Slashdot Mirror
German Government Endorses Chrome As Most Secure Browser
New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"
Yes, beacuse silent updates let you know which security problems you may have been exposed to.
HAND.
Never underestimates the capacity of politicos to make decisions and pass legislation based upon a knowledge of the subject at hands poorer than that of a 3 year old. Especially high tech subjects...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Oh boy, people STILL post about this?
Every single option can be disabled. All of them. Even the ones the "moron" from SRWare said weren't capable of being disabled.
Enjoy your less useful browser!
If you think you have ANY privacy online, you should check again, every single thing you do is being watched for legal requirements.
Unless of course you go out of your way to use something like Tor, Freenet and the like. "In which case you are a durty turrurist!" (still can't believe that was mentioned, how long do you think it will take for it to be outlawed?)
You already don't have privacy from the first day you enter this world.
You really care that some people probably thousands of miles away from you are watching your habits so, GOD FORBID, they can show you something you might LIKE? CALL THE COPS, THEY ARE GIVING ME NICE THINGS!
I'll never understand you paranoid people. Some harmless ads and you almost stroke.
As an engineer on Chrome security this particular FUD really bothers me. The BSI takes privacy very seriously, and would never make such a recommendation if Chrome did anything like what you suggest. To the contrary, Chrome has an exceptionally responsive privacy team and a very clear and simple privacy policy. It identifies any feature that can exchange data with Google services, and provides clear instructions for opting out. More importantly, the vast majority of features that can exchange any such data are explicitly opt-in.
You miss the point. It's all about lobbying, money, and who has it (and who doesn't).
I haven't read TFA, but headline says "most secure browser", not most private.
You don't actually know what the BSI is, do you? They're one of the most respected security and privacy organizations in the world.
tbh the droid app is very superior, default google browser is slow and doesn't work
Tell him to watch this: http://www.youtube.com/watch?v=WAr-xYtBFbY
I take a look at Chrome every few versions or so, but I do not use it, for various 'comfort' reasons; I haven't decided whether it's useful for me to install Chromium since I seem to get by just fine with Opera and Firefox.
Unless it's absolutely needful to run anything from Adobe, I prefer to use open-source alternatives, because they suit my admittedly pedestrian needs.
On Windows systems, I've used Secunia to good effect since their on-line scanner became available; later I used PSI on Vista and Windows 7. I found the later versions in particular to be very useful and easy to use. While I now run Linux, save for a few Windows virtual machines, I continue to highly recommend PSI to any general user running Windows.
It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.
They went on to recommend Adobe Reader X. I agree that pdf readers in a sandbox make a lot of sense, its just that I have no particular reason to trust Adobe, since it was their doing that made PDFs unsafe in the first place. With Chrome's built in PDF render engine, I find I seldom have to use the adobe plugin at all any more. (And when I do, I'm always suspicious).
If Google wanted to do us all a favor they would to with Flash content what they did with PDF documents, and add their own in-browser render engine.
That being said, I do like the sandboxing that Chrome supplies, and Google Chrome is my browser of choice.
Some people don't like keying search terms in the URL bar, and other minor objections that, when investigated, all amount to "its not firefox". I've seen some reports of incredibly slow page fetches, which are usually traceable to external things (chrome likes to use multiple concurrent connections, and swamps some anti-virus packages that operate as a proxy server).
For me, the speed can't be beat on any of the platforms I use (linux and windows - various flavors of each). I prefer Google's builds to those in the Chromium Open Source project but both work very well.
Sig Battery depleted. Reverting to safe mode.
Well, IE is IE but the reason I'm really not surprised is all my repair customers who have Firefox give me an extra headache. You can uninstall Firefox completely then reinstall it from scratch with nothing preserved and you'll still have the MyWebSearch toolbar and basically any other malware that was on it before. You have to actually delete the plugins folder out in Program Files to actually clear it. The add/remove plugins menu is confusing and non-exhaustive compared to IE8 and 9. It's really, really annoying and bad from a security standpoint. Plus, you have to go into the options menu to permanently disable password-remembering which is just about the least secure thing you can do in a browser. They sure have gone downhill lately. I wouldn't be surprised if Mozilla hires the old Netflix CEO because they've been about that smart lately. So I guess chrome wins.
