They also build with a GCC-based toolchain which loses important security features like type-based CFI. There are other problems with how they build it too. You are better off using a proper build of Chromium, although most Linux distributions lack the competency to provide that.
Conversation
This Tweet was deleted by the Tweet author. Learn more
They think they know better, but they don't. By using GCC, they're losing type-based CFI and other security features. By using additional system libraries, they're weakening CFI and losing important changes. Inadvisable changes are often made due to lack of care / understanding.
2
2
The bulk of the changes being made by these forks are just changing defaults or removing optional features. There are few changes with real substance. Most of those are just changing where static assets are fetched, etc. There aren't any leaks of data for them to remove anyway.
1
2
how about ungoogled-chromium ? Keeps up to date and seems to have somewhat shared analogous goal in removing Google telemetry/dependencies from Chromium as GrapheneOS does in removing Google Play Services from Android
1
You're confused. The Android Open Source Project doesn't have Google apps and services. Google Play Services isn't part of baseline Android. It isn't part of AOSP and isn't part of what's officially required for an OS to be considered Android. It's not the purpose of GrapheneOS.
1
1
AOSP doesn't have any analytics/telemetry. Chromium analytics/telemetry is gated behind a toggle for submitting usage stats. The same goes for all the other Google services where data is submitted to them. Network connectivity checks and static asset downloads don't have toggles.
2
1
Not sure if I understood your sentence about network connectivity and e.g. DNS, but to add: They are preconfigured to google in AOSP (hardcoded). It can be changed via settings and overlays, however leaves a bad taste.
1
AOSP uses network-provided DNS by default, not Google DNS. It only has Google DNS as a fallback for nearly non-existent networks not providing DNS servers via DHCP. Not sure why that would leave a bad taste since it has to use something and the privacy policy isn't bad.
2
It leaves a bad taste, as AOSP as an open source system shouldn't have one supplier hardcoded, even as a fallback. It means patching the original code to get rid of it. Hence this is stuck in most devices. For me it should be open/configurable.
1
Not sure what this has to do with AOSP being open source, and you misrepresent this as hard-coded. AOSP uses the network-provided or configured DNS servers, not Google DNS. It only uses Google DNS if nothing else is provided. Don't misrepresent it as hard-coded to Google DNS.
No code needs to be changed to alter the fallback either. It is a configuration option, not something hard-wired into the code:
github.com/GrapheneOS/pla
Trying to make drama and controversy out of nothing does nothing more than making you look desperate to find an issue with it.
2
Both AOSP and GrapheneOS use the network-provided DNS. If a VPN is used, the VPN provides DNS. The user can choose the DNS-over-TLS server of their choice instead of using the network-provided DNS. The fallback exists for when there is no other DNS server available / configured.
1
1
Show replies