On Tuesday, 16 July 2013 at 01:09:18 UTC, Nick Sabalausky wrote:
I really have had problems with Chrome (and other Google
software)
forcefully installing always-resident processes before, and
giving me
trouble getting rid of it. Never had such a problem with Iron.
Chrome, which is based on the open-source Chromium project, has a
built-in auto-updater which always stays resident and checks for
updates. Since Iron is based on Chromium, not Chrome, it may not
have the auto-updater.
Even if
Iron is just a few better defaults and some options I don't
even want
anyway removed, that certainly doesn't qualify as a "scam".
Hell,
Iron's website is already perfectly clear about the settings
existing
in Chrome but being forced to a specific setting in Iron:
<http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php>
The
article makes it sound like SRWare is being deliberately
deceptive,
which is verifiably untrue.
Iron has always billed itself as some sort of privacy fork. For
example, their FAQ says:
"Can't i just use an precompiled unchanged Chromium-Build from
the Google Server?
This is not useful because the original Chromium-Builds have
nearly the same functions inside than the original Chrome. We can
only provide Iron because we massively modified the source."
http://www.srware.net/en/software_srware_iron_faq.php
I verified that this is untrue in the linked article, at least
back when they released Iron 3 and 4. Nobody can verify it
anymore, because even though there are still links for source
download, they don't work, ie you can't download the source.
This probably breaks the LGPL license, but I've read that they
stopped providing source a while back, likely after I analyzed it:
http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-real-private-alternative-to-chrome-21/
Plus Chrome introduces bugs almost as much as it fixes them, so
less
frequent releases doesn't really bother me. And I wouldn't be
using
Chrome's auto-updater anyway (and if I did, I would only do it
in a VM).
I don't track Iron closely, but I think they follow the same
release schedule for major stable releases, only delayed, and
likely without all the smaller point releases with security fixes
that Chrome provides. So you have all the disadvantages of
google's six-week release schedule, with the added disadvantages
of Iron's delays and omissions: I don't see the benefit.
Chrome does introduce some bugs as it updates, but I don't think
any other browser is any better. I don't get your paranoia about
the auto-updater: what makes you think it does anything other
than check for updates? My understanding is that the source for
the updater is available.
Iron may not be a big change, but it's proven itself to me in
real-world usage to still be worthwhile.
There is one advantage to Iron: it provides occasional builds of
the stable branch of Chromium, which google does not provide
except as part of the Chrome Stable channel. You could build the
stable branch of Chromium yourself, but I understand if you don't
want to put in the effort. I suspect you would be as happy with
the Chromium builds that are provided, which are only from the
trunk branch:
http://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
And that archived article seems pretty biased. Ex: "...likely
only to
evade source analysis like I'm doing..." Uhh, accusational and
speculative anyone? Especially since it's perfectly reasonable
to
figure the different version numbers could have more to do with
divergent forks than actually "Iron deliberately changed the
version
number to be sneaky". Perfectly likely that Iron had merged in
v4.x,
then merged in various other changes, and just missed a line
diff
involving the v4->v5 version number change. But no, we're
supposed to
just *assume* it was intentional deception because that better
supports
the initial "Iron is a scam" position.
The reason it's intentional deception is because I analyzed the
Iron source, which certainly doesn't "massively modify the
source" for Chromium, as they claim. I made a guess that they
chose to go in and change the version number to evade such
analysis, which fits the pattern of deception.
I didn't get into all this in the article, but they've never had
a public source code repo, which is suspicious for someone who
claims to be "open source." They were dumping code in 7z
archives on rapidshare instead! Without a repo where I could
track commits, I had to download the Iron source then manually
track down which version of Chromium corresponded to that version
of Iron, since the version number was changed. That took time,
and given their pattern of deception, I can only assume it was a
deliberate move to throw off such analysis.
I understand your suspicion of google. I don't use their
services other than search and have never signed up for facebook
either, but that's no reason to use shady software just because
it's "not google." There are real privacy concerns with all
these services, but if we don't stick to the facts, we damage our
case. I don't like what the Iron guy did and have documented the
issues, it is up to you and others to decide what to believe.