Every self styled nerd and wannabe geek I know claims to have aspergers. It's the mental illness everyone wants to have. From what I have heard and read from pro psychologists it may not even exist as a real illness and is just a collection of the usual common plain vanilla social awkwardness that most people suffer to some degree. But then think about how many people you know who wish they were 'Dr. Sheldon Cooper'!
Sometimes it crashes hard to the point where you need a hard reset of your computer. It even happens on major sites such as Boing Boing. Even though I switched to Chrome from Firefox after all it's "changes" from 4.0+ I still don't like crashes. I also feel that Google is trying to force Chrome on people similar to IE did to squelch Netscape with their over advertising and bundling.
The browser war is getting too rough, I hope once HTML5 is finally finished in 2014 the browser scene can stabilize again.
How is Google forcing chrome?
You have to go out and download it to get it on your computer. Your computer didn't come with Chrome.
As for Chrome crashing, I suggest you wipe your (most likely horribly compromised) computer and re-install your OS and then Chrome.
I haven't had Chrome crash in many months, and never had to restart because of Chrome.
Maybe part of your problem is your reference to version 4.0.
The current release of Chrome is version 16.0.912.77 (January 23, 2012).
Falling behind a little perhaps?
Sig Battery depleted. Reverting to safe mode.
Chrome is the most secured browser - new study:
http://www.theregister.co.uk/2011/12/09/chrome_ie_firefox_security_bakeoff/
* No Opera results compared (too bad, it's my "weapon-of-choice" online), but, similar results based on security featuresets compared showed similar results a month or so before this (Dec. 2011)...
(Sandboxing's a nice feature, but imo @ least, a bit "overrated", because sandboxes DO GET BROKEN, & in Windows 7 @ least, you can natively isolate ANY APPLICATION via right-click on it in taskmanager & set it as UAC VIRTUALIZATION enabled (which isolates applications' registry writes to the current profile only, NOT the ENTIRE SYSTEM/ALL PROFILES) - or, even moreso (filesystem, registries etc.) by using a tool called "SandBoxie" (64-bit capable too)).
APK
P.S.=> Anyhow/anyways, from the link above's a really nice chart used there for comparison of security-features & the criteria used as well -> http://regmedia.co.uk/2011/12/09/sandbox_comparison_small.png
... apkChrome is the most secured browser - new study:
Google protecting your privacy, FaceBook selling your privacy, and Microsoft leaving your windows open.
What if the roomate doesn't have much skill?
It would be hard to fake being some kind of savant if you have fuck-all ability.
Years ago I shared a dorm room with a Dutch guy called Luuk who genuinely thought he was a genius and often used to tell us all about his alleged high IQ, yet he was one of the dumbest fuckers I ever met and couldn't code for shit.
It was a case of trying to teach a duck algebra: when he was stuck on something (and he was always stuck on something, usually the things no one else had ever been stuck on) trying to explain the solution just made him angry, because he was so smart, much smarter than us, and it was offensive to him to not understand that.
The guy was simply too fucking dumb to realise just how fucking dumb he was.
There is no doubt in my mind that he now tells people he has AS (like it's a good thing) and thinks people believe him.
How to elevate oneself above the merely ordinary? Claim to have an syndrome when you don't actually have it Then you will be amongst the geek elite for sure.
The next time someone tells me they have AS I'm going to demand to see documentation from an accredited psychiatric health professional.
Maphap because the conspiracy theories are old and busted, and people are getting sick of the wrong, the trolls and the shills?
But this newest update they sent... is blowing my CPU util of the charts...
I can open just Gmail, come back 8hrs later (ie, going to sleep), come
back and my laptop fan is roaring like a jet taking off, utilization is well
above 50%, with kernel involved and both cores.
I don't know if it's new Chrome update interacting with SWF or something
that they (Google) did to their pages. When I run Chrome taskman, it
shows the tabs that have Google apps on them, just smoking the CPU.
This isn't flamebait or trolling... it's a fact. I've made two bug reports,
but it seems that there isn't a "me too" anywhere.
Hoping maybe one of the geek peers here might have a similar issue?
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
it's called HTML5, and it will eventually kill flash
'It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.'
and you are wrong. people want to see flash. and if a browser did not offer them flash, they simply wouldn't use the browser
so give google credit for meeting users half way: "look, you want flash, and you don't care about your security, so we are going to give you what you want in the most secure way possible, in spite of yourself"
don't hold against google their attempts to maximize security within the parameters of user expectations. of course, there will always be people who will judge google, and others, against absolute ideal security standards. and such people will only be called insightful on slashdot. the rest of us understand the needs of satisfying real world users
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I use Firefox because it has NoScript and SSLEverywhere, that Chrome doesn't (or doesn't that have equivilent funcionality); thus making Firefox more secure for my usage paterns.
