
Iridium Browser – A Chromium-based browser focused on privacy - Jerry2
https://iridiumbrowser.de/
======
notatoad
So increase your "privacy" at the risk of your security? Personally, I trust a
fully-patched chrome more than a browser that lags behind the latest security
updates by 6 weeks.

(Iridium is currently branched off chromium 54, chrome is on version 55)

~~~
jklinger410
Maybe for some people Google owning their data is worse than the odds that
they will be targeted by the latest exploits.

~~~
rtpg
Given current ransomware trends, that seems like setting up a bunker but
crossing a highway on foot daily. Sure, the nukes won't get you, but those
cars will.

It's not that you're not allowed to worry about google holding your data (of
course it is!), but it's pretty unsafe to be on the 'net without being
properly patched.

If I had to set about this, I would have an upstream fork of Chromium that
would patch the various networking functions to blacklist known google
domains, and then offer a flag to ignore the blacklist in the "obvious" spots
(like when you go to google.com). Probably not perfect, but a bit safer.

If you're super serious, you could just 404 all access to google.

~~~
wfunction
> Given current ransomware trends, that seems like setting up a bunker but
> crossing a highway on foot daily. Sure, the nukes won't get you, but those
> cars will.

I haven't updated Chrome in quite a while. My computer's been running just
fine. I'm pretty sure I would've died if I'd tried to cross highways as you
mentioned all this time. So I think something about the comparison doesn't
smell right.

~~~
rtpg
Hey some people win the lottery, right?

The relative odds aren't quite right, but consider how many people you might
know who lost their PCs to virii, compared to people compromised by their
Google searches.... Maybe it's a wash ;)

I think your likelyhood of getting your PC messed up is pretty dependant on
habits too. You're much more likely to get hit by drive-by adware if you're
(on Windows and) going to those random illegal streaming sites to watch some
show than if you're reading HN.

An example: I was on a less than stellar video hosting site, and a bunch of
pop-ups got me to accidentally download "FlashPlayer.dmg"

I'm pretty well versed in this stuff! And they got me to download this right
as I was going to watch this video. If I didn't know better, it would have
been like all those other plugin updaters (of course you need root to install
flash right?)

Of course, updated Chrome didn't prevent this case for me...

~~~
wfunction
> I think your likelyhood of getting your PC messed up is pretty dependant on
> habits too.

Indeed...

> You're much more likely to get hit by drive-by adware if you're (on Windows

Indeed I am on Windows... without security software, etc.

> and) going to those random illegal streaming sites to watch some show

Indeed I am not...

> than if you're reading HN

Indeed I am...

> An example: I was on a less than stellar video hosting site, and a bunch of
> pop-ups got me to accidentally download "FlashPlayer.dmg" I'm pretty well
> versed in this stuff! And they got me to download this right as I was going
> to watch this video.

Even if you downloaded that, you have to do some extra clicks to make it run.
It's not something that I can see happening by accident to the average HN
reader.

> If I didn't know better, it would have been like all those other plugin
> updaters (of course you need root to install flash right?)

But you did know better.

> Of course, updated Chrome didn't prevent this case for me...

Well there you go, I'm out of arguments.

I think you _quite beautifully_ narrowed down where the real problems lie and
proved my point, so I'm just going to leave it at that. ;)

~~~
rtpg
I might revise my original post.

On the other hand, looking over CVEs for chrome[0], I'd be a bit worried.
Chromes before 47 included remote code execution via the MIDI subsystem! If
someone could play a MIDI, they could compromise your system!

Yikes

[0] [http://www.cvedetails.com/vulnerability-
list/vendor_id-1224/...](http://www.cvedetails.com/vulnerability-
list/vendor_id-1224/product_id-15031/opec-1/Google-Chrome.html)

~~~
wfunction
My Chrome isn't _that_ old, though I don't play MIDI on Chrome either...

------
eh78ssxv2f
Was the last commit back in Oct 2016
([https://git.iridiumbrowser.de/cgit.cgi/iridium-
browser/](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/))? That
looks like a long time gap. I am pretty sure there have been multiple
security/critical bug fixes to Chromium between then and now.

~~~
scoobydooxp
[https://github.com/iridium-browser](https://github.com/iridium-browser)

~~~
em3rgent0rdr
[https://github.com/iridium-browser/iridium-
browser/commits/m...](https://github.com/iridium-browser/iridium-
browser/commits/master) says last commits of actual code was from Oct 2016...

------
yAnonymous
If you want a privacy-focused browser, Firefox is a better choice than
Chromium without security patches.

~~~
jbmorgado
Thing is, at least on MacOS Firefox is quite slow compared to Safari or
Chrome.

Firefox also keeps eating more and more memory the more time it's open (Chrome
also uses a lot memory, but at least it's stable). Firefox devs usually blame
extensions for this (and I can believe them), but I really don't care who's
fault it is, I just want my browser to work nicely.

Also, these are present complains. Since at work I'm back on Linux full time,
I tried to stop using Safari at home and use Firefox in order to use the same
browser everywhere. But Firefox just didn't cut it.

I'm now deciding between Opera and Chromium. They have their quirks, but at
least they are considerably faster (on my MacBook Pro) and don't keep leaking
memory like Firefox does.

Which brothers me, because the best browser on paper when it comes to multi OS
support and privacy is Firefox and would be my default go to browser in this
case it weren't for these big (for me personally) problems it still has after
all these years of the same exact complains from a lot of users.

~~~
_joel
Try the 'Suspend Tab' plugin.

~~~
jbmorgado
I have Auto Unload Tab, according to devs and reviewers it saves more memory
than just suspending the tab.

