From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59094) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fB3eb-0003bd-L3 for guix-patches@gnu.org; Tue, 24 Apr 2018 15:31:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fB3eY-0006iH-GJ for guix-patches@gnu.org; Tue, 24 Apr 2018 15:31:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:58793) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fB3eY-0006gx-BJ for guix-patches@gnu.org; Tue, 24 Apr 2018 15:31:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fB3eY-0000Av-0T for guix-patches@gnu.org; Tue, 24 Apr 2018 15:31:02 -0400 Subject: [bug#28004] Chromium 66 + status update Resent-Message-ID: From: Marius Bakke In-Reply-To: References: <87y3qvb15k.fsf@fastmail.com> <87po32c47b.fsf@fastmail.com> <87po2own4s.fsf@dustycloud.org> <87woww8ojw.fsf@fastmail.com> Date: Tue, 24 Apr 2018 21:30:23 +0200 Message-ID: <87tvs08ks0.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Tobias Geerinckx-Rice Cc: 28004@debbugs.gnu.org --=-=-= Content-Type: text/plain Tobias Geerinckx-Rice writes: > Marius! > > On 2018-04-24 20:08, Marius Bakke wrote: >> The other remaining issue is that some data is sent to Google whenever >> you start the browser for the first time. > > Sounds great! What data, exactly? I haven't MITM'd it to check, unfortunately. Help wanted! The reason I don't think it's a blocking issue, is because Chromium is a massive project and I cannot guarantee that it will never "call home". So while I am intent on fixing the issue, especially since it's easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many "call home" scenarios/antifeatures. And if you enable extensions or log in all bets are off. Even Inox, which goes great lengths to de-google it, admits that they can't guarantee privacy. Other scenarios include checking for IPv6 availability, testing for captive portal, etc. And I think it even falls back to Google DNS if the system resolver is unresponsive. :-( --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlrfhc8ACgkQoqBt8qM6 VPr+MAf/Tc66pviRlefmT3NKksVCNDpM0xZBkg8FWj4vy22+o2Y+PDo9wRdI0OOp EJQfXhnFiC12grqFDA9pExxqjyocdlEHeZKhtlLW8RZAse+3yxdeVJa8+n6ooa9+ mF3duTVmGWZG/TWOmzML4SjIbCXYF5PUAv3PJRk7+PjsNIaxpnzZFoo9SSUrcNQu o2rmz6CcRPjJpI0ZvG0NBGf7719M0nFzKtKllHfM5rFKjbssjXGNVqhl1VAF+8TN ug995Q7SBD+ywCQE7PxslC8tNk/FFlG7zL8dOzHDupS6rIoexStFDTT1//Vk+6Em yVtZafAq7MtxzYkGXTtNyBp0uo6DvQ== =PclY -----END PGP SIGNATURE----- --=-=-=--