The source is available. Take a look at it yourself, idiot.
Maybe because you have no idea what you are talking about?
I didn't wish to be classified; I didn't like all the info on the group and how most of it applied to me. It also took away options in that I can not do some things others can or as well as they do-- it didn't bother me much before but now that I know I can't or shouldn't be expected to that bothers me. Likely it is the farce from this culture that anybody can do anything they want with the proper effort (and right approach.)
It is useful in some ways as well. Normal solutions may not work for me so why bother; instead look for ones that do work. Eventually everybody will have a label and only the most dull bland nobodies will be "normal" and that will become a minority group. So in being in an early 'freak' group I do benefit in some ways early because figuring out optimal solutions will happen with my group before the other yet-to-be-named classifications exist.
Many stats are bad. like 93% divorce rate and how the normal partner suffers increased stress unless they can learn to adapt (most don't, especially women.) General opinion seems to be marriage is not for us; but probably has a good chance with "our own kind". Sadly, current stats show that women are 1:4 and do to cultural differences they stand out less so it may be better or not... most the above info comes out of that big reference book on asperger's -- another thing to note is that I've not found any references written by people with it; its from the outside, and they view us as the defect when most our deficits relate to normal people; perhaps its the normal people who are flawed.
Men tend to adapt to the women with it better (likely cultural but my research indicates there is a strong biological factor making women less tolerant in many ways than men; naturally culture can override biology; which is one reason primate behavior research is so useful.)
Science and tech are magnets. I found it easier to communicate with the machine than people. It was also easier to apply science and reason to life than it was to do the mindless stuff normal people do.
Too bad you're missing out on a browser that is way better than Firefox, and just as 'private'.
It's open source, where the fuck are they going to put the backdoor? If you're really paranoid, compile it yourself after reading the source code over.
I think he means Firefox 4.0, where a lot of drooling retards didn't realize that just because the version number changed faster didn't mean it was somehow impossible to keep up.
Adobe in the same sentence as secure?
I do not know what world they are living in but post 2008 since the death of IE 6 the number one infection of the web is not javascript or browser exploits but infected flash, java, and adobe files. They infect all platforms regardless of browser and is a nice run around since browsers generally have huge resources put in security development. I am shocked most geeks still allow flash and java enabled in work computer browsers outside the intranet and allow adobe acrobat to be installed.
At home I use Foxit with javascript disabled by default as my pdf viewer and use lists in IE 9 to block most flash and ads. In Chrome I use adblock.
Also Chrome is that secure because of one glaring feature that is a security risk. Chrome will click for you on every hyperlink and just not render it in front of you in order to *appear* faster when you do click on it. It is called network predictions. So the old tale, do not click on everthing! ... does not apply in Chrome and that scares me. I make sure I disable it under advanced options.
So far I only trust IE 9 for security as Firefox offers no sandbox at all, but even IE 7 had a sandbox and was not secure although better than IE 6.
http://saveie6.com/
Chrome isn't proprietary you fuckerlord, if you don't want Flash bundled, then get the source and unbundle it.
My experience has been that people who work for Google tend to be particularly touchy whenever the company's ethics come up. I think a number of the engineers who end up working there do so out of an impression that Google represents the moral high ground in th software industry at the moment. And quite a few seem to have left after finding out that isn't so...
the vast majority of features that can exchange any such data are explicitly opt-in.
But there's one significant case where that's not true, isn't there? If I hit a 404, Chrome phones home with the URI I was trying to reach. And what do you do with that data, I wonder?
How exactly is the GP's comment "FUD" when you yourself admit that Chrome does indeed communicate some information to Google?
Google protecting what? If anything, they invade your privacy every day, even more so since the David Drummond asshole rolled out the new privacy policy!
--
Jordyn Buchanan
Drinking the Google kool aid, are we? I find it surprising that you are actually proud of working for Google, considering all the damage to the Google brand that assholes like Vic Gundotra, Andy Rubin and David Drummond have done.
I recommend to everybody that they switch to non-Google products since the Real Names fiasco.
--
Jordyn Buchanan
Fine
Your say your a a Chrome security engineer OK.
but..
