<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/17/2017 02:57 PM, Richard
Stallman wrote:<br>
</div>
<blockquote cite="mid:E1cTVCs-0000pN-OE@fencepost.gnu.org"
type="cite">
<pre wrap="">[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I've reached out to ungoogled-chromium as well since the project spends
> a considerable amount of time patching, to ask what they considered to
> be "large portions of code".
Any response?
</pre>
</blockquote>
<p>I was able to get a response, the developer wrote:<br>
---<br>
</p>
<div class="chat-item__content">
<div class="chat-item__details">
<div class="chat-item__username js-chat-item-from">"Eloston:<span
data-link-type="mention" data-screen-name="g4jc"
class="mention"> @g4jc</span> After looking into this issue
in greater depth, what I said in <span data-link-type="issue"
data-issue="117" class="issue">#117</span> may be incorrect.
<a
href="https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/copyright?h=debian/55.0.2883.75-3&id=601bf3b000b4df4a79463f8500a95b5722f42cfc"
rel="nofollow" target="_blank" class="link">Here is Debian's
<code>copyright</code> file for Chromium 55</a>, and <a
href="https://lintian.debian.org/maintainer/pkg-chromium-maint@lists.alioth.debian.org.html#chromium-browser"
rel="nofollow" target="_blank" class="link">here is the
Lintian report for the latest Chromium (currently 55)</a>.
I'm not seeing anything there that's violating the free
software definition, but I could be mistaken."<br>
----<br>
<br>
The situation has definitely improved since the last Debian
Lintian report. In the first report there were several
thousand files missing license information. <br>
That is now down to <100 files.<br>
<br>
Using ungoogled-chromium's combined patches to strip pre-built
binaries and apply privacy fixes would be a minimum
requirement in my opinion.<br>
<br>
Even if we (Parabola) can patch it, it would be much better if
KDE and QT did this upstream. <br>
As it has the potential to affect millions of GNU/Linux users
- well outside of just Parabola.<br>
<br>
However, my sentiments also echo what Isacc wrote on this
thread, and are especially important for Parabola's nonprism
(privacy) repo:<br>
---<br>
"Orthogonal yet absolutely important, because QtWebEngine is
<div>said to contain *all* of Chromium, not just the Blink
engine. Even</div>
<div>if the freedom problems were fixed soon (they could be),
we would</div>
<div>still need to worry about Qt (and therefore KDE) possibly
subjecting</div>
<div>their users to the well-documented Google tracking.
Chromium</div>
<div>would become one of those rare cases of free software
that is also</div>
<div>spyware."<br>
---<br>
<br>
We have no reliable way of controlling fingerprinting API's
in an embedded Chromium.<br>
<br>
As previously mentioned liberating this requires:<br>
- No non-free source code<br>
- No pre-built binaries or libraries (e.g. compile and use
system ones instead), no use of "use_prebuilt" in makefile.<br>
- Access to chrome://flags[1]<br>
- Ability to solve well-known privacy issues[2]<br>
<br>
For those on the mailing list who still believe Google is
not tracking users, and is a "Do no evil" corporation at
heart - I deplore you to "google it".<br>
(or preferably duckduckgo/searx/yacy it since that is much
safer). <br>
<br>
The many connections to Google that are outbound from
Chromium, even if good by intention, create very invasive
meta data and fingerprinting opportunities.<br>
These opportunities can be exploited against users, many of
which may have no idea that Chromium is running on their
computer if it is embedded.<br>
We may never be able to block them all due to Chromium's
design, but limiting it's reach is essential.<br>
<br>
To demonstrate the seriousness of this issue on Parabola:<br>
- Try installing KDE's GnuPG frontend "kgpg" --> depends
on --> akonadi-contacts --> currently requires -->
qt5-webengine (Chromium)<br>
<br>
<br>
Luke<br>
Parabola GNU/Linux-libre Packager<br>
<a class="moz-txt-link-freetext" href="https://parabola.nu">https://parabola.nu</a><br>
<br>
1.
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod">http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod</a><br>
2.
<a class="moz-txt-link-freetext" href="https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs">https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs</a><br>
</div>
</div>
</div>
</div>
</body>
</html>