Google chrome

Google Chrome emergency update fixes 0-day vulnerability

@Signature of Lenin

> LOL another marketing ploy in the name of ‘privacy’ the fantasy and the lie of the internet?

What is a ‘lie’ and a ‘fantasy’ depends on your expectations I would say. If you expect to be anonymous from a government that specifically targets you, then yes, maybe privacy is a lie for you (although it’s not impossible, I think, just extremely hard to achieve). If your expectation is to make general mass surveillance more difficult via, say, advertiser tracking, then no, privacy is probably not a “fantasy” or a “lie”. We know that various contemporary countermeasures are effective against passive tracking efforts by adversaries at the non-state level.

I’m not the kind of person who throws my hands up and totally gives up because I don’t have the anonymity of state-level entities. I’m a firm believer in small incremental steps in privacy, meaning protecting your privacy where you can and where you feel it’s necessary. Will this lead to you becoming Mr. Anonymous? No, but it does reduce the amount of data theft certain entities can commit against me and therefore the amount of money they can potentially earn from my data. If everyone did what I do to protect my privacy (with no loss of quality of life, mind you!), the data moloch would quickly dry up dramatically.

Relatively simple steps to improve your privacy include using a privacy-friendly web browser, privacy-friendly search engine, encrypted email service, custom ROM degoogle, give up smart home devices or assistants like Amazon Alexa, etc. None of this leads to you being anonymous if the government specifically targets you, but doing passive surveillance of your hardest is always worth it.

> Maybe it’s their little hidden message to already tell us that they will be cancerous like most browser editors are? or somehow they are in the humanitarian plan to make us aware of something that everyone should know?

I think you are reading too much into a project name that is still evolving.

> you can literally block all Google or Microsoft IPs (and then respective own connections like Vivaldi, Brave, Yandex Opera own IPs) from any browser with a firewall… 10 Firewalls, Hardware and Software and adblockers, and even if you don’t send information to any of them… what do you think will happen? You will send information to someone, every website you visit, your ISP, anti-fraud VPN company will know everything about you, DNS resolver as well, website analytics…

How about not using Google or Microsoft products? Or in the case of Google, since they usually open source their products, how about using degoogled versions of them? There is no need to configure long lists of firewall rules if nothing is sent in the first place. There are products like Ungoogled Chromium, or /e/OS or GrapheneOS that don’t send anything to Google even though they’re otherwise using the Google code underneath. Ad blockers are effective because website administrators usually don’t deploy their own specially designed tracking scripts for each website. Instead, it’s usually a more limited range of scripts that are mass-deployed to various websites. A notorious one that you have surely heard of is Google Analytics, for example. If you block these scripts with an adblocker, you have already found a solution for a wide range of websites. There is still a possibility of first-party tracking (or third-party tracking which is more limited in scope, such as lesser-known ad networks and tracking scripts not as widely deployed as, say, Google), but for that , we have a second line of defenses such as anti-fingerprinting measures, local data partitioning, manipulation of HSTS and HPKP tracking, etc.

Your argument about its ISP is valid, it depends on the legal situation in your country. What should your ISP collect if they don’t collect this voluntarily (privacy policy!)? If your ISP collects a bunch of stuff, voluntarily or by force, then you need to take a look at other jurisdictions and their rules, maybe a legally registered VPN elsewhere has better rules and you’ve improved your privacy as a result from your ISP. Also look at other important things with your VPN, like publicly known owners, VPN having undergone audits, VPN apps being open source, etc.

> So, do you think government agencies are going to stop because you’re using a third-party browser with such an “interesting” name? Do you think you won’t be spied on only because of encryptions (backdoor) and fake “privacy” or “security” marketing programs?

No, I don’t think Hexavalent is meant to protect you from a government that specifically targets you. If you’re specifically targeted by the government, you’ll probably have to think about things like Tor or Tails/Qubes OS. It’s not a threat to most of us here though, we don’t need the anonymity of our government because we’re not criminals or whistleblowers. Our concern here is generally with less capable entities than a government specifically targeting you, our concern is with the data we passively provide to primarily private entities such as Google, Facebook, etc.

And all the encryption being a backdoor? No, I do not think so. Of course, some archaic protocols have been permanently broken, but their use is now discouraged. If the government were generally able to penetrate all current encryption mechanisms, it wouldn’t make much of a case for banning (or discouraging) encryption. If everything was already a backdoor, such a conversation would not be necessary. Also, we should assume that even though the government has supposedly hijacked everything before (and probably already caught their targets that way), we never hear that they’ve done so successfully for various protocols, from from anyone, including those he caught. What do you think is the probability?
Governments around the world seem very interested in banning (or at least discouraging) encryption OR having access to master keys that equal or surpass your private keys. If a closed system has master keys, then it is indeed a backdoor, but it has nothing to do with the encryption mechanism itself. It simply means that a malicious entity has created master keys that are not strictly necessary for the encryption to work.

> I mean you always talk about Brave and how amazing it is

No, I’m just saying it works FOR ME. I strongly believe in their preconfigured browser approach, which will make it more difficult to fingerprint users, this is the same reason I advise against using Firefox with the “hardening approach”. I also think Brave strikes a good balance between security (FF is lacking there too), privacy, performance, and web compatibility. But the same goes for other browsers like for example Bromite. Brave is a solid choice but I’m not advertising it, just saying it works for me and why.

> They literally censored RT from their news sources and they said Goggles will probably make censorship worse in some countries and if they get orders from governments to do anything they will do it because it’s best to avoid to get in trouble than to be removed from Apple or Google store or something like that.

You know that the EU has decided to take legal action against all forms of RT broadcasting, right? If you do business there, you’ll have to remove it, and I’m probably sure being a Brave News source counts as “broadcast.” Brave had no choice but to take it off. Well, maybe there was another choice, and that was to go to court for another company’s right to be broadcast, but you know what that would have meant for Brave in the current climate. , is not it ? They figured going the second route wasn’t worth it, not least because you, the user, can add whatever source you want to Brave News, including adding RT if you want. It is simply no longer part of the default sources for legal reasons.
While Brave took down RT in order to protect their business in the public sphere, I would say at least there was a real sword of Damocles on it: they would have faced legal action if they hadn’t. . Compare that to Mozilla, they were posting an article with the headline “deplatform wasn’t enough” after the Jan. 6 incident on Capitol Hill, where they publicly supported large-scale web censorship. And no, unlike Brave, there were no legal reasons for this move, they did it because their ideology required it so much of them. I’m not advocating any form of censorship, including Brave’s, but I would always use the browser that removes something because of legal pressure on the browser to voluntarily enforce censorship.
You can also use hobby projects like Ungoogled Chromium which will never run into issues like Brave because they will never include something like Brave News to begin with, but using hobby projects comes with its own set of problems, delayed security updates and the like, not sure if it’s worth it just to make a statement here.

Just my 2 cents, hope this review is worth reading.