Can you state the policy written or perceived about saying , writing or even implying anything Negative about Chrome?
can you remain employed and later employable doing that job if you said anythng negative?
Tell us how you can be objective., can you tell us it's bad if were bad
He is complaining about the HUGE Chrome ad in Google if you go there not on Chrome. Infact he has a point as 2011 was the year IE took a significant nose dive. But Firefox usage went down too (not nearly as large). Most of the new Chrome users this year were from IE users and not FF. IE lost over 10% according to g.statcounter.com. That ad in Google is probably the reason as well as Chrome being bundled everywhere.
Most people are scared to install software or mess with their computers. The Chrome ad made it convenient for people who knew their browser was shitty but didn't want to do anything extreme about it.
Personally I experienced the flash crashes on Chrome a lot. I wiped my computer 3 times least year at least and Chrome after 12 or 13 started having issues on youtube with the plugin crashing. I like more competition as innovation froze for 10 years thanks to the death of Netscape and IE 6. Only last year did it thaw when IE received less than 5% of all US users. The more browsers the better as standards define the level of innovation again.
http://saveie6.com/
But there's one significant case where that's not true, isn't there? If I hit a 404, Chrome phones home with the URI I was trying to reach. And what do you do with that data, I wonder?
From the privacy policy:
"If you navigate to a URL that does not exist, Google Chrome may send the URL to Google so we can help you find the URL you were looking for. We may also use this information in an aggregated way to help other web users - e.g. to let them know that the site may be down. Learn more about disabling suggestions on navigation errors."
Haha, whoa flashback time! Back in my college days I had an Australian roomie who thought he was God's gift to computer science but was in fact as stupid as pigshit.
One time he read a Brit gamer mag and memorized the instructions for editing config.sys to load his games into extended memory -- or some other feeble MS bullshit -- then spent the next month trying to tell everyone about it.
The thing of it was he had zero understanding of what it did or how it actually worked. He'd memorized it and that was enough to be a computer genius, in his opinion.
Also he got into Win3.1 and in front of the whole class lectured the course super about how we were wasting our time learning UNIX because it had already been killed by Windows and that absolutely everything would be running nothing but Windows within a year.
It was pretty hilarious when he used to fake an American accent and thought he could fool anyone with it, because it was the most Godawful thing you ever heard, like a wild pig being slaughtered.
When he flunked out before the end of the first year, he claimed he'd voluntarily dropped out to run the IT dept of his father's company, even though he tried desperately to remain in the US and enrol at any college that would take him, but none would and so he had to leave.
My guess is that when he returned to Australia his dad paid him a 6 figure annual salary to install DOS and Win3.1 on the secretary's PC, which just goes to show that you don't have to be smart to make it in this business. :)
Because it is false. It's free because it allows Google to drive web standards as well as drive traffic to google search. Google has a keen interest on which way the web goes and having a browser they have full control over allows them to help steer that. Things like miminal interfaces, web pages acting as apps, webm support, etc.
Do they have people who know absolutely nothing about computers writing these recommendations?
Go to AskWoody.com first and decide whether that update is going to break your computer! There's nothing good about automatic updating - it just breaks things and adds bloat!
He is complaining about the HUGE Chrome ad in Google if you go there not on Chrome. The Chrome ad made it convenient for people who knew their browser was shitty but didn't want to do anything extreme about it.
Personally I experienced the flash crashes on Chrome a lot.
So you are saying he visits a Google site and complains about an Ad for a google product? I certainly didn't read that in anything he wrote. There is a big X in that chrome ad, and you click that X you won't see that button show up again, regardless of browser.
One ad does not "forcing" make. (Checking: Ford, yup, Sunkist, yup, Nikon, yup. It seems just about any company website I visit I see ads for their products. The Gall of some of these people!!!)
He wasn't complaining about Flash crashing, he was complaining about Chrome crashing. I never notice Flash crashing, although sometimes it would be a blessing.
Sig Battery depleted. Reverting to safe mode.
I haven't read TFA either,, but how do you define secure if it doesn't mean private ? I'd love to hear that distinction..
To the contrary, Chrome has an exceptionally responsive privacy team and a very clear and simple privacy policy.
Privacy policy means nothing if the company can change it on a whim (like Google just did). The fact that Chrome doesn't currently violate people's privacy is more to do with there being valid competitors and it only having ~30% market share so far and less to do with some random engineer's opinions. When it's 80+% and no competitors as good because Google withheld publishing some Dart VM update (or whatever, none of Google's open-source is GPL by choice) you know they'll do whatever it takes to meet market predictions.
