium compiles only with python2-ply<3.5 for now.
sl1pkn07 pointed out this issue on chromium-dev.
With the latest version ninja will raise a TypeError exception during compilation.

I just found that out. Too bad. I'll have build 3.5 then.

Offline

#10 2015-06-19 06:29:40

sekret
Member
Registered: 2013-07-22
Posts: 289

Re: Inox Browser - yet another Chromium Privacy Spin-off

Very nice project!!! I like your approach a lot to provide your modifications with patches. Makes it very transparent! Might replace Firefox for me, since it starts to go on my nerves.

Offline

#11 2015-06-20 02:54:04

baongoc124
Member
Registered: 2011-02-04
Posts: 3

Re: Inox Browser - yet another Chromium Privacy Spin-off

My favorite browser for now big_smile Thanks!

Offline

#12 2015-06-20 06:21:26

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,244

Re: Inox Browser - yet another Chromium Privacy Spin-off

Works well.  Added LastPass extension plus my own extension I wrote to control the behavior of Arch Forums on Chrome.

Well Done smile    My CPUs just dropped from 98C back to 55C.  Reminds me of my Gentoo days.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#13 2015-06-22 07:26:19

gothmog123
Member
Registered: 2012-10-31
Posts: 124

Re: Inox Browser - yet another Chromium Privacy Spin-off

Do you think you might be able to do a binary version? Would be really awesome.

Offline

#14 2015-06-22 15:10:22

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,244

Re: Inox Browser - yet another Chromium Privacy Spin-off

gothmog123 wrote:

Do you think you might be able to do a binary version? Would be really awesome.

I think that was answered in post #6


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#15 2015-06-22 20:39:35

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Re: Inox Browser - yet another Chromium Privacy Spin-off

So I got some time and published a binary version, for now it's x86_64. i686 follows when I have a working chroot. AUR(inox-bin)

cheers

Last edited by gcarq (2015-06-22 21:14:11)

Offline

#16 2015-06-22 21:53:30

progandy
Member
Registered: 2012-05-17
Posts: 5,269

Re: Inox Browser - yet another Chromium Privacy Spin-off

gcarq wrote:

So I got some time and published a binary version, for now it's x86_64. i686 follows when I have a working chroot. AUR(inox-bin)

cheers

Nice. I suggest you provide it in a repository and remove inox-bin from the AUR. Instead add a comment to the inox package that links to the repository.
https://wiki.archlinux.org/index.php/Pa … repository

Last edited by progandy (2015-06-22 21:54:26)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#17 2015-06-23 09:42:59

herzmeister
Member
From: Germany
Registered: 2015-06-23
Posts: 12

Re: Inox Browser - yet another Chromium Privacy Spin-off

hi, just wondering why you don't contribute to the Iridium project directly? It's still missing in the AUR. wink

Even Iridium gets criticism https://news.ycombinator.com/item?id=9482689
Mainly about policies regarding upstream security patches, as Chromium is quite a complex beast.

These criticisms would even go harsher for a one-man fork.

Offline

#18 2015-06-23 11:54:19

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Re: Inox Browser - yet another Chromium Privacy Spin-off

herzmeister wrote:

hi, just wondering why you don't contribute to the Iridium project directly? It's still missing in the AUR. wink

Even Iridium gets criticism https://news.ycombinator.com/item?id=9482689
Mainly about policies regarding upstream security patches, as Chromium is quite a complex beast.

These criticisms would even go harsher for a one-man fork.

This fork started as a little side project while fiddling with chromium source because I wanted to know whats buried within its code, then after a while I decided to patch it for my own needs.
At this time I had no idea Iridium exists.

I detected Iridium just before publishing, but there are some things I don't agree with.
For example certificate pinning and hardcoded URLs to iridiumbrowser.de.
IMO there is lack of transparency of built-in/disabled features (of course you can check their git repo, but thats not the way I want it to be).
I've also heard Iridium is sometimes behind upstream versions and therefore missing security patches. (Cannot prove though, since I know this project just for a short period)

So I decided to create a minimal patch-set which can be applied to the chromium upstream version.
Don't get me wrong, I think Iridium is a great project, but their goals are not identical with mine (i.e. disabled WebRTC). But the good thing in the OSS world is you can easily share and reuse code. So it's a win-win situation.


