Bug 902

Summary: Ironbrowser request! Chromium without privacy issues.
Product: Mageia Reporter: thomas bjo <thomasbjornvold>
Component: New RPM package requestAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: Normal CC: manuel.mageia, pterjan
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
URL: http://www.srware.net/downloads/iron-linux-64.tar.gz
Whiteboard:
Source RPM: iron-5.0.381-69.1mib2010.1.x86_64.rpm CVE:
Status comment:

Description thomas bjo 2011-04-20 01:23:06 CEST 
It is fast it is safe and we need it. 
Link to 32 bit version:
http://www.srware.net/downloads/iron-linux.tar.gz
Comment 1 Manuel Hiebel 2011-04-20 03:03:18 CEST 
What is the real differences with Chromium ?

I think you can disable all shipments of private data

CC: (none) => manuel

Comment 2 thomas bjo 2011-04-28 13:02:45 CEST 
Here are the differences:
http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
Comment 3 Pascal Terjan 2011-05-07 23:52:32 CEST 
http://chromium.hybridsource.org/the-iron-scam
http://neugierig.org/software/chromium/notes/2009/12/iron.html
http://www.srware.net/forum/viewtopic.php?f=18&t=2293

The download link is for binaries which will not work on most distributions, could you find the source on their website?

They say "Iron is free and OpenSource. You can download it and share with your friends." but I only see binaries...

Reading in the FAQ "we massively modified the source." when they almost did not change anything is funny too...

The most funny is that their business model is to make money from Google ads that are the main part of their website...

<Iron> because a fork will bring a lot of publicity to my person and
       my homepage
<Iron> that means: a lot of money too ;)
[...]
<Iron> i dont take money for my fork
<Iron> but i have adsense on my page ;)
<Iron> a lot of visitor -> a lot of clicka > a lot of money ;)

Please stop advertising that scam.

Status: NEW => RESOLVED
CC: (none) => pterjan
Resolution: (none) => WONTFIX

Comment 4 thomas bjo 2011-05-09 22:04:35 CEST 
Interesting links there. 
But I cannot see that any of the advantages of Iron are addressed?
If it should be theoretically possible to turn of the privacy "functions" in Chromium it will probably be difficult.
So the question is; does Iron adjust chromium as they say they do here?
http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php

If the answer is yes then I don't care how they do it and how much money they make or how funny it is.
The privacy issue is the important one here.
(Lots of Linux pages have Google ads for Microsoft too.)

Still it is in The MiB repos (64 and 32 bit) so that is an alternative option.
Maybe they can help you?
Comment 5 Pascal Terjan 2011-05-09 22:11:48 CEST 
If you read the links, you will see that the changes are really minor.

He mostly disables things which you can also disable in the preferences dialog (some are are disabled by default), and patches out a feature because he doesn't like the name (he probably did not look at what it does).

I see no reason to trust him enough to run his modified version...

If you want to change default settings in chromium package, that would be better.
Comment 6 thomas bjo 2011-05-09 22:44:57 CEST 
I will not even pretend that I have the slightest overview of the changes.
As the majority of the users out there.
If it is true that Google gives you an unique Installation-ID when installing Chrome - It will already be to late when I start with the settings -right?
That alone would defend a place in the Mageia repos in my book (if it is open source).
Comment 7 Ahmad Samir 2011-05-09 22:50:18 CEST 
The point is, if there's no publicly available source tarball of ironbrowser, then it can't exist in the Mageia repos; also note that this would be in violation of GPL, if you take GPL'ed code and modify it you have to publish the modified code, IIUC.

I've not looks at their SRPM, but MIB probably repack the binary tarballs, that wouldn't work in the official repos of a distro...
Comment 8 Ahmad Samir 2011-05-09 22:50:58 CEST 
> I've not looks at their SRPM, but MIB probably repack the binary tarballs, that
> wouldn't work in the official repos of a distro...
s/in/for/
Comment 9 Pascal Terjan 2011-05-09 22:54:00 CEST 
From a quick search on the internet:

=====
First of all, there is an installation ID (iid) which is created at install time to de-dup install counts. This is necessary to accurately count the number of successful installations that have occurred. The iid is generated randomly (not based on any other information) and is deleted in the next update check after first run.
=====

So yes there is a random id which is used to say that an installation succeeded and then destroyed.

It is indeed too late but can probably easily be disabled in chromium package if people want so, but I don't see any privacy issue with sending that random data.

There is another one but only used if you enable sending stats in the preferences:

=====
There is a second ID called the clientID which is used for the user metrics service. This is an opt-in service that lets users send usage statistics to Google so that we can learn how the product is being used for the sake of making improvements. It helps us answer questions like, âAre people using the back button?â and âHow common is it that people click the back button repeatedly?â Users can always update their preference about sending usage statistics on the âUnder the Hoodâ tab of options.
=====
Comment 10 thomas bjo 2011-05-09 23:58:01 CEST 
If there is no tarball then I guess it is hard to do anything.

I will not speculate in Googles motivation for collecting data, and wonder whether they delete them or not - I just don't want to give them any.
Sad that it cannot be done because the browser is good. 
If it is possible I would more than welcome an adjustment to the chromium package.
I don't think Google needs to know if my install was successful or not.
(If they want me to participate in a testing group that is another matter, because I am asked and can accept.)

Google does collect data to make improvements - mainly to the bank account. That is OK, but structuring the sum of our innocent habits is a violation of privacy (people forget and never turn off such things - and Google knows it).
As it is I guess we can forget this request.
Comment 11 thomas bjo 2011-05-10 00:27:34 CEST 
I forgot:
http://www.srware.net/downloads/iron-linux.tar.gz

Dependencies: alsa-lib gconf libjpeg6 libpng12 libxss nss ttf-dejavu
I assumed that this is no good based on Ahmads statement.


I have it working and it gets updated in Arch.
https://aur.archlinux.org/packages.php?ID=43419
But it is not official only AUR.
Manuel Hiebel 2011-12-29 17:27:34 CET

Source RPM: http://mib.pianetalinux.org/MIB/2010.2/64/basic/iron-5.0.381-69.1mib2010.1.x86_64.rpm => iron-5.0.381-69.1mib2010.1.x86_64.rpm