Back in the day they started out as an offshoot of the BND (if you want a good laugh dig deeper into the story of how that one came to be and why it shouldn't be trusted) but nowadays they usually serve as a mouthpiece for damage control if some government branch has screwed up again (e.g., electronic identity card).
And if they're not too busy they use some of their idle time to find discover new ways to make themselves look like idiots (e.g., the recent "DNS OK" story).
I, for one, am grateful for the Chrome browser because it works as a very effective sandbox for everything Google. Ever since Google decided to track me through Google+ +1 buttons added to every page I browse, I've had to remove google.com from my whitelist. I've also switched to Bing as my primary search engine in Firefox, and I have to say, I don't mind getting Xbox Live! points for searches I do.
The features that bother me in Chrome include the very coarse scroll bar, which requires me to manually scroll down when reading longer articles instead of just using my touchpad. I have yet to figure out how the search bar/address bar is supposed to function (the awesome bar and search bar in FF is best I've come across). Last I checked, Chrome equivalents of NoScript do not truly block scripts because they allow them to load briefly before stopping them, giving probably enough time to identify the computer or even run an exploit. I also haven't found a cookie manager like Cookie Monster. I regularly see ads in YouTube videos even with AdBlock installed, most especially in embedded videos (I have no memory of ever seeing ads in YouTube in FF).
At this point, for me, Chrome is not very private and a bigger PITA to use than FF. I don't care what the Germans claim.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
I don't see innuendo or unsubstantiated accusations as adding anything to the conversation. But I do think it's useful to address the technical portion of your claim.
If I hit a 404, Chrome phones home with the URI I was trying to reach. And what do you do with that data, I wonder?
I think you undermine the legitimacy of your question by trying to manufacture some evil ulterior motive here. The simple fact is that people often mistype URLs (or clip portions when pasting them), so it's helpful when the correct URL can be easily determined. And if you read through the privacy policy I linked above, you'll see that it very clearly describes what occurs in this scenario:
In order to offer suggestions of alternative or similar webpages, the browser sends Google the URL of the page you're trying to reach whenever the web address does not resolve or a connection cannot be made. Information is logged and anonymized in the same manner as Google web searches. Any parameters in the URL are removed before the URL is sent. The logs are used to ensure and improve the quality of the feature.
So, the submission of the URL is no different than if you'd stripped the parameters and pasted the URL into Google from an anonymous incognito window. If you're uncomfortable with that, then the same link provides instructions for disabling the feature.
Start by upgrading that 40-characters-wide monitor of yours, then we'll talk about your Chrome problems.
Drinking the Google kool aid, are we? ...
-- Jordyn Buchanan
AC Fail!
I don't care what the Germans claim.
- they said something about security:
"Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks," said BSI in its published advice. "By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack." ... "This [sandbox] protection is implemented most consistently in Chrome...[and] similar mechanisms in other browsers are currently either weaker or non-existent," explained BSI.
Chrome is not very private
- and this is correct, they said nothing about privacy.
You can't handle the truth.
Even easier, just download Chromium. No Flash, no auto-updating, no phone-home, fully open source. Complaining about these things in Chrome when its completely open-source counterpart Chromium is available as a free download (binary or source) seems pretty stupid to me.
I've been using Chromium for a few months with Gmail, and haven't had any problems at all. I wouldn't be too surprised if it's that Flash crap. I used to have all kinds of problems with Flash processes pegging the CPU when I used Firefox. Anything that Flash touches turns to shit.
Google spy for fbi/cia browser
Perhaps the GP posted anonymously because of a previous moderation?
So you are saying they have managed to crack Chrome and are using it to track people, and are recommending people use Chrome to make their job easier?
How exactly is the GP's comment "FUD" when you yourself admit that Chrome does indeed communicate some information to Google?
In a default, opt-out fashion, no less.
The BSI has only a supporting role, their recommendations do not have the force of law and don't need to be followed by anybody. They have in the past recommended Firefox as well, if tomorrow there is an exploit found in Chrome, then they'll recommend Firefox or IE again, and might change the recommendation right back when Google rolls out the fix.
From TFA "Germany's cyber security agency today recommended that Windows 7 users run Google's Chrome browser". They didn't write the summary, you can't really blame them for that.
