Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google Chrome vs. Modded Browsers

CODYQX4

By CODYQX4
in Security & Privacy Center

Recommended Posts

CODYQX4

CODYQX4

Posted
Posted

I've got a pretty solid setup going on, and from what I've seen these browsers like SRWare Iron aren't as advanced as they say.

As I understand, Aviator is one of the better ones (I haven't tried Comodo but it is Windows Only whereas Aviator is cross platform).

My quick experience of Aviator was the following:

  • Defaults to Incognito (You can do this with a command line switch).
  • Incognito has a "Protected" thing in the Omnibar and has been renamed "Protected" with normal browsing called "Unprotected"
  • Disconnect and PDV Viewer extension pre-installed. You can get them easy on Chrome Web Store.
  • Makes DuckDuckGo the default search engine, nothing special.
  • 3rd Party Cookies blocked by default, and clear on exit by default (just simple boxes to check)
  • No Chrome Sync at all
  • No Continue where you left off option
  • No options for spelling service, crash reports, or "OK Google". The latter is because it is built on an older Chrome I guess.
  • Click to Play by default (Chrome C2P is vastly inferior to filtering via HTTP Switchboard though)
  • Referer hidden by default, with the ability to whitelist sites. (This is inferior to using Referer Control however, because for sites that break by hiding referer, I can use that to have more control and just always tell the site it is the referer if needed.)
  • Ability to save passwords separate in Normal and Igcognito (as in diasble saving in one but not the other, or both or neither). However Chrome PW Management is insecure as hell and you are better using LastPass/1Password or something similar.
  • Notify on close option.
  • Notify on Keychain Access (I use OS X to see the latter).
  • Connection Control. Now this is what I'd like to have on normal Chrome.

The bolded are the only things I don't have or can't get at the moment. Otherwise I'd find it better to configure a Chrome profile with the equivalent config.

Maybe I can post in more detail if anyone is interested in my Chrome setup.

Does anyone know of a Chrome extension that can do the Connection Control? I have Hands Off! for OS X which could be used to block the Chrome App itself, I guess.

The Connection Control reminds me of some of the ABE features of NoScript. I've never customized that but the default part blocks websites from connecting to local resources (unless they are local websites).

Link to comment
Share on other sites
  • Replies 17
  • Views 3.3k
  • Created
  • Last Reply
spudboy

spudboy

Posted
Posted

There's a great extension called Firefox. Just sayin'. You're concerned with all of this privacy/control stuff but are using a Google product?

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
  • Author
Posted

....

As I understand, Aviator is one of the better ones ....

Have you ever tried it yourself, or simply write ad text?

Ps. I'm tried.

https://www.whitehatsec.com/aviator/

Yes, very briefly. It doesn't live up to the hype to me.

PS: I say it is better because all Iron does is force disable things that you can disable without having to use a forked Chromium. It really doesn't do anything special. Aviator at least has some featured modded in.

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
  • Author
Posted

There's a great extension called Firefox. Just sayin'. You're concerned with all of this privacy/control stuff but are using a Google product?

I have it as well, with a lot of privacy stuff as well on it, but it just doesn't feel as nice to use as Chrome.

I've got a lot setup, but as long as I use Gmail, Google has a hook in me whether I use Chrome or Firefox. No extension denies them the ability to read my email because it is on their server.

I've recently upped my Chrome privacy game after I relied on Firefox NoScript+RequestPolicy for more secure browsing. I was able to get what I wanted out of that

I hope somehow we get end to end encrypted email that works for everyone, but for that to really work out it would have to consume the current system of email, all those old servers as well.

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
  • Author
Posted

I gave Comodo Dragon a spin in a VM.

It has the Start in Incognito option as well, a toggle for extra malware protection (this is just their Secure DNS for Dragon only), some slightly tweaked proxy settings, and a referer toggle (with no option to whitelist, which is bad because I've had sites break and I just lie to them and spoof that site as the refer for that site, with the Referer Control extension).

It has a clear content on exit, but that I have a "Privacy manager" extension for.

Their PrivDog is kinda inferior as it is just global on or off, and they have some variant of HTTPS Everywhere baked in.

It is also based on Chrome 33, to hell with that.

Only thing I saw as unique is their "Virtual Mode" but that requires you use Dragon AND CIS.

Link to comment
Share on other sites
Nastrahl

Nastrahl

Posted
Posted

I gave Comodo Dragon a spin in a VM.

