Što Brave uklanja iz Chromium sustava? Follow
(Napomena: Ova stranica je u izradi i može biti često ažurirana)
Brave for desktop is built on top of the open-source Chromium project. Dodajemo značajke na temelj onoga što već postoji te također uklanjamo značajke ili dijelove koda. Te izmjene koje radimo, a koje dodiruju temeljni Chromium kod, vrše se putem zakrpa.
Chromium nije isto što i Google Chrome. For some differences, see https://chromium.googlesource.com/chromium/src/+/master/docs/chromium_browser_vs_google_chrome.md.
Kako to funkcionira
If you wanted to do an audit of the code, you would start with the brave-browser repository. Our wiki has instructions about what steps need to be done to perform a build after cloning the source
Chromium izvor se preuzima
Alat gclient (dio alata za skladištenje) će preuzeti službeni Chromium izvorni kod. The tag that is fetched is captured in our package.json(for example,70.0.3538.35). All of the source code will be downloaded into the./src/folder
Preuzima se Brave kod
Kao dio postupka postavljanja, također preuzimamo vlastiti kod. The brave-core repository has the code that makes the browser Brave. The branch that should be checked out is also contained in that package.json. There is also a DEPS file in brave-core that pulls in sub-dependencies (such as the brave-extension)
Hookovi se pokreću
Nakon što se gclient sinkronizira i preuzme sav kod (uključujući brave-core), hookovi se pokreću. Jedan od pokrenutih hookova primjenjuje zakrpe (koje možete vidjeti ovdje) koje su sadržane u brave-core. If you'd like to know more details about HOW the patching works, you can view our patching wiki page.
Koje Chromium značajke su uklonjene iz razloga privatnosti/sigurnosti?
Usluge & Značajke koje potpuno onemogućujemo
- Chrome Privacy Sandbox. There are several APIs bundled together in Privacy Sandbox and we aim to disable all given our concerns.
- Integracija Google računa ("GAIA") je onemogućena
- Sve značajke koje šalju podatke Googleu uklonjene su iz postavki
- DNS predmemoriranje je onemogućeno
- Google URL Tracker za Chrome je onemogućen
- Pouzdanost domena je onemogućena
- Inline proširenja su onemogućena
- Sinkronizacija u pozadini je onemogućena
- Hyperlink
pingattribute is disabled - Onemogući Battery API
- Onemogući WebBluetooth API
- WebRTC prijenos zapisnika o uklanjanju pogrešaka je onemogućen
- Prijenos postavki nakon resetiranja profila je onemogućen
- Preuzimanje zadane OEM postavke nakon resetiranja profila je onemogućeno
- Prijenos zapisnika o padu sustava je onemogućen
- Google Cloud Messaging je onemogućen
- Firebase Cloud Messaging je onemogućen
- Ažuriranja Push klijentskog kanala su onemogućena
- Praćenje mrežnog vremena je onemogućeno
- Google asistirana normalizacija adresa je onemogućena
-
Specific features are disabled on startup via the CLI (search for
disabled_features) - Ukloni dl.google.com spremište iz Linux paketa
- Onemogući izvještavanje o metriki
- Onemogući prijedloge za navigaciju sličnim URL-ovima
- Onemogući Reporting Observers i Reporting API
- Onemogući Scroll To Text Fragment
- Onemogući senzore pokreta
- Onemogući navigator.credentials
- Onemogući Android OTP integraciju
- Onemogući SXG
- Onemogući NFC
- Onemogući WebBundles
- Onemogući Client Hints (lang)
- Onemogući izravne/sirove utičnice
- Onemogući otkrivanje neaktivnosti
- Onemogući okidače za obavijesti
- Onemogući API za datotečni sustav
- Onemogući Digital Goods API
- Onemogući Serial API
- Onemogući Federated Learning of Cohorts (FLoC)
- Onemogući Network Information API
- SCT auditing
- Site affiliation fetcher (part of the password manager)
- Disables kOptimizationGuideFetchingForSRP
- Disable Web Environment Integrity
- Disable Popular Sites (AKA Top Sites)
- Disable Trust Tokens / Private State Tokens
Usluge koje proksimiziramo kroz Brave servere
Google ne prima nikakve informacije o tome koji klijent izvršava ove zahtjeve (čak ni vašu IP adresu).