It's not just on Google sites. From what I've seen Google has been pushing huge numbers of ads about Chrome through pretty much every single site that uses Google ads, though this presumably depends on which browser you're using.
Ads don't Force you to use it.
Sig Battery depleted. Reverting to safe mode.
Slashdot is full of self-diagnosed Asperger cases. The post to which you replied clearly emphasized the image these people assign to themselves, by stating that normal people are somehow flawed and mediocre, while the "sufferers" consider themselves to be superior in every way.
Just because you are timid, shy, like playing with toys, and insufferably arrogant does not make you a member of an elite club of ubermensch. Seriously.
- they said something about security:
"Your internet browser..
My browser runs NoScript, and the Germans didn't include this, so they're still wrong.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Oh cool a Chrome dev. Can you add hooks to the extensions API to allow proper working versions of AdBlock and NoScript to be created? And don't tell me they already exist; those pathetic excuses of hacked together crap couldn't block a drunk midget. Thanks in advance.
Fanboys argue amongst each other about which browser is the best. This quickly snowballs into a heated debate about which OS is more secure, and which browser is most secure on what operating system. In the end, after the thread is left in a smoldering heap of baseless accusations, groundless conjecture and a little bit of superstition, we all end up looking like basement dwellers to the casual observer.
If you must know, my browser is made from alien technology and does some of them there fancy things.
Yep I agree.
I am glad its there to help some Grandma who wants to use a better browser.
The only thing I can think of I do not like about Chrome is that they support proprietary things like Dart and SPDY or whatever they call it in place of http and some proprietary javascript apis. But unlike MS they do not own 90% of the market so it wont turn into another IE 6.
http://saveie6.com/
He has many other fast
Ever since Google decided to track me through Google+ +1 buttons added to every page I browse, I've had to remove google.com from my whitelist.
How do you reconcile your statement with Google's stated policy on what the +1 button tracks: http://support.google.com/plus/bin/answer.py?hl=en&answer=1319578 ?
I've seen the claim that the +1 button tracks you in a lot of places, and as one of the people responsible for making it not track you [I work for Google], I'd like to understand better why this claim persists. Thanks!
The part I cited was in the article.
I cannot believe how naive most people are. Just because something is open source doesn't mean that your average user has the ability to check that an installed binary update matches the source code.
The backdoor is software auto upgrades. By upgrading to a special binary any government security organization, in cooperation with every major organization pushing software updates, can have access to everything you do on your computer - not just everything you do on the internet which is clearly a simpler task. Naturally every government agency will decree that auto updates and flash are highly desirable.
Is it simply a coincidence that at the very same time that every airport rolled out full body scanners, software suddenly became so unreliable and bug ridden that constant and automatic updates became necessary?
He's a troll intentionally trying to smear the name of a publicly known Google employee. On the plus side, at least the signature makes him easy to identify and ignore.
How will you work out that your binary matches the source? Have you ever done that? Has anybody ever done that?
Yeh, right. Speed isn't everything. Chrome has not even a patch on FF when it comes to user control and customisability. And, some of us like control over our browsers. Just as private, hmmmm, seemingly no one is claiming it is "as private", just that it's lack of privacy is not to be, necessarily, equated with lack of security. How can it be just as private, when you can't block scripts or manage your cookies effectively. Personally i just don't like how locked down Chrom(e)/ium is: last i checked you couldn't easily (practically at all) make it so that links opened in foreground tabs. Thanks, but yeh, no.
google astroturfer? ..or just completely ignorant about human psychological needs?
posted as a/c?
head asplodes...
just because you have given up your valuable privacy does not mean the rest of us want to join you in subservience to your government and corporate masters.
in fact, I think you're a pussy for giving up so easily.
--
"It is now safe to switch off your computer."
Dude, they've been tracking you through google-analytics on every page you browse to, and they have been for a very long time. The number of sites with a +1 button is miniscule to the number of sites with google-analytics callbacks.
"From the same government that brought you Hitler!"
You're clueless about German history.
> You have to go out and download it to get it on your
> computer.
As it happens, this is not true, and was even less true last year, before Microsoft bought Skype. See http://en.wikipedia.org/wiki/Google_Chrome#Bundling_practices for a brief summary, but there's plenty of information on this out there if you go to look for it.
Chrome is not in fact open source. It includes a bunch of open source code but also various closed-source components. Perhaps you confused Chrome and Chromium? They're not the same thing.
