forked from bromite/bromite
-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
102 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +1,36 @@ | ||
# Bromite - Take back your browser | ||
<a href="https://github.com/bromite/bromite/releases/latest"> | ||
### **** Work in progess **** | ||
|
||
# Cromite (a Bromite fork) - Take back your browser | ||
<a href="https://github.com/uazo/cromite/releases/latest"> | ||
<img src="https://www.bromite.org/release.svg" alt="current Bromite release" title="current Bromite release" /> </a> | ||
<a href="https://github.com/bromite/bromite/blob/master/LICENSE"> | ||
<img src="https://www.bromite.org/license.svg" alt="GNU GPL v3" title="GNU VPL v3" /> | ||
</a> <br> | ||
<a href="https://www.bromite.org"> | ||
<img title="Bromite - take back your browser!" src="https://www.bromite.org/android-icon-192x192.png" width="96" alt="Bromite" /> | ||
<a href="https://www.cromite.org"> | ||
<img title="Cromite - take back your browser!" src="https://www.cromite.org/app_icon.png" width="96" alt="Bromite" /> | ||
</a> | ||
|
||
Bromite is a [Chromium](https://www.chromium.org/Home) fork with support for ad blocking and enhanced privacy. | ||
|
||
Bromite is only available for Android Marshmallow (v6.0, API level 23) and above. | ||
Cromite is a [Chromium](https://www.chromium.org/Home) fork based on [Bromite](https://github.com/bromite/bromite) with built-in support for ad blocking and an eye for privacy. | ||
|
||
<img src="https://fdroid.bromite.org/fdroid/bromite_bromite_gh_downloads.svg" alt="Downloads on Github" title="Downloads on Github" /> | ||
Cromite is available for Android Marshmallow and above (v6.0, API level 23) and Windows. | ||
|
||
For the Frequently Asked Questions see [F.A.Q.](./FAQ.md). | ||
|
||
For documentation see the [wiki](https://github.com/bromite/bromite/wiki). | ||
|
||
# Goals | ||
|
||
Bromite aims at providing a no-clutter browsing experience without privacy-invasive features and with the addition of a fast ad-blocking engine. | ||
Minimal UI changes are applied to help curbing the idea of "browser as an advertisement platform". | ||
|
||
# Donate | ||
|
||
Please donate to support development of Bromite and the costs for the build system. | ||
|
||
[→ Support development with a donation](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JP3XTQPVRNET2): [![paypal](https://www.bromite.org/assets/img/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JP3XTQPVRNET2) | ||
|
||
<a href="bitcoin:bc1qlx7h0lj9z88g2xfeuwsrtfs77sxuhrxf2t28sw">BTC donations address</a>: `bc1qlx7h0lj9z88g2xfeuwsrtfs77sxuhrxf2t28sw` | ||
Cromite's goal is to | ||
- limit the features built into the browser that can be used as a platform for tracking users' habits, and, if it is not technically possible, disable them and leave it up to the user to choose whether to re-enable them | ||
- limit the close integration between the browser and its manufacturer | ||
- not let the excellent research work done by csagan5 with Bromite be lost | ||
|
||
ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6` | ||
In addition, Cromite would like to promote greater integration with other non-profit, open source browsers, encouraging closer collaboration with others, and attempt to integrate them directly into Chromium once they have reached an appropriate level of maturity. | ||
|
||
# Features | ||
|
||
* customizable adblock filters via user-provided URL (see https://www.bromite.org/custom-filters) | ||
#### Derived from Bromite | ||
* customizable adblock filters via user-provided URL (see https://www.bromite.org/custom-filters) (deprecated, replaced by adblock plus) | ||
* automatically updated adblock filters | ||
* remove click-tracking and AMP from search results | ||
* DNS-over-HTTPS support with any valid IETF DoH endpoint | ||
|
@@ -44,20 +39,18 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6` | |
* disable smart search by default, allow web search from incognito mode | ||
* always-visible cookies, javascript and ads site settings from address bar popup | ||
* remove Play integration binary blobs | ||
* use [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) on all architectures except x86 | ||
* use [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) on all architectures except x86 and Windows | ||
* enable trivial auto var init | ||
* disable media router and remoting by default | ||
* disable dynamic module loading | ||
* show warnings for TLSv1.0/TLSv1.1 pages | ||
* enable site-per-process isolation for all devices with memory > 1GB | ||
* completely remove safe browsing and other privacy-unfriendly features | ||
