[Dev] Fwd: Re: Article: Chromium's subtle freedom flaws

Alejandro Hernández Petermann alejandrohp at openmailbox.org
Fri Mar 17 18:37:53 GMT 2017


As an user, I saw this " It is not just a port of the core HTML/CSS
rendering engine, it is the entire Chromium platform. " into
https://wiki.qt.io/QtWebEngine and I have to admit that it was pretty
clear. 🤔


On 17/03/17 18:37, Nicolás A. Ortega wrote:
> I have been following this issue for a long time now, however I haven't
> been able to respond to any threads due to technical reasons.
> 
> As I've been following along with these issues I've found very little
> evidence that Chromium is in-and-of-itself non-free (not including
> third-party plugins such as Widevine, which also support DRM), much less
> other software that use Chromium infrastructure (correct me if that was
> the incorrect term) such as QtWebEngine. What's more, the evidence that
> is provided tends to be either of no indication that Chromium is
> non-free (such as the Debian lintian reports that I constantly see
> floating around [0]) typically refers to JavaScript files that are Free
> Software, however they are simply minified. Although this may be a
> reason not to package it, it most definitely is not a reason to call
> Chromium non-free. If the arguments were saying that Chromium has
> non-free third parties such as Widevine then that is perfectly valid (so
> does Firefox[1], however we do not have the Firefox issue, in Parabola
> at least, since we use IceWeasel/IceCat instead), but third-party
> plugins such as Widevine can be easily removed (the Debian community has
> done this[2]). In the Red Hat community these reports were brought up to
> their maintainer and the maintainer concluded that all of the issues
> brought up in the prior mentioned lintian reports are in reality free JS
> but simply minified (which, as I mentioned before, is an issue for
> packaging but not for freedom necessarily)[3]
> 
> The second largest complaint of Chromium has been that it leaks
> information[4][5]. First I would like to make very clear that even if a
> program lacks security or privacy features that **does not** make it
> non-free. Therefore, even if there are privacy issues Chromium should
> not be labelled as non-free, but rather insecure and at the very most
> spyware (we are well aware that even Free Software can spy on you[6]).
> However, moving on, I have looked through these issues that were brought
> up and it seems that they have been slowly fixed with the exception of
> three of them which were labelled as either `wontfix'[7][8] or still
> remain open[9]. Upon these grounds Chromium can be judged.
> 
> If it turns out that there truly are non-free files in Chromium then let
> it be so, I won't complain, but there needs to be solid evidence. I
> understand it being removed from the Parabola repositories as a
> temporary measure until the issue is resolved (as Parabola should not
> risk there being non-free software in the repository), however to
> publicly claim that it is non-free without any substantial evidence is
> something that has been annoying me. I would ask that when these claims
> are made that they are given with hard evidence as to the matter, and
> (quite importantly) that when it is announced to the community via news
> post[10] that it give **all** evidence (or at least the most pertinent
> evidence) as to why a software is non-free, and if the reasons are
> something other then it should be stated as such (eg. privacy concerns,
> temporary removal until freedom issues resolved, etc.).
> 
> Again, if Chromium indeed has non-free files then I am fine with it
> being removed, however I would like links with the evidence **and** it
> should be reported to upstream as an issue (a link to the upstream bug
> would also be something nice to add to the news post). I'm pretty sure
> that opening a bug report will be much less work than all of this
> repackaging of KDE and Qt packages to work without QtWebEngine (which,
> as mentioned by Elyzabeth, is probably not even non-free even if
> Chromium were).
> 
> [0] https://lintian.debian.org/maintainer/pkg-chromium-maint@lists.alioth.debian.org.html#chromium-browser
> [1] https://support.mozilla.org/t5/Video-audio-and-interactive/Watch-DRM-content-on-Firefox/ta-p/37423
> [2] https://packages.debian.org/stretch/chromium-widevine
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1418917
> [4] https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00056.html
> [5] https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
> [6] https://www.gnu.org/philosophy/ubuntu-spyware.html
> [7] https://bugs.chromium.org/p/chromium/issues/detail?id=163116
> [8] https://bugs.chromium.org/p/chromium/issues/detail?id=80722
> [9] https://bugs.chromium.org/p/chromium/issues/detail?id=55058
> [10] https://www.parabola.nu/news/chromium-blacklisted-to-respect-your-freedom/
> 
>> I earnestly hope this upcoming FSF article provides explicit and irrefutable 
>> proof of QtWebEngine being non-free. Proof of hard-coded connections and 
>> privacy leaks that I can verify for myself. A list of the non-free plugins and 
>> DRM shipped as a part of Qt because none are listed in the documentation. Any 
>> evidence of such obviously malicious behaviour that I can report to Qt and 
>> work towards fixing.
> 
> 
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev
> 



More information about the Dev mailing list