It has the Start in Incognito option as well, a toggle for extra malware protection (this is just their Secure DNS for Dragon only), some slightly tweaked proxy settings, and a referer toggle (with no option to whitelist, which is bad because I've had sites break and I just lie to them and spoof that site as the refer for that site, with the Referer Control extension).

It has a clear content on exit, but that I have a "Privacy manager" extension for.

Their PrivDog is kinda inferior as it is just global on or off, and they have some variant of HTTPS Everywhere baked in.

It is also based on Chrome 33, to hell with that.

Only thing I saw as unique is their "Virtual Mode" but that requires you use Dragon AND CIS.

Well in fact it's a CIS feature and it's compatible with any browser. Just type safe://http://www.whateveryouwant.com then it will open a new window with the browser virtualized and the page wanted.

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
  • Author
Posted

Have you tried CyberDragon browser? It's very interesting for privacy concious people. It's only portable atm I believe.

http://sourceforge.net/projects/cyberdragonbrowser/

As for extensions Http Switchboard is a powerful blocker of scripts,adds etc etc. Very good B)

https://github.com/gorhill/httpswitchboard

I'm an avid user of HTTP Switchboard, and a big reason why I stay Chrome.

To me it is NoScript+RequestPolicy (NoScript has some other features besides script blocking and Click 2 Play, but this nails the script blocking) in one, and the management I have to do in Firefox across several addons as opposed to one Chrome addon is insufferable and conflict prone.

Something NoScript has, that I want, is Script Surrogates. I have seen sites break without Google Analytics. With NoScript, even if you allow GA, it mods the script to mask you.

I've heard Ghostery has some, but I have a bunch of blockers and I'm not a big fan of Ghostery and it is made by an advertising company.

Link to comment
Share on other sites
avmad

avmad

Posted
Posted

It can be infuriating to use if you don't know whats preventing the page loading properly :D

I use the Chinese 360 browser (as a 2nd choice to Palemoon) occasionally, only because it works with all programs I like to use. Most don't.

I found Comodo's browser used to get really slow after a while and just stop responding until it was restarted. Happened way too often for me.

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
  • Author
Posted

My Configuration

OS

  • OS X Mavericks 10.9.4
  • FileVault Enabled
  • CyberGhost VPN the OS and Windows Virtual Machines
  • Squid Proxy to "share" the VPN with other LAN devices
  • Hands Off! (Can Firewall Network Permissions and Deny Writing to Folders on an app basis. Really though I'm using this to block apps phoning home for now)
  • Block Flash Player from storing anything

