Apa yang dihapus Brave dari mesin Chromium? Ikuti
(Perhatikan bahwa halaman ini sedang dalam proses pekerjaan dan mungkin akan sering diperbarui)
Brave for desktop is built on top of the open-source Chromium project. Kami menambahkan fitur di atas apa yang sudah ada dan kami juga menghapus fitur atau bagian dari kode. Deviasi yang kami buat yang menyentuh kode inti Chromium dilakukan melalui patching.
Chromium tidak sama dengan Google Chrome. For some differences, see https://chromium.googlesource.com/chromium/src/+/master/docs/chromium_browser_vs_google_chrome.md.
How it works
If you wanted to do an audit of the code, you would start with the brave-browser repository. Our wiki has instructions about what steps need to be done to perform a build after cloning the source
Source Chromium diambil
Utility gclient (bagian dari depot tools) akan mengambil kode sumber resmi Chromium. The tag that is fetched is captured in our package.json(for example,70.0.3538.35). All of the source code will be downloaded into the./src/folder
Kode Brave diambil
Sebagai bagian dari proses setup, kami juga mengambil kode kami sendiri. The brave-core repository has the code that makes the browser Brave. The branch that should be checked out is also contained in that package.json. There is also a DEPS file in brave-core that pulls in sub-dependencies (such as the brave-extension)
Hooks dijalankan
Setelah sinkronisasi gclient berjalan dan mengambil semua kode (termasuk brave-core), hooks dijalankan. Salah satu hooks yang berjalan menerapkan patches (yang dapat Anda lihat di sini) yang terdapat di brave-core. If you'd like to know more details about HOW the patching works, you can view our patching wiki page.
Fitur Chromium apa yang dihapus untuk alasan privasi/keamanan?
Layanan & Fitur yang Kami Nonaktifkan Sepenuhnya
- Chrome Privacy Sandbox. There are several APIs bundled together in Privacy Sandbox and we aim to disable all given our concerns.
- Integrasi akun Google ("GAIA") dinonaktifkan
- Semua fitur yang mengirim data ke Google dihapus dari pengaturan
- Pramuat DNS dinonaktifkan
- Tracker URL Google Chrome dinonaktifkan
- Keandalan layanan domain dinonaktifkan
- Ekstensi inline dinonaktifkan
- Sinkronisasi latar belakang dinonaktifkan
- Hyperlink
pingattribute is disabled - Nonaktifkan Battery API
- Nonaktifkan WebBluetooth API
- Pengunggahan log debug WebRTC dinonaktifkan
- Pengunggahan pengaturan setelah mengatur ulang profil dinonaktifkan
- Pengambilan pengaturan default OEM setelah mengatur ulang profil dinonaktifkan
- Pengunggahan log crash penelusuran dinonaktifkan
- Google Cloud Messaging dinonaktifkan
- Firebase Cloud Messaging dinonaktifkan
- Pembaruan saluran klien push dinonaktifkan
- Pelacak waktu jaringan dinonaktifkan
- Normalisasi alamat yang dibantu Google dinonaktifkan
-
Specific features are disabled on startup via the CLI (search for
disabled_features) - Hapus repositori dl.google.com dari paket Linux
- Nonaktifkan pelaporan metrik
- Nonaktifkan Saran Navigasi URL Serupa
- Nonaktifkan Observers Pelaporan dan Reporting API
- Nonaktifkan Scroll To Text Fragment
- Nonaktifkan Motion Sensors
- Nonaktifkan navigator.credentials
- Nonaktifkan integrasi Android OTP
- Nonaktifkan SXG
- Nonaktifkan NFC
- Nonaktifkan WebBundles
- Nonaktifkan Client Hints (lang)
- Nonaktifkan Direct / Raw Sockets
- Nonaktifkan Idle Detection
- Nonaktifkan Notification Triggers
- Nonaktifkan File System API
- Nonaktifkan Digital Goods API
- Nonaktifkan Serial API
- Nonaktifkan Federated Learning of Cohorts (FLoC)
- Nonaktifkan Network Information API
- SCT auditing
- Site affiliation fetcher (part of the password manager)
- Disables kOptimizationGuideFetchingForSRP
- Disable Web Environment Integrity
- Disable Popular Sites (AKA Top Sites)
- Disable Trust Tokens / Private State Tokens
Layanan yang Kami Proxy Melalui Server Brave
Google tidak menerima informasi apa pun tentang klien mana yang melakukan permintaan ini (bahkan alamat IP Anda).
