<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 01/17/2017 02:57 PM, Richard
      Stallman wrote:<br>
    </div>
    <blockquote cite="mid:E1cTVCs-0000pN-OE@fencepost.gnu.org"
      type="cite">
      <pre wrap="">[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I've reached out to ungoogled-chromium as well since the project spends
  > a considerable amount of time patching, to ask what they considered to
  > be "large portions of code".

Any response?

</pre>
    </blockquote>
    <p>I was able to get a response, the developer wrote:<br>
      ---<br>
    </p>
    <div class="chat-item__content">
      <div class="chat-item__details">
        <div class="chat-item__username js-chat-item-from">"Eloston:<span
            data-link-type="mention" data-screen-name="g4jc"
            class="mention"> @g4jc</span> After looking into this issue
          in greater depth, what I said in <span data-link-type="issue"
            data-issue="117" class="issue">#117</span> may be incorrect.
          <a
href="https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/copyright?h=debian/55.0.2883.75-3&id=601bf3b000b4df4a79463f8500a95b5722f42cfc"
            rel="nofollow" target="_blank" class="link">Here is Debian's
            <code>copyright</code> file for Chromium 55</a>, and <a
href="https://lintian.debian.org/maintainer/pkg-chromium-maint@lists.alioth.debian.org.html#chromium-browser"
            rel="nofollow" target="_blank" class="link">here is the
            Lintian report for the latest Chromium (currently 55)</a>.
          I'm not seeing anything there that's violating the free
          software definition, but I could be mistaken."<br>
          ----<br>
          <br>
          The situation has definitely improved since the last Debian
          Lintian report. In the first report there were several
          thousand files missing license information. <br>
          That is now down to <100 files.<br>
          <br>
          Using ungoogled-chromium's combined patches to strip pre-built
          binaries and apply privacy fixes would be a minimum
          requirement in my opinion.<br>
          <br>
          Even if we (Parabola) can patch it, it would be much better if
          KDE and QT did this upstream. <br>
          As it has the potential to affect millions of GNU/Linux users
          - well outside of just Parabola.<br>
          <br>
          However, my sentiments also echo what Isacc wrote on this
          thread, and are especially important for Parabola's nonprism
          (privacy) repo:<br>
          ---<br>
          "Orthogonal yet absolutely important, because QtWebEngine is
          <div>said to contain *all* of Chromium, not just the Blink
            engine. Even</div>
          <div>if the freedom problems were fixed soon (they could be),
            we would</div>
          <div>still need to worry about Qt (and therefore KDE) possibly
            subjecting</div>
          <div>their users to the well-documented Google tracking.
            Chromium</div>
          <div>would become one of those rare cases of free software
            that is also</div>
          <div>spyware."<br>
            ---<br>
            <br>
            We have no reliable way of controlling fingerprinting API's
            in an embedded Chromium.<br>
            <br>
            As previously mentioned liberating this requires:<br>
            - No non-free source code<br>
            - No pre-built binaries or libraries (e.g. compile and use
            system ones instead), no use of "use_prebuilt" in makefile.<br>
            - Access to chrome://flags[1]<br>
            - Ability to solve well-known privacy issues[2]<br>
            <br>
            For those on the mailing list who still believe Google is
            not tracking users, and is a "Do no evil" corporation at
            heart - I deplore you to "google it".<br>
            (or preferably duckduckgo/searx/yacy it since that is much
            safer). <br>
            <br>
            The many connections to Google that are outbound from
            Chromium, even if good by intention, create very invasive
            meta data and fingerprinting opportunities.<br>
            These opportunities can be exploited against users, many of
            which may have no idea that Chromium is running on their
            computer if it is embedded.<br>
            We may never be able to block them all due to Chromium's
            design, but limiting it's reach is essential.<br>
            <br>
            To demonstrate the seriousness of this issue on Parabola:<br>
            - Try installing KDE's GnuPG frontend "kgpg" --> depends
            on --> akonadi-contacts --> currently requires -->
            qt5-webengine (Chromium)<br>
            <br>
            <br>
            Luke<br>
            Parabola GNU/Linux-libre Packager<br>
            <a class="moz-txt-link-freetext" href="https://parabola.nu">https://parabola.nu</a><br>
            <br>
            1.
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod">http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod</a><br>
            2.
<a class="moz-txt-link-freetext" href="https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs">https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs</a><br>
          </div>
        </div>
      </div>
    </div>
  </body>
</html>