Chromium - Privacy-Focused Builds

I wanted a thread specifically to discuss the fantastic open-source, privacy-focused Chromium builds from (https://chromium.woolyss.com/).

I did not think that it would be appropriate to discuss these builds in the main Chrome Stable Channel Update thread because that is intended for official Google Chrome stable release discussions. There is also a thread within all things UNIX discussing Ungoogled-Chromium but that is specific to Linux builds.

The one thing that I was not sure of was whether this topic should be within other software & services or one of the Privacy sub-forums.

For each of the builds, you have a choice between:

• Installer or Archive
• Stable or LKGR
• Sync - WebRTC - Windvine (builds containing Google API's)
• No Sync - No WebRTC - No Windvine (privacy-focused builds with no Google API's)

Recently, they have been providing PGO-optimized builds as well which is what Google Chrome team has also been doing since M53 (x64) and upcoming M54 (x86) for performance improvements in Chromium.

On top of all of that goodness, they have also been recently experimenting with compiling their typical vanilla Chormium builds but introducing some of the GitHub - Eloston/ungoogled-chromium patches bit by bit for an even more privacy-focused browser without Google API's and less Google oriented in general.

Some fantastic links:

• Chromium builds (https://chromium.woolyss.com/)
• Omaha Proxy
• Chromium Release Calendar
• Chrome Platform Status
• chrlauncher *

* chrlauncher is a tiny portable application which allows you to easily (and automatically) update Chromium builds and gives you the choice of different channels such as: Dev, Stable, etc. You can choose how often to check for updates and much more. Better yet, chrlauncher includes a portable Flash Player PPAPI binary. Therefore you can achieve an entirely portable Chromium, with auto-updates, channel selection, and portable Flash Player.

I will add more and organize this better later.

 

Great stuff @WildByDesign

 

I use woolyss releases for some time now and I like them. I use archive of stable x64 version with no Sync, WebRTC ... No problems so far.
If you need flash you will have to install it from Adobe.
They usually release new version same day (or maybe day after) Google releases new version.

 

http://www.ghacks.net/2016/10/05/ungoogled-chromium-removes-google-traces-from-chromium/

 

I just wanted to add to this point. Developers Woolyss, Nik, and Henry++ are loosely acquaintances and have come together within that community to contribute their efforts and work together. chrlauncher (developed by Henry++) was essentially been developed to follow Woolyss' API for downloading Chromium builds and to make entirely portable Chromium. However, in recent builds of chrlauncher, they have also included portable Flash Player PPAPI binary so that the user can use Chromium together with Flash Player for portable use and therefore, in that specific use case, users can avoid having to download Adobe Flash Player. I believe that he provides builds with and without Flash Player. I've checked hashes to ensure that the Flash Player binaries are the same PPAPI binaries as official.

I've updated the OP to include details about portable Flash Player.

 

@WildByDesign

Thanks for the links. I like to use Chromium, because the Chome executable of Chromium is not signed. I have UAC set to deny elevation of unsigned, the advantage of running Chromium over Chrome is that Chromium broker runs in a Basic User container with this UAC tweak (is not allowed to elevate to high integrity level/administrator rights).

When "validate administrator Code Signatures is on(1)" it is possible to run unsigned programs and programs with invalid signature. When you try to install them or run them as administrator, Windows will display the "Referral returned from the server" error message. See Microsoft info about this UAC setting. Vista and Windows 7 users might notice a delay with UAC prompts, because the signature is checked (so malware with forged signature is blocked), but the delay is hardly noticeable on Windows 8.1 and seems completely gone in Windows 10 (it seems to improve with every Windows version).

I run this UAC-tweak since 2009 and only once had a problem (when Microsoft update removed all signatures of its own Executables), but a simple return to "last known good configuration" using Windows startup recovery, corrected that hilarious Microsoft blooper. When I need to install an unsigned program, I temporarely allow unsigned elevation by running two regedit files, see below:

Set UAC to block elevation of unsigned: Block_Unsigned_Install.reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000001

Set UAC to allow elevation of unsigned: Allow_Unsigned_Install.reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000000

 

somehow stupid - lets find that build
https://github.com/Eloston/ungoogled-chromium/blob/master/resources/common/domain_regex_list

that much about "more" privacy

sync is opt-in - no account = no sync
safelist = opt-out
webrtc = chat/video-conferencing (firefox: hello)

 

Eloston release is discussed here: https://www.wilderssecurity.com/threads/ungoogled-chromium.387168/

 

Here, too.

 

Why would one opt out safelist/malware check and at the same time use third-party software that potentially collects the very same info?

 

@Shelta, welcome to this forum, good question, paranoid probably.

Facebook removing an image of the Copenhagen mermaid statue worries me more.

