← Back to context

Comment by freehorse

2 days ago

People usually don't compile their browsers from source anyway. And of course, technically, a program can check whether monitoring tools are running and adapt its behaviour accordingly, but this is malware territory and it makes no sense for any reputable browser. Also, technically, one can do that on router level anyway and not have this issue. So yes, I would say that analyzing the network is enough.

4 comments

freehorse

Reply
1vuio0pswjnm7  2 days ago

"People usually don't compile their browsers from source anyway."

But this is a forum that includes people who do compile their browser from source

As such, if promoting a new browser here, it should be expected people may ask about the availability of source code

I use an HTML browser that is a 2M static binary

It compiles quickly and easily on all the computers I own, and these computers are underpowered

This allows me to customise the software

For example, any "features" I do not wish to have, such as telemetry or other "automatic" remote connections, can be removed

NB. I am not expressing an opinion on the "Orion" software, I am commenting exclusively on the statement, "People usually don't compile their browsers from source anyway" appearing in a forum read by people who _do_ compile their browsers from source

  • 1vuio0pswjnm7  1 day ago

    The easiest way to verify "whether there is telemetry" is to look at the source code

    To avoid telemetry, interested users can remove it from the source code

    Whereas, if telemetry must be found by inspecting network traffic,^1 then users' only choice to avoid telemetry is not to use the software. There is no self-help. Users can plead with the author to remove telemetry to no effect

    1. This may be complicated by encryption

    Moreover, if the software is subject to change, e.g., "automatic software updates", then telemetry could be added at a later time, e.g., as part of an opaque "update". This requires the user to continually monitor network traffic in order to try to discover "whether there is telemetry"

    If users have a copy of the source code, and use a binary compiled from that source code, then this burden does not exist

  • freehorse  1 day ago

    I was answering to a specific comment asking about whether one absolutely needs the source code to know that there is no telemetry. Not about whether it is reasonable or useful to want to have the source code in general.