Iridium – Secure Browser

95 点作者 fcambus大约 10 年前

16 条评论

skymt大约 10 年前

The developers of Iridium don't reveal that their browser phones home to their servers, and that's cause enough for distrust here.A quick "grep -r iridiumbrowser.de" of the source reveals that they replace calls home to Google with calls home to various hostnames of the form "trk-NNN.iridiumbrowser.de", where NNN is a three-digit number. Presumably these hosts act as proxies. For example, lines 37-38 of chrome/browser/history/web_history_service.cc:<pre><code> const char kHistoryQueryHistoryUrl[] = "https://trk-139.iridiumbrowser.de/history.google.com/history/api/lookup?client=chrome"; </code></pre> Edit: The git log for this change:<a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/chrome/browser/history/web_history_service.cc?id=3bb27d9887bef87a41b56f2ec5ef62df81319a0a" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>"Replace URLs to Google services by URLs to our own server, so as to analyze where we still have to patch the browser to make it stop blurting data out."That's an acceptable excuse in a debug branch, but there's no reason for this kind of privacy-impacting debug code to reach a public build.

评论 #9484973 未加载

评论 #9483599 未加载

评论 #9483877 未加载

评论 #9483920 未加载

评论 #9483824 未加载

kentonv大约 10 年前

Given that Chrome (and Google in general) has possibly the best defensive security team in the world, it's hard for me to take these security-oriented forks too seriously. Indeed, the last "secure Chromium fork" I heard about, WhiteHat Aviator, turned out to introduce a bunch of new vulnerabilities:<a href="https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z" rel="nofollow">https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z</a>Even if the fork doesn't add bugs, you are now relying on the fork's maintainer to push security updates. Will they be as good at this as Chrome's team? This is unfair, of course: no startup or small project is ever going to have Chrome's resources. But when it comes to security, speed of updates really does matter.

评论 #9483167 未加载

评论 #9483934 未加载

评论 #9483114 未加载

评论 #9483105 未加载

评论 #9487330 未加载

tptacek大约 10 年前

The one question you really want answered from any "secure" or "private" browser fork of Chromium or Firefox is: exactly how, in excruciating detail, do they track upstream security fixes? Are they getting notification of issues alongside the browser vendor, or do they find out only when the public does, when the embargo on disclosure is lifted?Keeping up with vulnerabilities in browser codebases is a full-time job and there are very few teams in the world who can fund it, so odds are, forked browsers are going to need creative ways to piggyback on their upstream.

snotrockets大约 10 年前

Every time I read a story like this, I'm reminded of Iron: <a href="http://neugierig.org/software/chromium/notes/2009/12/iron.html" rel="nofollow">http://neugierig.org/software/chromium/notes/2009/12/iron.ht...</a>

notatoad大约 10 年前

Okay, so their current release is based on chrome 41, supposedly with some security improvements. You know what else made security improvements over chrome 41? Chrome 42.

ryanlol大约 10 年前

None of these "secure browsers" seem to actually do any real hardening.

评论 #9483092 未加载

Fastidious大约 10 年前

Yet Another Chromium Fork. "Iridium has various enhancements where it forces strict security to provide the maximum level of security without compromising compatibility." -- what does that means, exactly?

评论 #9482885 未加载

joshstrange大约 10 年前

All chromium forks seem rather useless IMHO. They don't support chrome extensions AFAICT and at best they are a few hours behind Chrome in shipping updates and at worst days/weeks/months/years. Sounds like I have to trade quite a bit for "reproducible builds" which I'm not saying isn't anything, it is but just not something I'm super interested in giving up so much for. We ALL use code everyday that we can't see the full source for (I seriously don't believe that anyone actually working in tech and staying up-to-date can run an OS + all open source software, I just don't believe it) so adding one more piece doesn't seem like that big of a deal.Don't get me wrong I think security/privacy is HUGE and I don't want to sound defeatist but come on... I'd love if everything was open source and I could inspect/debug everything I run but that's not the world we live in and you would have to go back to the "dark ages" of computing in order to live by that standard. It's similar to people who have android phones with stock roms who will tell me they prefer android because it's open source. Oh really? Cause all I see is binary blob in your hand just like me. 1-2 of them play with custom roms and this but NONE of them go as to install F-Droid (or whatever to FOSS marketplace is) and ONLY use apps from it.At some point you have to say "Yes I know I can't know 100% the security of this app/device" and STILL use it. It's that or be a hermit, I don't like it but that's how it is.

评论 #9483176 未加载

评论 #9483330 未加载

protomyth大约 10 年前

I would have picked a different name since there is already an Iridium in the tech space (satellite phone company). Not sure if it matters in Germany.

评论 #9483013 未加载

myTmonkey大约 10 年前

I don't trust them. They have not a single contact information and no imprint on their website. Which is in fact illegal as their website ist hosted in Germany and uses a german top-level-domain.They advertise their product as ”a secure browser“ without making any significant changes under the hood. As ”unicornporn“ said: ”privacy“ != ”security“. Especially when you replace one villain by another.

captn3m0大约 10 年前

Another big issue I found is that it does not really start with a clean slate. It copies over your existing google profile to make the setup seamless. I think that must be part of their debian packaging, but the profile path it is using (/home/nemo/.config/iridium/Default) is freshly created in my file-system and yet I can see my history from my current chrome profile in there.