 

Opting out of malware check could improve your privacy (less communication with Google's servers). Locally you can use adblocker with anti-malware list enabled (I use uBlock Origin), which doesn't collect data or communicate with any server. It's probably not that efficient but IMO it should be enough for most users.

 

True that! I was under the impression that "Safe Browsing" just compared urls against a local downloaded list.

 

No, there is much more happening in background.
Here is technical document about the feature: https://www.chromium.org/developers/design-documents/safebrowsing
and here are privacy implications from Chrome's privacy whitepaper: https://www.google.com/chrome/browser/privacy/whitepaper.html#malware

 

Thanks for clearing things out.

 

Btw, which uBlock Origin malware lists do you recommend over the two (Malware Domain List, Malware domains) that comes with the default installation (if any)?

 

I personally use Malware Domains - it contains more filters - but I can't recommend you which is better, as I never tested or compared them.

 

Chromium has just recently added support for Control Flow Guard (CFG) mitigation in Dev builds revision r425226 and newer (via patch https://codereview.chromium.org/2412983006). They are starting initially with CFG enabled for chrome.exe & chrome_elf.dll and will assess any performance implications before eventually enabling CFG for more modules. I should mention that this is only for Windows 8.1 and Windows 10 users in which the CFG mitigation will take effect. The builds will still work fine for Windows 7 users, however, CFG will have no effect.

More on CFG: https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx



Note: the CF Guard indication from Process Hacker above.


At the moment, there are only a couple of builds over at https://chromium.woolyss.com/ which have CFG enabled.

There is one Dev/LKGR build from main developer/build provider Nik, but at the moment is 32-bit. His next 64-bit Dev/LKGR build will have CFG enabled. Just remember that the revision number needs to be r425226 or greater.
Link: https://github.com/henrypp/chromium/releases/tag/v56.0.2891.0-r425278-win32

There is a more recent Chromium build provider, RobRich, who has taken that single CFG patch and backported it to the current Chromium Stable branch build (54.0.2840.59) so this is a more stable build, but it is lacking Google API keys and therefore no Sync, etc. It does have media codecs though and I've been using this build for a few hours and it works great. This build is 64-bit, but no PGO at the moment.
Link: https://chromium.woolyss.com/#comment-1421

Personally, I am hoping that the main build provider, Nik, does a backport to Stable branch and therefore his builds would have a choice between Sync and No Sync and would also likely be PGO-optimized.

 

This (below) is what I absolutely love about Chromium in general. The Chromium Team developers take full advantage of the built-in protections in which the latest operating systems have to offer. Same goes for Chromium on Linux. Living off the land!

By latest, I mean, many of these mitigations shown below are only available in Windows 8.1 and Windows 10; some are Windows 10 only.

 

Thx @WildByDesign

According to this link Chrome started out to implement Control Flow Guard with Chrome canary build 56.0.2891.0, on 15 Oct 2016. This is also the latest available on Woolyss

 

Chromium Stable got updated to 54.0.2840.71. https://chromium.woolyss.com/?stb=1

 

Woolyss uses Chromium "stable" in all version displayed, better to look a the tags

STABLE = Identical version as latest released Chrome which has passed the broad (automated) regression test (54.0.2840.71) and (automated) code (sanatizing) analysis, available for 64 bits only

LKGR = Last Known Good Revision = development version with no reported errors (meaning it has passed a limited set of program test cases) (56.0.2891.0) available for both 32 and 64 bits

Risks of LKGR version: new code may have introduced logic errors in old code, new code is not yet fully tested (might show unexpected behavior) and new code is not analyzed for code vulnerabilities yet.

Benefits are well explained by WildByDesign

 

@Windows_Security
Yes I follow Woolyss release for some time - they deliver great service for Chromium users
My post was meant as FYI for users that use stable release and don't use chrlaunher to automatically update it (like me).

 

The best news regarding the stable channel build (https://github.com/henrypp/chromium/releases/tag/v54.0.2840.71-r414607-win64) in which @Minimalist was referring to is that the main Woolyss' community build compiler Nik has achieved CFG patch backported into stable channel 54.0.2840.71 build and optimization via PGO, with the usual choice between Sync and No-Sync. This build is far more secure in comparison to Google's own Chrome stable channel and performs just as fast thanks to PGO. The build that I mentioned initially from RobRich did have the CFG backported patch to stable, but did not have PGO or Sync.

The interesting thing about CFG is that every process protected by CFG mitigation has a 2TB virtual memory size which is the case with almost every Windows 10 built-in process. Now with CFG for Chromium, every chrome.exe process has a 2TB virtual memory size which I assume allows for improved randomization and entropy. Hopefully someone with more experience in Windows memory management can clarify that.

 

No problem, you were right to point the version number of the real stable To be honest I thought I was downloading the production stable (because of the titles Woolyss uses), while in fact I was downloading the LKGR (development stable). Unfortunately I am on 32 bits, so can't take advantage of the link you posted.