> I think I have already done that. Right now I find Chromium least worse
> because of the results of the test
Perhaps it is because of your time investment in your test that you weight
your test far too heavily. Your complaints are reasonable, but there is also
a reasonable explanation for why those compromises are made, even if we
disagree with Mozilla that the compromises are worth it. Firefox and its
derivatives would be better than they are now if it were easier to configure
for full privacy, but this one situation is not so damning that it is
automatically worse than Chromium.
> + the ability to use uBO and uMatrix
These addons are available in FF derivatives, and uBO is even installed by
default in Abrowser, so you do not need to rely on a developer whose business
model is selling your privacy.
> Tor is slow
I'm sure that Chromium is significantly faster than Tor Browser, but I value
freedom and privacy over convenience.
> (and some sites won't work with it).
Some sites accidentally blacklist some exit relays and you'll have to switch
to another relay, but I assume you are referring to sites that systemically
blacklist all Tor relays (Yelp and support.apple.com are a few that I've
noticed). If you value your privacy I suggest that you avoid such sites, as
their only motivation for forcing you to identify yourself is if they intend
to collect information about you. No matter how good your browser is, it also
takes safe browsing habits to protect your privacy.
> Let's not forget also that browsers
> like IceCat and other forks which have not updated their code up to FF 57
> basis still don't have the new fixes about Meltdown for example.
Meltdown has been patched in the Linux kernel, but Abrowser is based on 57
anyway, and unlike Chromium has no profit incentive to violate your privacy
and no history of doing so in a very serious way.
> I think we should also mention without any bias that Google's experts are
> very good at security.
Security and privacy are both important but are different. As Magic Banana
has pointed out they are sometimes at odds with each other, forcing a
compromise. In Google's case they are almost always at odds with each other,
as their first solution for security is generally to compromise privacy. Any
account you have with them or info you store with them, they protect by
tracking your location and locking your account when it is accessed from a
suspicious location (or through Tor). The only way to unlock your account is
with a phone number, so if you don't give them your phone number you risk
losing access to your data. Magic Banana pointed out that the reason phishing
blacklists can't be decentralized the way you want them to be is that Google
won't allow it. That's the problem with a company who doesn't value your
right to privacy (and in Google's case, your privacy is their product): They
have no reason to seek security solutions that protect your privacy, and be
avoiding them it gives them an excuse to violate your privacy in the name of
"saftey." It's a trap.
As you have correctly pointed out, using software you have not written or
fully audited yourself relies on trust. Trust always comes with risk, and you
must evaluate that risk based on how untrustworthy the developer is. Firefox
is not fully trustworthy (though far more so than Google, since they have a
better track record and their business model does not rely on violating your
privacy), but if serious privacy disrespeecting features slipped into Tor
Browser, Abrowser, or Icecat it would be by accident and there is probability
(though not certainty) that the developers can catch and fix it. This reduces
the probabilty of a serious privacy violation in those browsers. Chromium, on
the other hand has already been proven to have a serious privacy violation,
and it was only removed after they got caught, so there is no reason to
believe that they will remove any additional ones until they get caught
again. Why would they? If Google created a privacy-respecting alternative to
Chrome, they would lose money, so they would be fools not to insert as many
antiprivacy antifeatures as they think they can get away with. Of course,
Chromium is not an "alternative" to Chrome. It is the part of Chrome's
development process that exploits the labor of free software developers. This
is another reason not to remove privacy issues from Chromium: it would create
the extra work of putting them back into Chrome.
Finally, you are the one who says that we should not settle for short-term
solutions, and relying on the least privacy-respecting company in the world
to protect your privacy is not a long-term solution.
> I have bookmarked (in order to look at later) https://nextcloud.com/
Cool, I'll take a look.
> I also learned to download files with public access from Google Drive
> without having to log in to Google Drive or use of JS. If the link is to a
> file, it can easily be converted to a direct link. Here is a bash script
> line which does that:
>
> echo $1 | sed -r -e
> 's/(https:\/\/drive\.google\.com\/)file\/d\/([^/]+)\/view/echo
> "\1uc?id=\2\&e=download"/ge'
Awesome!
> So back to your comment: yes, long term you are absolutely right, that's
why
> I filed all this bug reports. But right at this moment Chromium works
> better.
Fair enough. I don't fully agree, but I get where you're coming from. I'll
drop it now because at some point this thread to needs to wind down (see
screenshot) and I look forward to moving onto future discussions.