评论 #9484995 未加载

signaler大约 10 年前

There are lots of other 'flavours' of Chromium out there. Try to avoid any closed source binary blobs like Comodo Dragon, and others. I like this because at least we can inspect the source: <a href="https://iridiumbrowser.de/development" rel="nofollow">https://iridiumbrowser.de/development</a> Rather than download from their site, I would much prefer to build this from the source code they provide.All the browser does is prevent phoning home to Google, which is preferable if you've decided to permaban Goog. from your Internet traffic. Google is so tightly woven into Chrome and is a huge privacy risk.On the other hand, you could route all your vanilla privacy waiving stuff through Chrome and use Firefox to do real surfing. Excuse the bias here, but I know my way around the web and Chrome likes to think I don't. I suspect Chrome is some sort of fisher price browser designed for non tech savvy folk.So use Chrome for Facebook, Youtube, other Google products. But don't use it for actually surfing the web.

subudeepak大约 10 年前

It would be nice to see how Iridium fares against WhiteHat aviator <a href="https://www.whitehatsec.com/aviator/" rel="nofollow">https://www.whitehatsec.com/aviator/</a>I personally find aviator to be more trustworthy at this point though.

castor_t大约 10 年前

How does extensions update happen in Iridium? I noticed in Chromium, they check for updates frequently by connecting to the Google store. Does the same happen in Iridium? If not, how?

geofft大约 10 年前

There are a bunch of things I don't understand in the patches. I wish they'd link to a bugtracker or something. (Incidentally, Chrome/Chromium has a public bugtracker: Iridium seems to have a Trac that nobody used apart from creating two tickets.)* Enabling Do-Not-Track by default: <a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=9db15d3834683bcb621c263e9aef49ba17f413a2" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>This is widely considered to be a questionable plan, and violates the Internet-Draft (section 6.3: "It MUST NOT transmit OPT-IN without explicit user consent."). Are they asserting that merely having Iridium over Chromium is explicit user consent?* Disabling hyperlink auditing: <a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=411e31b4bcefdff1e93704c5c4ff76572d0c2596" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>As the HTML spec (<a href="https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing" rel="nofollow">https://html.spec.whatwg.org/multipage/semantics.html#hyperl...</a>) points out, the behavior of hyperlink auditing in terms of privacy impact is already achievable in several ways, like server-side redirects, JavaScript, etc. The goal with the feature was to make performance and user experience better, while not changing the privacy standard. Is it being changed in Iridium for privacy reasons or for other reasons?* Increasing the default client certificate (?) length to 2048 bits from 1024 bits: <a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=4b16cfc4abc4482a0b4ccf9321c547685f26c927" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>Given how much Google's been yelling about 1024-bit server certs, this seems like an obvious thing to change upstream. Has it been submitted / is there a reason they haven't changed it in Chromium?* Disabling globally-installed NPAPI plugins on OS X, but still allowing those installed in your homedir: <a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=fd5b986d422963f5466c94ab0bae012c9e059902" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>Why? (There's probably a reason, I just have no idea what it might be.)* Emptying the list of CAs allowed to sign EV certs: <a href="https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=2b97ce66913b9e6e1c03214132e9432e75fc21ea" rel="nofollow">https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...</a>Why? As far as I can tell, the only effect is that EV certs will show up as normal certs (green lock, instead of bar showing the organization name). What does this have to do with improving security or privacy?

ryanlol大约 10 年前

Wow, these guys seem to be using an ancient and vulnerable version of cgit.

16 条评论

skymt大约 10 年前

评论 #9484973 未加载

评论 #9483599 未加载

评论 #9483877 未加载

评论 #9483920 未加载

评论 #9483824 未加载

kentonv大约 10 年前

评论 #9483167 未加载

评论 #9483934 未加载

评论 #9483114 未加载

评论 #9483105 未加载

评论 #9487330 未加载

tptacek大约 10 年前

snotrockets大约 10 年前

notatoad大约 10 年前

Okay, so their current release is based on chrome 41, supposedly with some security improvements. You know what else made security improvements over chrome 41? Chrome 42.

ryanlol大约 10 年前

None of these "secure browsers" seem to actually do any real hardening.

评论 #9483092 未加载

Fastidious大约 10 年前

评论 #9482885 未加载

joshstrange大约 10 年前

评论 #9483176 未加载

评论 #9483330 未加载

protomyth大约 10 年前

I would have picked a different name since there is already an Iridium in the tech space (satellite phone company). Not sure if it matters in Germany.

评论 #9483013 未加载

myTmonkey大约 10 年前

captn3m0大约 10 年前

评论 #9484995 未加载

signaler大约 10 年前

subudeepak大约 10 年前

castor_t大约 10 年前

How does extensions update happen in Iridium? I noticed in Chromium, they check for updates frequently by connecting to the Google store. Does the same happen in Iridium? If not, how?

geofft大约 10 年前

ryanlol大约 10 年前

Wow, these guys seem to be using an ancient and vulnerable version of cgit.