------
Sephr
Never use forks of popular browsers (exception: when browser libraries are
dynamically included from official sources). Forks never get security updates
as timely as the originals. This is pretty significant if you are important
enough for someone to use their zero-days on.

~~~
gst
In general I agree. My only current exception is that I use Brave[1] instead
of Chrome on Android, because Chrome is missing adblocking. It appears that
the company behind Brave is large enough to keep the fork somewhat up to date
(compared with several other forks that are only updated very infrequently).

Also not only security updates are an issue. Some of the previous forks have
been maintained by people who hardly had any idea of what they were doing.
Interesting blog post about the Iron fork:
[http://neugierig.org/software/chromium/notes/2009/12/iron.ht...](http://neugierig.org/software/chromium/notes/2009/12/iron.html)

[1]
[https://en.wikipedia.org/wiki/Brave_(web_browser)](https://en.wikipedia.org/wiki/Brave_\(web_browser\))

~~~
em3rgent0rdr
Could instead use FireFox on Android, which will allow you to install plugins,
so you can have adblocking.

~~~
gst
That's what I did before I knew about Brave. If I don't have a choice I'd use
whatever browser provides adblocking, but with a choice I'd prefer a Chromium-
based browser.

------
onion2k
After a very quick check, I think the chrome.webRequest API can be used
without the browser giving any warnings. That means an extension can intercept
and modify every incoming and outgoing request the browser makes, including
sending a copy to a third party or redirecting xhr traffic in the background.
Chrome (and consequently Iridium) makes it hard to hide an extension, and a
malicious attacker would need to have access to the browser, but if you
install this browser in the belief that it will "automatically" protect your
privacy I don't think it's doing enough. There should be an indicator that an
extension is manipulating requests that the browser is making.

------
skrowl
My browser focused on privacy is called Firefox (with a few key extensions).
Why take out of date Chromium over fully supported Firefox?

~~~
WayneBro
Why? Because of all the reasons most people switched away from Firefox to
Chrome to begin with...

Firefox is slow, klunky and the UI is deplorable. Mozilla and also hates
native platforms and therefore Firefox doesn't respect my OS. For instance -
since the beginning of time, every Windows program let me close the window by
double-clicking in the upper left corner. People have been asking Mozilla to
change this for years and got ignored. Meanwhile, the Chrome team changed it
immediately upon request when one of their builds lost the ability.

IMO, Mozilla is a second-rate has-been that turns out nothing but useless crap
like Rust and Servo that nobody needs or uses since there are much higher
quality alternatives already in existence - [http://www.mozillalabs.com/en-
US/projects/](http://www.mozillalabs.com/en-US/projects/)

------
romanovcode
I don't get it. When I launch it it still asks me if I want to sync with
gmail. Privacy and google, really?

------
spankalee
Previous discussion from almost two years ago:
[https://news.ycombinator.com/item?id=9482689](https://news.ycombinator.com/item?id=9482689)

------
awqrre
I'd be curious to see what they removed... Also, I get a 404 for the download
link[1].

1\.
[https://iridiumbrowser.de/download.html](https://iridiumbrowser.de/download.html)

~~~
axelfontaine
[https://github.com/iridium-
browser/tracker/wiki/Differences-...](https://github.com/iridium-
browser/tracker/wiki/Differences-between-Iridium-and-Chromium)

~~~
cpeterso
It looks like some of these changes could be implemented as a Chromium
extension that toggles these settings in Chrome.

Mozilla and Tor are working to upstream many of Tor's privacy changes into the
Firefox code base. Even if the features are disabled in Firefox for now,
having the code already in Firefox will make Tor's work easier because they
don't need to reapply bitrotted patches. They just need to toggle an
about:config pref. This Tor blog post has more information about the
upstreaming collaboration:

[https://blog.torproject.org/blog/tor-heart-
firefox](https://blog.torproject.org/blog/tor-heart-firefox)

------
aargh_aargh
The first link in the FAQ is broken, should be:

[https://github.com/iridium-
browser/tracker/wiki/Differences-...](https://github.com/iridium-
browser/tracker/wiki/Differences-between-Iridium-and-Chromium)

------
free2rhyme214
Why this over the Tor Browser?

~~~
lmedinas
I think the point here is to offer a browser that does NOT report to Google or
offer any Google services in order to give a more privacy oriented experience
while keeping the same expectation a user has from Chrome.

Tor Browser on the other hand tries to be a very private oriented browser
(blocks several features by default) and gives access to the Tor network.

------
keypress
How does Chromium fare by itself?

~~~
keypress
Or rather, how much of this is user configurable: [https://github.com/iridium-
browser/tracker/wiki/Differences-...](https://github.com/iridium-
browser/tracker/wiki/Differences-between-Iridium-and-Chromium) Can I make
Chromium less Google and increase privacy?

------
bikitan
Is that a scrolling marquee in 2017?

~~~
flukus
I know we used to rubbish them, but in a world of auto playing video ads,
flash animations and unnecessary javascript scrolling marquees seem like the
least of our problems.

~~~
tritosomal
Used sparingly, the <blink/> tag was at times practical. Unforunately those
that used <blink/> used it zealously.

I feel like there's should be a word that described the things that get ruined
by a small number of abusers. I'd probably already know it, if such a word
were coined, but maybe not.

~~~
flukus
Tragedy of the commons?

~~~
tritosomal
I think that's reserved for neglect.

------
Kiro
Why .de?

~~~
detaro
Because it is backed by a German organization.

------
warcode
Attempting to load [https://www.twitch.tv/](https://www.twitch.tv/) results in
ERR_CERTIFICATE_TRANSPARENCY_REQUIRED.

Doesn't seem usable.