If you compile Chrome yourself, you're not using Chrome, of course (and in particular, some features that this particular security evaluation ticks as positives, like the bundled Flash, will be missing).
(There's the side issue that compiling yourself gives you no particular guarantees either if your compiler is in cahoots with the code you're compiling, but for now the chances of that for Chrome are low.)
You said such features are opt-in!
Especially the file :
$HOME/.config/google-chrome/SingletonLock
Are you a total fucking retard, or just a fanboy? Both, I assume.
The code that they release as open source is not the same code that builds chrome.
Steve Yegge still works at Google, after penning a rant which was well-known enough to be covered on slashdot and wikipedia:
http://en.wikipedia.org/wiki/Steve_Yegge#Accidental_posting
https://plus.google.com/112678702228711889851/posts/eVeouesvaVX
Here's the "aftermath" where not only did nothing bad happen, but some folks listened to him:
https://plus.google.com/110981030061712822816/posts/AaygmbzVeRq
Now, a lot of folks didn't agree with the content of his post or characterization of why things were the way they were. However, there were definitely parts that rang true, and people wanted to share how they were trying to tackle those problems and invite others to join such efforts.
Steve's post also provides a window into how open and vocal the debate is internally at Google.
So, do you think that'd fly at the company you work for? How about at Apple, Microsoft, Amazon, or Facebook?
I have spent time at both Microsoft and Google. For a software engineer both are good places to work IMHO, but there is/was a huge difference in how much the rank and file could speak up regarding company policy. You can't always change things you don't agree with (there are often multiple sides to an issue) but you can usually get them modified for the better.
1) Restart chrome in incognito mode.
2) ???
3) Profit!
-1 overrated isn't the same thing as "I disagree".
Dude, NoScript.
Since Germany is saying that Google Chrome being the most secure browser, I'd like to bring in a journal I posted the other day, FWIW
http://slashdot.org/journal/277313/journal-unscientific-testing-of-browsers
In the test above Mozilla Firefox gave the best result, Google Chrome came a distant 2nd
And an update to my journal above ----
It's been 100 hours since I started that test and only Mozilla Firefox is still running, with 5 taps opened.
Google Chrome stopped running some 80 hours after launch.
Muchas Gracias, Señor Edward Snowden !
Assuming Google doesn't have a "sendCopyOfUsersDataToGoogle()" function buried in the Chrome code base.....which is a very real possibility, Chrome *might* be the most secure browser in that if anyone rapes the user, it will be Google themselves.
If Chrome is that well built, it might be worthwhile to use one of the open source recompilations that check for and remove spy code.
Still, you have to trust that the developers are good enough to spot it.
No PDF reader in Chromium either, and unlike with Firefox I don't think anyone's figured out a way to integrate a non-proprietary one with it.
Security is Confidentiality, Integrity and Availability, among other things. Google Chrome does very very little to protect confidentiality. Therefore it is not secure.
Most browsers are insecure because of design mistakes or implementation mistakes. Chrome was intentionally designed to be insecure.
If Chromium could be trusted, why does SRWare Iron exist?
How is this a troll? For all we know this guy could be a mole planted by the NSA. I'm not touching Chrome with a 10ft pole.
I don't know about you but my browser seems to like freaking out whenever I view pdfs inside of it. Might it not be better to just open it with an external viewer?
Technically I've almost never had Chrome crash either... however, after I leave Chromium open for a few days, every single new page I open or existing page I try and view freezes, a message pops up about the process handling that page not responding, and nothing short of completely restarting it will make it usable again - killing the offending subprocesses does nothing. Also, it used to have a similar bug for ages where after leaving it open for a while every page turned white. Plus, on opening it up again it's essentially unusable for several minutes until every page has loaded - the tab bar is responsive, but every page I turn to strobes white and stays there.
I believe - from having seen other people complain about some or all of them on Slashdot - that these are common bugs. (Oh, and Google Chrome is of course entirely capable of crashing your entire PC, though thankfully I doubt it even tries to enable hardware-accelerated rendering on mine.)
If users have selected Bing or Yahoo! as their default search engine, are 404 correction queries still sent to Google?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Who cares? Why you would want to read PDFs in a browser window when there are standard apps for doing that, is something I'll never understand. If you're a Windows user, just install Foxit and you'll never have to suffer the crap of Acrobat Reader again.
Additionally, they may not rape you now but can easily add the rape function via silent update.
