Ricardo Wurmus writes: > Hi Mark, > >> Mark H Weaver writes: >> >>> Ricardo Wurmus writes: >>> >>>> The TODO list for convenience: >>>> >>>> * There is still some data transmitted when starting the browser for the >>>> first time. It seems related to the "domain_reliability" component. >>>> * Remove remaining "Web Store" links. Currently I've only found it in >>>> settings, under "accessibility" and "fonts". >>>> * Opening settings transmits a bunch of data, the next version will >>>> include the 'disable-translation-lang-fetch' patch from Inox. >>>> * PDFium is built, but does not seem to work (the 'install' phase >>>> probably needs tweaking). Might just disable it instead. >>>> >>>> It would be *very* nice if the first and third items could be solved >>>> before merging, but I don’t consider them blockers. >>> >>> The GNU FSDG says "The distro must contain no DRM, no back doors, and no >>> spyware." Since GNU Guix has committed to follow the FSDG, that means >>> that we must not include programs that include spyware. We have >>> committed ourselves to "removing such programs if any are discovered." >>> >>> Guix _is_ committed to the GNU FSDG, right? > > Of course it is. > >>> Do you agree that #1 and #3 look like spyware? If so, wouldn't that >>> make them blockers? > > #3 looks like it’s fetching translation information, which seems > legitimate. #1 is unclear to me, honestly, as it seems to be a bug. > AIUI the “domain_reliability” component is not enabled by default. > > For context I read a little about this “domain_reliability” thing and > found this Google document (I don’t know if this is an official > publication by the Chromium developers): > > https://docs.google.com/document/d/14U0YA4dlzNYciq2ke0StEMjomdBUN6ocSt1kN03HJ0s/pub#h.20j0auqi631o > > From what I understand, the “Domain Reliability Monitoring” feature in > Chromium is sending connection successes / failures for resources on a > participating domain to a collection point determined by the operators > of that domain, i.e. not necessarily to Google. Woah, good find! Apparently this is being submitted as a W3C standard: . I'll try to find a toggle. If this package gets into Guix, I think we should add system tests (or similar) to catch regressions in the unsolicited network traffic area.