36 points

“Don’t be evil”

permalink
report
reply
14 points
*

This that and the article are very light on details, but I couldn’t find an article deeper in details

My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

permalink
report
reply

My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

That’s strange, I’ve never heard of that before

Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.

Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.

This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).

permalink
report
parent
reply
3 points

Sounds easier to switch to another browser at that point

permalink
report
parent
reply

OP apparently needs Chrome to log into an enterprise GSuite account, which has specific requirements, that are enforced by Chrome’s enterprise policy system. I don’t think this works in Chromium.

permalink
report
parent
reply
90 points

idk what to tell you if you’re still using chrome

permalink
report
reply
5 points

I do: DON’T

permalink
report
parent
reply
36 points

Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn’t surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn’t news for no reason. Don’t trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).

permalink
report
parent
reply

I fucking hate Google and wouldn’t use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It’s based on the open RISC-V architecture, and it’s the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the “Secure Enclave” in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that’s a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can’t really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple’s Secure Enclave is also based on ARM, as well as Snapdragon’s SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn’t use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.

permalink
report
parent
reply

Well pretty much all computers have a backdoor to the CPU. That hasn’t been proven for Pixel phones though.

permalink
report
parent
reply
28 points

Relevant username.

permalink
report
parent
reply
18 points

Wrll you have to use a pixel phone to use graphene os

permalink
report
parent
reply
4 points

Yeah, I’m not super happy about that part, but don’t really know what to do

permalink
report
parent
reply
91 points
*

This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use

permalink
report
reply

Firefox 🔛 🔝

permalink
report
parent
reply
2 points

🦊🦊

permalink
report
parent
reply
17 points

Vivaldi and Brave have the option to disable the Hangouts extension in settings, which should disable this.

As linked in the article, it is indeed used for “Hangouts” (Meet) troubleshooting.

permalink
report
parent
reply
3 points

This is good news since Vivaldi is my goto chromium browser (when I need to really use it)

permalink
report
parent
reply
5 points

I’ll admit, in several places I used Edge as an effort to have at least some layer of distrust between myself and Google. I’ll have to quit that though.

permalink
report
parent
reply
1 point

I like your style. I went looking and found “switchbar” which kinda/sorta eases this bouncing between browsers idea:

https://chromewebstore.google.com/detail/open-with-switchbar/klgpknafjlhnpkppfbihchgfebbdcomd

It’s not elegant, but it supports the workflow you suggest. I kind of like the idea of using Edge for google.com and Chrome for microsoft.com. I’m not optimizing my experience (it may in fact be very sub-optimal), but I’m also using competition to neutralize potential shenanigans.

permalink
report
parent
reply

I kind of like the idea of using Edge for google.com and Chrome for microsoft.com.

Dang, just use Firefox. It’s so much easier then this

permalink
report
parent
reply
0 points
6 points

such a sensationalist article there. mozilla isnt an advertising company, they bought a company that specialises in privacy focused ad campaigns so they can provide an alternative to google for companies.

which is what they should be doing.

permalink
report
parent
reply
4 points

Welp, might as well just use w3m 🤣

permalink
report
parent
reply
55 points

How long until it will be used as a backdoor to hack womeone’s PC?

permalink
report
reply
48 points

Chrome is the backdoor and you already installed it

permalink
report
parent
reply
20 points

Seems google has already done that

permalink
report
parent
reply
14 points

Negative number.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 18K

    Monthly active users

  • 10K

    Posts

  • 461K

    Comments