Please, review Bromite Browser #96

Open
opened 2 years ago by Iceberg · 6 comments

Bromite is a Chromium fork with ad blocking and privacy enhancements
(Open source, only android browser)

It has things like patches from other privacy oriented browsers / anti-fingerprinting mitigations

All Features:
https://github.com/bromite/bromite#features

Official Site:
https://www.bromite.org/

Bromite is a Chromium fork with ad blocking and privacy enhancements (Open source, only android browser) It has things like patches from other privacy oriented browsers / anti-fingerprinting mitigations All Features: https://github.com/bromite/bromite#features Official Site: https://www.bromite.org/
baobab added the enhancement label 2 years ago
Ghost commented 1 year ago

My mini-research:

  • it uses google search engine as default
  • it takes adblocking filters from its website (https://bromite.org/filters/filters.dat)
  • makes a few DNS-requests to bookmarks on the homepage: bromite.org, chromium.org, eff.org, libera.chat.
  • downloads probably adblock list from bromite.org (only on first startup?). It downloaded 2,3 MB.
  • makes a few requests to bromite.org for something else

But it has it own F-Droid repo, looks smooth like default chrome browser and has built-in adblock.

I recommend open source PCAPdroid for MITM check. It don't need root, because it creates VPN.

My mini-research: * it uses google search engine as default * it takes adblocking filters from its website (<https://bromite.org/filters/filters.dat>) * makes a few DNS-requests to bookmarks on the homepage: bromite.org, chromium.org, eff.org, libera.chat. * downloads probably adblock list from bromite.org (only on first startup?). It downloaded 2,3 MB. * makes a few requests to bromite.org for something else But it has it own F-Droid repo, looks smooth like default chrome browser and has built-in adblock. I recommend open source [PCAPdroid](https://github.com/emanuele-f/PCAPdroid) for MITM check. It don't need root, because it creates VPN.
Iceberg closed this issue 1 year ago
Iceberg reopened this issue 1 year ago
Iceberg commented 1 year ago
Poster

My mini-research:

  • it uses google search engine as default
  • it takes adblocking filters from its website (https://bromite.org/filters/filters.dat)
  • makes a few DNS-requests to bookmarks on the homepage: bromite.org, chromium.org, eff.org, libera.chat.
  • downloads probably adblock list from bromite.org (only on first startup?). It downloaded 2,3 MB.
  • makes a few requests to bromite.org for something else

But it has it own F-Droid repo, looks smooth like default chrome browser and has built-in adblock.

I recommend open source PCAPdroid for MITM check. It don't need root, because it creates VPN.

Thanks

> My mini-research: > > * it uses google search engine as default > * it takes adblocking filters from its website (<https://bromite.org/filters/filters.dat>) > * makes a few DNS-requests to bookmarks on the homepage: bromite.org, chromium.org, eff.org, libera.chat. > * downloads probably adblock list from bromite.org (only on first startup?). It downloaded 2,3 MB. > * makes a few requests to bromite.org for something else > > But it has it own F-Droid repo, looks smooth like default chrome browser and has built-in adblock. > > I recommend open source [PCAPdroid](https://github.com/emanuele-f/PCAPdroid) for MITM check. It don't need root, because it creates VPN. Thanks
Owner

Bromite can be setup (by going through the graphical settings) to not make any weird connections.

Good app for testing connections:
https://f-droid.org/en/packages/org.secuso.privacyfriendlynetmonitor/

Bromite can be setup (by going through the graphical settings) to not make any weird connections. Good app for testing connections: https://f-droid.org/en/packages/org.secuso.privacyfriendlynetmonitor/

As @rutriv said, Google search engine by default.
Automatic connection to bromite.org in order to update adblocking filters.
It also downloads homepage bookmarks.

No trackers embedded.

We could consider adding it with Low spyware level.

As @rutriv said, Google search engine by default. Automatic connection to bromite.org in order to update adblocking filters. It also downloads homepage bookmarks. No trackers embedded. We could consider adding it with Low spyware level.
Owner

@Narsil Sounds good.

@Narsil Sounds good.

Noting that they use Github (Microsoft) for hosting

https://www.bromite.org/privacy

Some aspects of interacting with the Bromite Project will involve the collection of personal information, namely:

browsing the Bromite Official Website, which is hosted on GitHub Pages
the automatic updates of subresource filters used for the AdBlocking functionality, enabled by default, which downloads a file hosted on GitHub Pages
the automatic check and update of Bromite itself, enabled by default, which checks for headers on a a file hosted on GitHub Project Releases and allows to download it
using the Bromite Official F-Droid repository

So all of these requests are logged and tracked. This killed any interest I had in it.

Noting that they use Github (Microsoft) for hosting https://www.bromite.org/privacy >Some aspects of interacting with the Bromite Project will involve the collection of personal information, namely: >browsing the Bromite Official Website, which is hosted on GitHub Pages >the automatic updates of subresource filters used for the AdBlocking functionality, enabled by default, which downloads a file hosted on GitHub Pages >the automatic check and update of Bromite itself, enabled by default, which checks for headers on a a file hosted on GitHub Project Releases and allows to download it >using the Bromite Official F-Droid repository So all of these requests are logged and tracked. This killed any interest I had in it.
Sign in to join this conversation.
No Milestone
No Assignees
5 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: shadow/SpywareWatchdog#96
Loading…
There is no content yet.