* [proxy configuration page](https://github.com/bromite/bromite/wiki/ProxyConfiguration) with PAC and custom proxy lists support | ||
* settings to disable custom intents and clear session on exit | ||
* flags to toggle anti-fingerprinting mitigations for canvas, audio, client rects, webGL and sensor APIs (see full list below for all the new flags) | ||
* use frozen User-Agent to conceal real model and browser version | ||
* privacy enhancement patches from [Iridium](https://iridiumbrowser.de/), [Inox patchset](https://github.com/gcarq/inox-patchset), [Brave](https://brave.com/) and [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium) projects | ||
* security enhancement patches from [GrapheneOS](https://github.com/GrapheneOS) project | ||
* disable scroll-to-text-fragment | ||
* reduced referer granularity | ||
* block gateway attacks via websockets (partial fix, see [this upstream issue](https://bugs.chromium.org/p/chromium/issues/detail?id=590714)) | ||
* use 64-bit ABI for webview processes | ||
|
@@ -85,10 +78,73 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6` | |
* disable idle detection | ||
* HTTPS-only mode enabled by default | ||
* disable TLS resumption by default | ||
* partition DoH requests by top-frame NIK | ||
* strict site isolation and strict origin isolation | ||
* partition blobs by top frame URL | ||
|
||
#### Cromite-specific features | ||
|
||
* Built-in Adblock Plus [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Eyeo-Adblock-Remove-Privacy-Issues.patch) (issue [84](https://github.com/uazo/bromite-buildtools/issues/84)) | ||
* policy browser patch for the use of enterprise policy [patch](https://github.com/uazo/bromite/blob/master/build/patches/00add-browser-policy.patch) (issue [191](https://github.com/uazo/bromite-buildtools/issues/191)) | ||
- deactivate safe browsing and extended reporting | ||
- disabled scroll-to-text-fragment | ||
- disabled contextual search | ||
- disabled media router | ||
- disabled url keyed anonymized data collection | ||
- disabled translate | ||
- disabled network prediction | ||
- disabled sign-in | ||
- disabled google search side panel | ||
- disabled automatic https upgrades | ||
* internal firewall to block all unauthorised calls made from the browser [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Internal-firewall.patch) (issue [147](https://github.com/uazo/bromite-buildtools/issues/147)) | ||
* show warnings on downloads over HTTP [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Show-warnings-on-downloads-over-HTTP.patch) | ||
* lock profile cookie database [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Lock-Profile-Cookie-Database.patch) | ||
* remove support for device memory and cpu recovery [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-support-for-device-memory-and-cpu-recovery.patch) | ||
* disable speechSynthesis getVoices API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-speechSynthesis-getVoices-API.patch) | ||
* viewport Protection patch [patch](https://github.com/uazo/bromite/blob/master/build/patches/Viewport-Protection-flag.patch) | ||
* deprecate Data URL in SVGUseElement [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Deprecate-Data-URL-in-SVGUseElement.patch) | ||
* disallow Android App Scheme as referrer [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disallow-Android-App-Scheme-as-referrer.patch) | ||
* disable Compression Dictionary Transport [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-Compression-Dictionary-Transport.patch) | ||
* disable PrivateStateTokens API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-PrivateStateTokens-API.patch) | ||
* disable GSA by default [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-GSA-by-default.patch) | ||
* disable GetInstalledRelatedApps API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-GetInstalledRelatedApps-API.patch) | ||
* disable FirstPartySets and StorageAccessAPI [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-FirstPartySets-and-StorageAccessAPI.patch) | ||
* disable WebGPU [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-WebGPU.patch) | ||
* disable GamePad API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Add-a-flag-to-disable-GamePad-API.patch) | ||
* remove external https connection from chrome://discards [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-https-connection-from-chrome-discards.patch) | ||
* links the use of screen.isExtended to WINDOW_MANAGEMENT permission granted by user [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Multi-Screen-Window-Placement-API-fix.patch) | ||