I don't mind about unproductive critic as in the beginning there was no intention to make this public, just to create it for personal use. smile


cheers,
Michael

Last edited by gcarq (2015-06-23 12:26:08)

Offline

#19 2015-07-06 14:18:16

windozupdate
Banned
Registered: 2015-03-19
Posts: 25

Re: Inox Browser - yet another Chromium Privacy Spin-off

Chromium (and Inox) installs something called "ChromeDriver".
https://aur4.archlinux.org/cgit/aur.git … =inox#n201

It's this thing, apparently: https://sites.google.com/a/chromium.org/chromedriver/

Is it something we really need to have installed in other to run chromium/inox?
Or could we just get rid of this cruft?

Thank you.

Offline

#20 2015-07-11 10:14:31

tristank
Member
Registered: 2015-07-11
Posts: 2

Re: Inox Browser - yet another Chromium Privacy Spin-off

Can you  provide instructions on how to apply the patches for a different distribution like Ubuntu? I never patched from source before. I'm familiar with building from source though. I would greatly appreciate your efforts.

Offline

#21 2015-07-15 17:27:20

gcarq
Member
From: Austria
Registered: 2013-10-07
Posts: 40

Re: Inox Browser - yet another Chromium Privacy Spin-off

@windozupdate

If all you want is just the browser it's not really necessary, but very useful if you want to create automated browser tests with Selenium for example.
So if you don't plan to use a testing framework which depends on it you can get rid of it by deleting the following line in PKGBUILD:

install -D out/Release/chromedriver "$pkgdir/usr/lib/$pkgname/inoxdriver"

@tristank

Sorry it's been quite some time since I used Ubuntu so unfortunately I can't help you much, but I am sure there exists some chromium-dev PPA where you can grab the source including dependencies.
The patching process itself is easy.

Place the patch files in the parent directory and apply them i.e. with:

  patch -p1 < ../disable-autofill-download-manager.patch
  patch -p1 < ../disable-google-url-tracker.patch
  patch -p1 < ../disable-default-extensions.patch
  patch -p1 < ../modify-default-prefs.patch
  patch -p1 < ../disable-notification-promo-fetch.patch
  patch -p1 < ../disable-instant-extended-api.patch
  patch -p1 < ../disable-google-ipv6-probes.patch
  patch -p1 < ../disable-gcm-status-check.patch
  patch -p1 < ../add-duckduckgo-search-engine.patch
  patch -p1 < ../branding.patch
  patch -p1 < ../disable-missing-key-warning.patch

To get a rough idea how the browser gets compiled view PKGBUILD.
This script is seperated into prepare(), build() and package(), which are called in this order.
I hope this helps a litte bit.


cheers

Offline

#22 2015-07-17 06:46:57

gothmog123
Member
Registered: 2012-10-31
Posts: 124

Re: Inox Browser - yet another Chromium Privacy Spin-off

Any chance you could make a binary with webrtc enabled? Sorry, I know your goal is to turn it off... I just don't have the resources to compile something like chromium but I kind of think webrtc is neat (only fully working skype replacement easy to get people to switch to) sad

Last edited by gothmog123 (2015-07-17 06:48:04)

Offline

#23 2015-07-17 17:26:55

windozupdate
Banned
Registered: 2015-03-19
Posts: 25

Re: Inox Browser - yet another Chromium Privacy Spin-off

@gcarq
Could you please add a patch to deal with HTTP referer, please?
https://en.wikipedia.org/wiki/HTTP_referer

It is a huge security concern.
Maybe change google's source code to completely remove all its abilities to identify the referer and all that and instead add a simple function that makes it send http://example.com/ or another dummy one.

Thank you.

Offline

#24 2015-07-20 12:48:30

sekret
Member
Registered: 2013-07-22
Posts: 289

Re: Inox Browser - yet another Chromium Privacy Spin-off

windozupdate wrote:

Maybe change google's source code to completely remove all its abilities to identify the referer

But then you won't be able to post here on this forum wink At least I can't in firefox with network.http.sendRefererHeader set to 0.

Offline

#25 2015-07-22 15:23:52

windozupdate
Banned
Registered: 2015-03-19
Posts: 25

Re: Inox Browser - yet another Chromium Privacy Spin-off

sekret wrote:
windozupdate wrote:

Maybe change google's source code to completely remove all its abilities to identify the referer

But then you won't be able to post here on this forum wink At least I can't in firefox with network.http.sendRefererHeader set to 0.

Make it send www.google.com or www.example.com.
Anything is better than sending the real website you were in before. That hurts the user privacy.
Maybe fake it so it seems the user typed the URL directly from his chrome:url address bar, without being on any website before. Yes, this sounds like the best option.

Offline

Board footer

Powered by FluxBB