- Permintaan SafeBrowsing diproksi
- Permintaan geolokasi diproksi
- Pembaruan plugin diproksi
- Permintaan pencabutan sertifikat diproksi
- Permintaan untuk CRLSets diproksi
- Permintaan untuk pembaruan komponen diproksi
- Permintaan untuk kamus pemeriksa ejaan diproksi
- Permintaan di devtools diproksi
- Requests for Search Engine page favicon (Android) are proxied
Titik akhir yang diproksi
https://dl.google.com/release2/chrome_component/*crl-set*https://*.gvt1.com/edgedl/release2/chrome_component/*https://*.gvt1.com/edgedl/chrome/dict/*.bdichttps://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxdhttps://safebrowsing.googleapis.com/https://sb-ssl.google.com/https://safebrowsing.google.comhttps://ssl.gstatic.comhttps://gstatic.comhttps://update.googleapis.comhttps://chrome-devtools-frontend.appspot.comhttps://clients2.googleusercontent.comhttps://clients2.google.comhttps://clients4.google.comhttps://chrome-devtools-frontend.appspot.comhttps://accounts.google.comhttps://*.infura.iohttps://*.gvt1.com/edgel/chromewebstore/*/*https://*.gvt1.com/edgedl/release2/*/*http://dl.google.com/release2/*/*
Fitur dan Fungsionalitas yang Dimodifikasi
-
Cookies:
- Cookies are given a maximum lifetime of 7 days for cookies set through Javascript and 6 months for cookies set through HTTP
- Session Cookies are cleaned up on restart if "Continue where you left off" mode is enabled (which is default in Brave).
- Third-party cookies are always blocked at the HTTP header level, but we give JavaScript access to partitioned ephemeral storage to pages (learn more about partitioned ephemeral storage).
- The Battery API always returns a fixed value.
- Referrer values are capped to
strict-origin-when-cross-originand can only be tightened by referrer policy, not weakened. In addition, cross-origin requests from a.onionservice have an emptyRefererheader and anullOriginheader just like the Tor Browser. -
.onionentries are replaced with"null"indocument.location.ancestorOrigins()unless such entries are same-origin with the innermost frame. - Hangouts extension is disabled by default. We also disable log uploading to Google's servers: https://github.com/brave/brave-browser/issues/1993.
- Media Router (Chromecast) dinonaktifkan secara default di Desktop. Anda bisa mengaktifkannya dengan mengalihkan sakelar di brave://settings.
- Pemeriksaan jarak jauh perlindungan unduhan tidak menyertakan URL dan nama file (https://github.com/brave/brave-core/pull/6763).
- Membuat laporan StorageManager.estimate dengan nilai tetap (isu #11543)
- Banyak fitur memiliki keacakan ditambahkan atau nilai digeneralisasi sebagai pertahanan terhadap fingerprinting, termasuk:
- Metode readback Canvas
- User Agent, follow ups in issues #12097, #12638, #14740
- enumerateDevices
- Serialisasi Web Audio
- Debug WebGL
- Plugin
- hardwareConcurrency
- deviceMemory
- The list of hostnames with pinned CA certificates is replaced with a Brave-specific one.
- Kembalikan persyaratan gestur untuk akses tulis clipboard asinkron
- Dangerous download warnings are always shown when Safe Browsing is OFF, but a flag to disable the warnings is available for advanced users.
- Functionality from the Chromium side panel has been merged into the Brave Sidebar.
- Web Serial API is OFF but a flag to enable is available for advanced users.
- Enhanced the geolocation permission dialog to inform the user whether the site they are visiting has requested location data with the
enableHighAccuracyoption. - Reporting Observers are enabled but don't work (calling will no-op). See here for where it was disabled and see here for where it was re-enabled but made to do nothing.
- Open Search adding engines has a toggle (
Index other search engines) and is disabled by default. - Access to Storage Access API is disabled in Brave by always rejecting the permission request.
- When group policy is in place, Brave does NOT disable secure DNS. Chrome/Chromium will disable secure DNS in the UI and force the administrator to define a policy if they want a value other than
Off. See here and here.
Komentar
Some of the above (along with other issues) were previously tracked in https://github.com/brave/brave-browser/issues/13.
Anda mungkin akan melihat beberapa permintaan ke domain Google. Some of these, such asclients*.google.com and update.googleapis.com are needed to check for extension updates if you installed extensions.
Bagaimana Brave dibandingkan dengan ungoogled-chromium?
Description of ungoogled-chromium, per their GitHub page:
ungoogled-chromium adalah Google Chromium, tanpa integrasi dengan Google. It also features some tweaks to enhance privacy, control, and transparency(almost all of which require manual activation or enabling).
We have an issue captured for pulling in relevant patches from theungoogled-chromiumproject. Theungoogled-chromiumproject similarly has an issue captured where they mention pulling in patches from Brave.