* clear CORS Preflight Cache on clearing data [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Clear-CORS-Preflight-Cache-on-clearing-data.patch) | ||
* remove auth header upon cross origin redirect [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-auth-header-upon-cross-origin-redirect.patch) | ||
* disable SHA1 Server Signature [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-SHA1-Server-Signature.patch) | ||
* remove detection of captive portals [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-detection-of-captive-portals.patch) | ||
* disable devtools remote and custom protocols [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-devtools-remote-and-custom-protocols.patch) | ||
* enable Document Open Inheritance Removal [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Enable-Document-Open-Inheritance-Removal.patch) | ||
* warning message for unsupported hardware aes [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Warning-message-for-unsupported-hardware-aes.patch) | ||
* partition HSTS cache by NAK [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Partition-HSTS-cache-by-NAK.patch) | ||
* disable password leak detector [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-privacy-issues-in-password-manager.patch) | ||
* keyboard protection flag [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Keyboard-protection-flag.patch) | ||
* disable csp reports [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-csp-reports.patch) | ||
* add setting to clear data on exit [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Add-setting-to-clear-data-on-exit.patch) | ||
* disable visited pseudo class [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-visited-pseudo-class.patch) | ||
* disable BackForwardCache [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-BackForwardCache.patch) | ||
* disable FedCm [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-FedCm.patch) | ||
* partitioning all cookies by top frame domain [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Partitioning-all-cookies-by-top-frame-domain.patch) | ||
* fingerprint mitigation for AudioBuffer and AnalyserNode [patch](https://github.com/uazo/bromite/blob/master/build/patches/AudioBuffer-AnalyserNode-fp-mitigations.patch) | ||
|
||
#### Windows Cromite-specific features | ||
|
||
* enable Network Service Sandbox by default | ||
* disable sharing hub | ||
* disable search for image | ||
* simpler logging to file | ||
* disable TabHoverCard images | ||
* enable File System Access blocklist | ||
* enable HighEfficiencyMode by default | ||
* disable annotates on downloads | ||
* enabled pdf plugin by default | ||
|
||
## Features not related to privacy | ||
|
||
#### Derived da Bromite | ||
* browser automatic updates, enabled by default | ||
* native Android autofill support | ||
* import/export bookmarks | ||
|
@@ -118,7 +174,11 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6` | |
* allow moving navigation bar to bottom | ||
* add option to use home page as NTP | ||
|
||
You can inspect all functionality/privacy changes by reading the [patches](https://github.com/bromite/bromite/tree/master/build/patches) and/or the [CHANGELOG](./CHANGELOG.md). | ||
#### Cromite-specific features | ||
|
||
* add setting in android to invert tap and long tap [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Add-setting-to-invert-tap-and-long-tap.patch) | ||
|
||
(TODO) You can inspect all functionality/privacy changes by reading the [patches](https://github.com/bromite/bromite/tree/master/build/patches) and/or the [CHANGELOG](./CHANGELOG.md). | ||
|
||
### Flags | ||
|
||
|
@@ -162,25 +222,25 @@ New flags: | |
* timezone customization override | ||
* autoplay, disabled by default | ||
* webRTC, disabled by default | ||
* viewport protection, enabled by default | ||
|
||
# Privacy limitations | ||
|
||
Bromite's privacy features, including anti-fingerprinting mitigations (which are not comprehensive), **are not to be considered useful for journalists and people living in countries with freedom limitations**, please look at [Tor Browser](https://www.torproject.org/download/) in such cases. | ||
Cromite's privacy features, including anti-fingerprinting mitigations (which are not comprehensive), **are not to be considered useful for journalists and people living in countries with freedom limitations**, please look at [Tor Browser](https://www.torproject.org/download/) in such cases. | ||
Please note that this project is not free of bugs and that changing the behaviour of a browser can be risky and not without problems. | ||
|
||
# Releases | ||
# (TODO) Releases | ||
|
||
