
Iridium – Secure Browser - fcambus
https://iridiumbrowser.de
======
skymt
The developers of Iridium don't reveal that their browser phones home to their
servers, and that's cause enough for distrust here.

A quick "grep -r iridiumbrowser.de" of the source reveals that they replace
calls home to Google with calls home to various hostnames of the form "trk-
NNN.iridiumbrowser.de", where NNN is a three-digit number. Presumably these
hosts act as proxies. For example, lines 37-38 of
chrome/browser/history/web_history_service.cc:

    
    
        const char kHistoryQueryHistoryUrl[] =
            "https://trk-139.iridiumbrowser.de/history.google.com/history/api/lookup?client=chrome";
    

Edit: The git log for this change:

[https://git.iridiumbrowser.de/cgit.cgi/iridium-
browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-
browser/commit/chrome/browser/history/web_history_service.cc?id=3bb27d9887bef87a41b56f2ec5ef62df81319a0a)

"Replace URLs to Google services by URLs to our own server, so as to analyze
where we still have to patch the browser to make it stop blurting data out."

That's an acceptable excuse in a debug branch, but there's no reason for this
kind of privacy-impacting debug code to reach a public build.

~~~
longsleep
This is really great feedback. Reading this and the other comments makes clear
that we need to improve documentation what and why we changed things. All the
trk-xxx.iridiumbrowser.de hosts are there to find connections which we were
not able to disable yet. All these end up at nothing (404 not found) and are
not proxied in any way. Essentially Iridium browser should never contact them
- if it does then it is a code path we have missed and a bug.

~~~
TheLoneWolfling
Then replace them with a crash or popup ("Line <x> was reached but shouldn't
be reachable. Please report this." or whatever)

Phoning home without permission goes against the entire concept of a secure
browser.

Have you ever seen the underhanded C contests? There are _far_ too many ways
for something like this to turn nasty. Especially given there's inherent
plausible deniability.

------
kentonv
Given that Chrome (and Google in general) has possibly the best defensive
security team in the world, it's hard for me to take these security-oriented
forks too seriously. Indeed, the last "secure Chromium fork" I heard about,
WhiteHat Aviator, turned out to introduce a bunch of new vulnerabilities:

[https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z](https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z)

Even if the fork doesn't add bugs, you are now relying on the fork's
maintainer to push security updates. Will they be as good at this as Chrome's
team? This is unfair, of course: no startup or small project is ever going to
have Chrome's resources. But when it comes to security, speed of updates
really does matter.

~~~
unicornporn
> Given that Chrome (and Google in general) has possibly the best defensive
> security team in the world, it's hard for me to take these security-oriented
> forks too seriously.

I think it depends on who and what you most eager to secure yourself from. If
you think hackers are the greatest online threat, perhaps you should go with
Chrome (if you chose between these two browsers). If you don't trust Google to
stay classy when it comes to privacy and data collection, perhaps you could
consider running a one or two versions old Iridium version of Chrome.
Personally, I use Firefox. I prefer not to use a browser from a company that
lives on data collection.

Chrome might be kosher now (to be honest, I don' know), but a decision at the
headquarters can change that at the next automatic update.

~~~
Havoc
>Personally, I use Firefox.

I seem to recall a recent hn post that made FF sound like a bit of a privacy
disaster in its own right - specifically on the topic of addons (they all seem
to phone home).

~~~
rockdoe
Those add-ons are things _you install yourself_ on top of the browser. What
does that have to do with Firefox's privacy? Nothing.

Random software installed from the Internet can be harmful, who'd have
thought!

~~~
bigbugbag
Except that the browser is missing a lot excepted features and historically
positioned itself as "just pile extensions on top of FF to get features we
won't add or have removed".

adblock ? disable javascript ? mouse gestures ? download manager ? privacy
protection ? duplicate tab ? and so on all are extensions because mozilla
refused to implement or removed those features.