Google Chrome

  • General Configuration and Guidelines
    • Encrypt Google Sync with other passphrase
    • Don't Sync Bookmarks (It FUBARs them if you use Xmarks beyond all help)
    • Send Do Not Track Request
    • Enable Phishing and Malware Protection
    • Disable Autofill and Password Save (Chrome is insecure with this as compared to 1Password/LastPass)
    • Don't make and changes to the Privacy part of Chrome settings. This is all handle by extensions. I did allow Microsft to do multi-downloads, but you don't want to disable JS here, or block cookies, or even Click 2 Play (because HTTP Switchboard handles all this better).
    • Make any password on the web as complex as possible using a Password Manager. 2FA everything that you can, but I have little faith in SMS based so I skip that.
  • Active Extensions
    • 1Password
    • APK Downloader (with GSF ID from Android x86 4.4 VM)
    • Authy (2FA on everything I can using this)
    • Authy Chrome Extension (Open Authy App)
    • AutoPager Chrome
    • Better Battlelog
    • BugMeNot Lite
    • Checker Plus for Gmail
    • Checker Plus for Google Calendar
    • Disconnect (Basically useless here, see Disconnect, should disable anti tracking. It does have an email hider built in that I use)
    • Disconnect Privacy Icons
    • Disconnect Search (use Google search but remain anonymous)
    • DoNotTrackMe (Basically useless here, should disable. It is useless because of HTTP Switchboard blocks everything by default instead of using the blacklist)
    • Extension Update Notifier
    • FB Purity (for those times I have no choice but to deal with FB. I needed an account to do FB App dev stuff for websites).
    • Folx (Download Catcher, Folx is closest OS X thing to IDM, and is still inferior).
    • HTTP SwitchBoard
      • Configure it to block everything but CSS and Images by default. EVERYTHING else gets blocked. This is like having NoScript and RequestPolicy.
      • Configure all sites you browser with the bare minimum to function, and try and stick to Domain Level scope (I find Site Level unneeded, and I reserve Global Scope for things like allowing YouTube everywhere)
      • Disable EVERYTHING in Ubiquitous rules. uBlock does all this and has been updated more than HTTP Switchboard.
      • The dev is working on this, but it still needs some polish. You have to put global rules into the domain scopes. You can make it auto create scopes, but they only get created if they don't exist. I wanted my global to be in 100% sync with domain, so I constantly export, add in a text editior, etc. The result of this redundancy makes me have a reported 12K rules, because the Global Scope is repeated over a good 200 domain scopes.
    • HTTPS Everywhere
    • IP Country Domain Flag
    • JSONView and JSONLint for Chrome
    • LastPass
    • MEGA (Local JS Extension)
    • Privacy Manager
      • Allow Safe Browsing
      • Allow Translations
      • Allow Referer (Deal with Referer elsewhere)
      • Allow 3rd Party Cookies (HTTP Switchboard gives me absolute control, so all this does is give an annoying cookies blocked icon in the omnibar)
      • Everything else is Disabled
      • Don't Delete anything on startup.
      • DO NOT USE to block User-Agent or Referer (The latter is handled with Referer Control. The former can be spoofer by HTTP Switchboard)
    • Reddit Enhancement Suite
    • Referer Control (Block Referers unless things go wrong, then send the site it's own referer if they do)
    • RSS Subscription Extension (by Google)
    • Search by Image (by Google)
    • Stylish (Mainly fix up sites who look weird with their ads blocked)
    • TamperMonkey
      • Anti AdBlock Killer
      • Adware Atomizer
      • Disable Google Country Redirect (Modded Script by me from Google NCR to stop my VPN sending me elsewhere)
      • Mega.co.nz Link Checker
      • URL Shortener Unshortener MOD (Modded Script by me to reveal full links, more options, manually add, etc)
      • W.A.R. Link Checker Customized Premium (same dev as Mega.co.nz Link Checker)
      • YouTube Center
      • YouTube Link Title
    • TinEye Reverse Image Search
    • WOT
    • Xmarks
    • uBlock
      • Parse and Enforce Enabled
      • Enable ALL Lists except Regional (don't use any of these)
      • Manually add Adblock Warning Removal List
      • You'll do whatever further filters and whitelisting here as this is the AdBlocker part.
Link to comment
Share on other sites
darko999

darko999

Posted
Posted

I'm stick to Pale Moon 64 bits Accel build since it runs at least twice times faster than FF. It's native 64 bit browser and is more secure and stable than anything I have tried before, as far as like 8 months I can't put there any issues.

Link to comment
Share on other sites
  • 3 weeks later...
  • 4 months later...
steven36

steven36

Posted
Posted

The part about WebRTC is outdated WebRTC Block not working anymore.

I see some have reported to Chromium to fix it.

UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Steps to reproduce the problem:1. Visit ipleak.net or https://diafygi.github.io/webrtc-ips/2. See your real IP even though you may be behind VPN or other corporate security firewallsWhat is the expected behavior?I would expect to go into chrome settings and disable webrtc (any other plugins that come with chrome) so that there will be no ip leakage.What went wrong?I use my corporate VPN and I would like to continue using chrome; however, with this new webrtc thing, websites that use such script can see my real IP which is not secure for us. I would kindly ask the developers to give us options to disable such thing.Did this work before? N/A Chrome version: <Copy from: 'about:version'>  Channel: stableOS Version: 40Flash Version: Copying from my forum post:Due to my line of work (international exchanges), I have to use my corporate vpn and I don't want anyone to see our original IP to prevent any scans/attacks etc. However, with the latest chrome updates, it is impossible to block webrtc which reveals the real IP address!The extension option: there is this webrtcblock extension for chrome but it does not work anymore (see ipleak.net). Some people suggest using that scriptsafe extension but it's terrible. If you use that scriptsafe then it blocks all scripts from all sites and you end up "allow"ing or "trust"ing all the sites to see their basic content like catpcha modules - this totally negates what the extension was trying to do in the first place. With that extension, I can't even view the developer's own website!Try another browser option: I do not want to use firefox or others. Tried it, done that, moved on.The question is: are you (Google Chrome developers) working on an update that will allow people like me to disable webrtc?Thanks,Josh
Marking as 'Untriaged' as this is a 'New Feature' request.Thank you!

https://code.google.com/p/chromium/issues/detail?id=457492

Link to comment
Share on other sites
  • 1 month later...
steven36

steven36

Posted
Posted

Slimjet Chromium browser provides a built-in option to disable webrtc..



RvgWsm2.png



Tu3AMNG.png


Nothing shows up :showoff:

Link to comment
Share on other sites
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...