Oh, right, I can disable updates... and that's more secure? Sorry, no it's not.
I only trust browsers that I compile myself -- Before you ask: Yes, I do read through every line of code & diff-logs of updates looking for evilness therein. I'm actually two of those "many eyes" out there that help improve security and fix bugs... I can't compile Chrome, I don't use it. IMHO, I can't trust Chrome -- It has something to hide, or else I would be able to. Maybe that "something" it's hiding isn't malicious. Can you prove it's not? No, you can't. Since alternative open source software with equivalent features exists It would be quite foolish to NOT use them instead... I need to trust the browser when I enter my credit card numbers online, not saying that Chrome isn't trust worthy, just that the alternatives are moreso.
So, Chromium & Firefox, yes... but never will I use Chrome.
haha, kudos.
I read his name as: Davis Drumroll Asshole
There is no "anonymous" when it comes to search phrases and URL. the data in itself can be quite revealing. What's the reasoning behind keeping it around forever? Hubris? Not having anything *actually* interesting to do with HD space? Like, uhm, say, data about the content of public pages, instead of data about your users (talk about dropping the ball real hard). And hey, a simple algorithm to fix common stuff like htt:// or whatever, should be doable quite easily. So what does it need the Google servers for? To check against a list of known URL? Do you really think the benefits outweigh the "costs" of traffic and HD space, not to mention the privacy implications, or you having to basically lie to save face? You come out and call stuff FUD, then talk about opt-in features, which are actually opt-out. What gives? You think you can make up for that by volume of words and condescension? And you even have your astroturf mod posse with you, my oh my, haha.
just because you have given up your valuable privacy does not mean the rest of us want to join you in subservience to your government and corporate masters.
in fact, I think you're a pussy for giving up so easily.
Just because you're paranoid doesn't mean they really are all out to get you.
To have a right to do a thing is not at all the same as to be right in doing it
But there's one significant case where that's not true, isn't there? If I hit a 404, Chrome phones home with the URI I was trying to reach. And what do you do with that data, I wonder?
The horror, the horror.
To have a right to do a thing is not at all the same as to be right in doing it
Aye. And how is bundling Flash an advantage to security? Does it somehow provide security over not having it installed at all?
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Why do people insist on the browser opening PDFs?
Use a browser to browse.
Use a PDF viewer to view PDFs.
Simple. Don't bloat browsers pretending to have the BROWSERS replace desktop applications.
Neither. Who cares? Just get the open source code and compile it. I guess you were too much of a retard to figure that one out huh?
Because people are misinformed. Especially paranoids, apparently.
you always have the latest version installed automatically... most people defer those unnerving update prompts to continue viewing porn with an exploitable version of flash... plus: you can disable flash in crome, too, like any other addon... you don't even have to restart the browser for this to take effect...
It's fascinating... Not too many years ago ./ was a place where technophiles and geeks would share their knowledge... But today, for everyone to see, it's mainly a load of paranoid idiots spreading fud... looks like the (classical) media are doing very well shoving that "google invades your privacy more than a coloscopy invades your anus"-theme down peoples throats... ooooh and how much joy most people get from giving this deep-throat to the (classical) media...
but hey... nevermind... why thinking on your own when there's other people who willingly take this burden from you, right? after all: the media's main interest is to properly inform you so you make clever choices... they don't have lobby interests, right? why would they, after all?
right... hopefully there'll comes a time when taking all too shitty fud for granted and even spreading it significantly shortens once life-span...
paranoia is a medical condition... just saying...
*colonoscopy...
Use the mozplugger package - then it automatically embeds an instance of okular (or whatever PDF reader you use).
Most human behaviour can be explained in terms of identity.
These days, a fair few links I open on the web turn out to be PDFs for whatever reason and it's a lot more convenient to view them in a browser tab than having to open a seperate application with another window.
If a lot of files you click en up being DOCX, will you expect chorme and firefox to open DOCX as well?
I download a los of tar.gz files. Maybe I should expect firefox to untar them for me as well.
Thankfully, most websites haven't started casually expecting people to be able to open DOCX files in the same way that they do PDF files. What's more, Chrome seems to be worse about viewing files in external programs than Firefox - either I let random websites dump whatever files they like in my download directory with no prompt first (that's the default) or I have to mess about waiting for a save dialog to open and save them to disk manually and then open them. Unlike Firefox, Chrome doesn't give you the option to just open the file with an external program without downloading it somewhere permanent first.