- SafeBrowsing zahtjevi su proksimizirani
- Geolokacijski zahtjevi su proksimizirani
- Ažuriranja dodataka su proksimizirana
- Zahtjevi za opoziv potvrda se prosljeđuju
- Zahtjevi za CRLSetove se prosljeđuju
- Zahtjevi za ažuriranja komponenti se prosljeđuju
- Zahtjevi za rječnike za provjeru pravopisa se prosljeđuju
- Zahtjevi u programskim alatima se prosljeđuju
- Requests for Search Engine page favicon (Android) are proxied
Proslijeđena odredišta
https://dl.google.com/release2/chrome_component/*crl-set*https://*.gvt1.com/edgedl/release2/chrome_component/*https://*.gvt1.com/edgedl/chrome/dict/*.bdichttps://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxdhttps://safebrowsing.googleapis.com/https://sb-ssl.google.com/https://safebrowsing.google.comhttps://ssl.gstatic.comhttps://gstatic.comhttps://update.googleapis.comhttps://chrome-devtools-frontend.appspot.comhttps://clients2.googleusercontent.comhttps://clients2.google.comhttps://clients4.google.comhttps://chrome-devtools-frontend.appspot.comhttps://accounts.google.comhttps://*.infura.iohttps://*.gvt1.com/edgel/chromewebstore/*/*https://*.gvt1.com/edgedl/release2/*/*http://dl.google.com/release2/*/*
Izmijenjene značajke i funkcionalnost
-
Cookies:
- Cookies are given a maximum lifetime of 7 days for cookies set through Javascript and 6 months for cookies set through HTTP
- Session Cookies are cleaned up on restart if "Continue where you left off" mode is enabled (which is default in Brave).
- Third-party cookies are always blocked at the HTTP header level, but we give JavaScript access to partitioned ephemeral storage to pages (learn more about partitioned ephemeral storage).
- The Battery API always returns a fixed value.
- Referrer values are capped to
strict-origin-when-cross-originand can only be tightened by referrer policy, not weakened. In addition, cross-origin requests from a.onionservice have an emptyRefererheader and anullOriginheader just like the Tor Browser. -
.onionentries are replaced with"null"indocument.location.ancestorOrigins()unless such entries are same-origin with the innermost frame. - Hangouts extension is disabled by default. We also disable log uploading to Google's servers: https://github.com/brave/brave-browser/issues/1993.
- Media Router (Chromecast) je onemogućen prema zadanim postavkama na stolnim računalima. Možete ga uključiti prebacivanjem prekidača u brave://settings.
- Daljinska zaštita preuzimanja izostavlja URL-ove i nazive datoteka (https://github.com/brave/brave-core/pull/6763).
- StorageManager.estimate izvještava o fiksnoj vrijednosti (problem #11543)
- Mnoge značajke imaju dodanu nasumičnost ili generalizirane vrijednosti kao obranu od otiska prstiju, uključujući:
- The list of hostnames with pinned CA certificates is replaced with a Brave-specific one.
- Vraćanje zahtjeva pokretač gesta za asinhroni pristup za pisanje u međuspremnik
- Dangerous download warnings are always shown when Safe Browsing is OFF, but a flag to disable the warnings is available for advanced users.
- Functionality from the Chromium side panel has been merged into the Brave Sidebar.
- Web Serial API is OFF but a flag to enable is available for advanced users.
- Enhanced the geolocation permission dialog to inform the user whether the site they are visiting has requested location data with the
enableHighAccuracyoption. - Reporting Observers are enabled but don't work (calling will no-op). See here for where it was disabled and see here for where it was re-enabled but made to do nothing.
- Open Search adding engines has a toggle (
Index other search engines) and is disabled by default. - Access to Storage Access API is disabled in Brave by always rejecting the permission request.
- When group policy is in place, Brave does NOT disable secure DNS. Chrome/Chromium will disable secure DNS in the UI and force the administrator to define a policy if they want a value other than
Off. See here and here.
Komentari
Some of the above (along with other issues) were previously tracked in https://github.com/brave/brave-browser/issues/13.
Možda ćete primijetiti neke zahtjeve za Google domene. Some of these, such asclients*.google.com and update.googleapis.com are needed to check for extension updates if you installed extensions.
Kako Brave uspoređuje s ungoogled-chromium?
Description of ungoogled-chromium, per their GitHub page:
ungoogled-chromium je Google Chromium, bez integracije s Googleom. It also features some tweaks to enhance privacy, control, and transparency(almost all of which require manual activation or enabling).
We have an issue captured for pulling in relevant patches from theungoogled-chromiumproject. Theungoogled-chromiumproject similarly has an issue captured where they mention pulling in patches from Brave.