Comment by maleldil
3 years ago
> there is a de-Googled one called Chromium
There's Chromium and there's Ungoogled Chromium[1]. If you're looking for (some) independence from Google, you want the latter. Or just avoid it altogether and use other browsers.
I wouldn't recommend Blink-based browsers (Brave, Vivaldi, Opera, etc.) You're still indirectly giving Google power over the web by using their engine.
[1] https://github.com/ungoogled-software/ungoogled-chromium
IMO the browser is far too important to use third-party builds containing patches that don't receive serious audit.
For example, the Chromium packages provided by the vast majority of Linux distros disable security features like CFI (check your favorite distro's x86_64 Chromium package build log and look for the "is_cfi" argument). I think Arch is the only exception.
ungoogled-chromium has similar problems https://qua3k.github.io/ungoogled/
If you are going to use a Blink-based browser, I would recommend just using the official Google release, or maybe Edge or Brave if you trust the organizations behind them. Otherwise, just switch to Firefox. It has its own problems, like being overall less hardened than Chromium, but it's far less user-hostile. And regarding security, for browsing untrusted sites, I think you should always virtualize the browser since they're all routinely exploited anyway.
> Linux distros disable security features like CFI
Why would they even do that?
I'm not sure, but I think CFI also requires building Chromium as a single binary with LTO, and this has extremely high memory requirements that their build infrastructure might not be able to handle. Also, I think some distros use GCC instead of LLVM/Clang, so CFI isn't even an option.