------
tptacek
The one question you really want answered from any "secure" or "private"
browser fork of Chromium or Firefox is: exactly how, in excruciating detail,
do they track upstream security fixes? Are they getting notification of issues
alongside the browser vendor, or do they find out only when the public does,
when the embargo on disclosure is lifted?

Keeping up with vulnerabilities in browser codebases is a full-time job and
there are very few teams in the world who can fund it, so odds are, forked
browsers are going to need creative ways to piggyback on their upstream.

------
snotrockets
Every time I read a story like this, I'm reminded of Iron:
[http://neugierig.org/software/chromium/notes/2009/12/iron.ht...](http://neugierig.org/software/chromium/notes/2009/12/iron.html)

------
notatoad
Okay, so their current release is based on chrome 41, supposedly with some
security improvements. You know what else made security improvements over
chrome 41? Chrome 42.

------
ryanlol
None of these "secure browsers" seem to actually do any real hardening.

~~~
squiguy7
"But it does call home to Google." This doesn't seem to be that much more
secure if it still has to contact their servers.

------
Fastidious
Yet Another Chromium Fork. "Iridium has various enhancements where it forces
strict security to provide the maximum level of security without compromising
compatibility." \-- what does that means, exactly?

~~~
CHY872
The homepage says:

Disable transmission of partial queries, keywords, metrics to central servers
without consent.

Builds reproducible, modifications auditable.

~~~
Fastidious
Couldn't those recommendations be pushed to the Chromium project, without the
need to create yet another brand of Chromium?

~~~
tux
I second that "Chromium" used more in Linux distros.

------
joshstrange
All chromium forks seem rather useless IMHO. They don't support chrome
extensions AFAICT and at best they are a few hours behind Chrome in shipping
updates and at worst days/weeks/months/years. Sounds like I have to trade
quite a bit for "reproducible builds" which I'm not saying isn't anything, it
is but just not something I'm super interested in giving up so much for. We
ALL use code everyday that we can't see the full source for (I seriously don't
believe that anyone actually working in tech and staying up-to-date can run an
OS + all open source software, I just don't believe it) so adding one more
piece doesn't seem like that big of a deal.

Don't get me wrong I think security/privacy is HUGE and I don't want to sound
defeatist but come on... I'd love if everything was open source and I could
inspect/debug everything I run but that's not the world we live in and you
would have to go back to the "dark ages" of computing in order to live by that
standard. It's similar to people who have android phones with stock roms who
will tell me they prefer android because it's open source. Oh really? Cause
all I see is binary blob in your hand just like me. 1-2 of them play with
custom roms and this but NONE of them go as to install F-Droid (or whatever to
FOSS marketplace is) and ONLY use apps from it.

At some point you have to say "Yes I know I can't know 100% the security of
this app/device" and STILL use it. It's that or be a hermit, I don't like it
but that's how it is.

~~~
unicornporn
> All chromium forks seem rather useless IMHO. They don't support chrome
> extensions [...]

The Chrome extensions from
[https://chrome.google.com/webstore/category/extensions](https://chrome.google.com/webstore/category/extensions)
seems to work just perfect in Iridium.

~~~
joshstrange
Then I stand corrected, I had read somewhere before that they didn't work.

------
protomyth
I would have picked a different name since there is already an Iridium in the
tech space (satellite phone company). Not sure if it matters in Germany.

~~~
csoete
Yes it matters (at least to me), i was confused initially if it would be some
browser for the iridium sat network.

~~~
chollier
yeah that's weird..

------
myTmonkey
I don't trust them. They have not a single contact information and no imprint
on their website. Which is in fact illegal as their website ist hosted in
Germany and uses a german top-level-domain.

They advertise their product as ”a secure browser“ without making any
significant changes under the hood. As ”unicornporn“ said: ”privacy“ !=
”security“. Especially when you replace one villain by another.

