• trolololol@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    1 day ago

    This that and the article are very light on details, but I couldn’t find an article deeper in details

    My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

    Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

    • My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

      That’s strange, I’ve never heard of that before

      Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

      There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.

      Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.

      This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).

      • beeb@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        23 hours ago

        Sounds easier to switch to another browser at that point

          • beeb@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            19 hours ago

            Oh I didn’t catch that my bad. I hope they get a work computer where this kind of stuff doesn’t interfere with private life!

  • kworpy@lemm.ee
    link
    fedilink
    English
    arrow-up
    92
    arrow-down
    2
    ·
    2 days ago

    idk what to tell you if you’re still using chrome

    • GoogleSellsAds@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      6
      ·
      2 days ago

      Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn’t surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn’t news for no reason. Don’t trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).

      • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 hours ago

        I fucking hate Google and wouldn’t use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It’s based on the open RISC-V architecture, and it’s the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the “Secure Enclave” in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that’s a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can’t really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple’s Secure Enclave is also based on ARM, as well as Snapdragon’s SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn’t use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.

      • Emerald@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        22 hours ago

        Well pretty much all computers have a backdoor to the CPU. That hasn’t been proven for Pixel phones though.

              • Emerald@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                15 hours ago

                Does your laptop run free software boot firmware? If not, it has the same issues as a phone, if not more. No smartphone runs fully free firmware.

  • ComeHereOrIHookYou@lemmy.world
    link
    fedilink
    English
    arrow-up
    91
    ·
    edit-2
    2 days ago

    This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use

    • raspberriesareyummy@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      edit-2
      2 days ago

      I am “slightly” worried that there’s only a single option left. That’s only 1 organization’s corruption removed from total loss of control over browsing privacy :/

  • NutWrench@lemmy.world
    link
    fedilink
    English
    arrow-up
    46
    ·
    2 days ago

    I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 days ago

      I already ditched Windows for Linux a month ago because of spyware.

      Great!

      Everything Google-related is next.

      Even better.

      My phone is going to be the hardest thing to de-infest.

      If you plan on getting a new phone soon, I recommend a Google Pixel, on which you can install GrapheneOS. Yes, ironically Google devices are the best for installing alternative operating systems and removing all the Google BS. GrapheneOS is completely free and open source, and based on the Android Open Source Project. It incorporates many privacy and security enhancements, and gives you total freedom and control over your device. In my opinion, it’s the best option for degoogling a phone.

    • flop_leash_973@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      2 days ago

      In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.