All built versions are available as [releases](https://github.com/bromite/bromite/releases); the [official website](https://www.bromite.org/) points to those releases and - when browsing via Android - it will automatically highlight the one apt for your device (or none otherwise). | ||
|
||
Each tag corresponds to a Chromium Stable release tag. | ||
|
||
Bromite is currently built for ARM, ARM64 and x86 and for the Android SDK version 23+; [Bromite SystemWebView](https://www.bromite.org/system_web_view) is provided as well (SDK23+). | ||
For every Bromite build you can always find a matching [vanilla Chromium](https://www.bromite.org/chromium) build which is used for example to verify which issues are specific to Bromite or not. | ||
Bromite is currently built for ARM64, x86 (Android SDK version 23+) and Windows. | ||
|
||
You will automatically receive notifications about new updates (and be able to install them) via the auto updater functionality (enabled by default), see [related wiki page](https://github.com/bromite/bromite/wiki/AutomaticUpdates). | ||
|
||
All official releases are also available through the [official third-party F-Droid repository](https://www.bromite.org/fdroid). | ||
|
||
## Integrity and authenticity | ||
## (TODO) Integrity and authenticity | ||
|
||
You can verify the integrity of a downloaded APK file from this project with any `sha256sum`-compatible tool by downloading the corresponding `brm_X.Y.Z.sha256.txt` or `chr_X.Y.Z.sha256.txt` file, where X.Y.Z is the release version number. Example: | ||
``` | ||
|
@@ -200,7 +260,7 @@ gpg: Good signature from "csagan5 <[email protected]>" | |
|
||
You can download csagan5's public GnuPG key from here: [csagan5.asc](./csagan5.asc). | ||
|
||
# How to build | ||
# (TODO) How to build | ||
|
||
The [Bromite main repository](https://github.com/bromite/bromite) contains tags for each corresponding Chromium release (see https://chromium.googlesource.com/chromium/src.git). | ||
|
||
|
@@ -210,13 +270,7 @@ The Chromium version tag used as base for the patches is available here: [RELEAS | |
The GN args used to build Bromite are available here: [bromite.gn_args](./build/bromite.gn_args). | ||
The patches are to be applied second the order specified in the `bromite_patches_list.txt` file (you can use `git am`). | ||
|
||
## How to build the filters | ||
|
||
See upstream documentation: https://github.com/chromium/chromium/blob/master/components/subresource_filter/FILTER_LIST_GENERATION.md | ||
|
||
Bromite uses an unindexed filter file, which is periodically published at https://github.com/bromite/filters | ||
|
||
# Contributing | ||
# (TODO) Contributing | ||
|
||
Please submit issues following the issue template; beware that GitHub does not display the templates from mobile. | ||
|
||
|
@@ -227,23 +281,15 @@ For any usage or development discussion please use GitHub Discussions: https://g | |
# Credits | ||
|
||
* [Chromium project](https://www.chromium.org/Home) and developers | ||
* [Iridium project](https://github.com/iridium-browser) for some patches | ||
* [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium) for some patches | ||
* [ungoogled-chromium-android](https://github.com/ungoogled-software/ungoogled-chromium-android) for some patches | ||
* [GrapheneOS](https://github.com/GrapheneOS) for some security patches | ||
* [Inox patchset](https://github.com/gcarq/inox-patchset) for some patches (via ungoogled-chromium) | ||
* [Brave Browser](https://github.com/brave/brave-core) for some patches | ||
* [Vadim Pleshkov](http://vadimpleshkov.me/) for Bromite's logo | ||
|
||
# Filters credits | ||
* [EasyList](https://easylist.to/#easylist) | ||
* [EasyPrivacy](https://easylist.to/#easyprivacy) | ||
* [uBlock Origin](https://github.com/uBlockOrigin) | ||
* [Peter Lowe's Ad and tracking server list](https://pgl.yoyo.org/adservers/) | ||
|
||
The URLs of the lists used are available at: https://github.com/bromite/filters/blob/master/lists.txt | ||
|
||
# License | ||
* [Bromite](https://github.com/bromite/bromite) | ||
* [Iridium project](https://github.com/iridium-browser) for some patches | ||
* [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium) for some patches | ||
* [ungoogled-chromium-android](https://github.com/ungoogled-software/ungoogled-chromium-android) for some patches | ||
* [GrapheneOS](https://github.com/GrapheneOS) for some security patches | ||
* [Inox patchset](https://github.com/gcarq/inox-patchset) for some patches (via ungoogled-chromium) | ||
* [Brave Browser](https://github.com/brave/brave-core) for some patches | ||
|
||
# (TODO) License | ||
|
||
The patches published as part of the Bromite project are released under [GNU GPL v3](./LICENSE). | ||
|
||
|