------
captn3m0
Another big issue I found is that it does not really start with a clean slate.
It copies over your existing google profile to make the setup seamless. I
think that must be part of their debian packaging, but the profile path it is
using (/home/nemo/.config/iridium/Default) is freshly created in my file-
system and yet I can see my history from my current chrome profile in there.

~~~
longsleep
It should start with a clean state. Please file a bug at
[https://github.com/iridium-browser/iridium-browser-
ubuntu/is...](https://github.com/iridium-browser/iridium-browser-
ubuntu/issues)

~~~
captn3m0
Filed at [https://github.com/iridium-browser/iridium-browser-
ubuntu/is...](https://github.com/iridium-browser/iridium-browser-
ubuntu/issues/7)

------
signaler
There are lots of other 'flavours' of Chromium out there. Try to avoid any
closed source binary blobs like Comodo Dragon, and others. I like this because
at least we can inspect the source:
[https://iridiumbrowser.de/development](https://iridiumbrowser.de/development)
Rather than download from their site, I would much prefer to build this from
the source code they provide.

All the browser does is prevent phoning home to Google, which is preferable if
you've decided to permaban Goog. from your Internet traffic. Google is so
tightly woven into Chrome and is a huge privacy risk.

On the other hand, you could route all your vanilla privacy waiving stuff
through Chrome and use Firefox to do real surfing. Excuse the bias here, but I
know my way around the web and Chrome likes to think I don't. I suspect Chrome
is some sort of fisher price browser designed for non tech savvy folk.

So use Chrome for Facebook, Youtube, other Google products. But don't use it
for actually surfing the web.

------
subudeepak
It would be nice to see how Iridium fares against WhiteHat aviator
[https://www.whitehatsec.com/aviator/](https://www.whitehatsec.com/aviator/)

I personally find aviator to be more trustworthy at this point though.

------
castor_t
How does extensions update happen in Iridium? I noticed in Chromium, they
check for updates frequently by connecting to the Google store. Does the same
happen in Iridium? If not, how?

------
geofft
There are a bunch of things I don't understand in the patches. I wish they'd
link to a bugtracker or something. (Incidentally, Chrome/Chromium has a public
bugtracker: Iridium seems to have a Trac that nobody used apart from creating
two tickets.)

* Enabling Do-Not-Track by default: [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=9db15d3834683bcb621c263e9aef49ba17f413a2)

This is widely considered to be a questionable plan, and violates the
Internet-Draft (section 6.3: "It MUST NOT transmit OPT-IN without explicit
user consent."). Are they asserting that merely having Iridium over Chromium
is explicit user consent?

* Disabling hyperlink auditing: [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=411e31b4bcefdff1e93704c5c4ff76572d0c2596)

As the HTML spec
([https://html.spec.whatwg.org/multipage/semantics.html#hyperl...](https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-
auditing)) points out, the behavior of hyperlink auditing in terms of privacy
impact is already achievable in several ways, like server-side redirects,
JavaScript, etc. The goal with the feature was to make performance and user
experience better, while not changing the privacy standard. Is it being
changed in Iridium for privacy reasons or for other reasons?

* Increasing the default client certificate (?) length to 2048 bits from 1024 bits: [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=4b16cfc4abc4482a0b4ccf9321c547685f26c927)

Given how much Google's been yelling about 1024-bit server certs, this seems
like an obvious thing to change upstream. Has it been submitted / is there a
reason they haven't changed it in Chromium?

* Disabling globally-installed NPAPI plugins on OS X, but still allowing those installed in your homedir: [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=fd5b986d422963f5466c94ab0bae012c9e059902)

Why? (There's probably a reason, I just have no idea what it might be.)

* Emptying the list of CAs allowed to sign EV certs: [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commi...](https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/commit/?id=2b97ce66913b9e6e1c03214132e9432e75fc21ea)

Why? As far as I can tell, the only effect is that EV certs will show up as
normal certs (green lock, instead of bar showing the organization name). What
does this have to do with improving security or privacy?

------
ryanlol
Wow, these guys seem to be using an ancient and vulnerable version of cgit.

