How to Optimize Google Chrome for Maximum Privacy

Discussion in 'privacy problems' started by mack_guy911, Jun 3, 2012.

Thread Status:
Not open for further replies.
  1. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  3. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Nice blog Hungry Man! :thumb:
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Great job, both :thumb: I never do use Instant, and learned a good bit more from these links. I think disabling plugins goes a long way towards security even in Chrome, though I went with the slightly less annoying "click to play" rather than white-list websites.

    Edit: Regarding your suggestion to use PDF.js...I respectfully disagree here. I personally see no reason to risk exploitation by opening these files within the browser. In my opinion, it's not only more efficient (as many content-heavy pdf files won't even work properly, even with the Chrome built-in reader), but more secure to have a separate program to handle them. I'd also suggest turning javascript off in these programs to further secure yourself. Personally I think Adobe-Reader X with javascript turned off and the browser plugin disabled will suit 99% of users just fine, and keep them pretty safe. My 2 cents :)
     
    Last edited: Jun 3, 2012
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Thanks AlexC/DW.

    That's a fair point dw. Ironically I think that PDF.js is way more fitting for Chrome, which runs all Javascript in a process that's unable to write to the filesystem. As Firefox does not separate or sandbox the renderer you're running the code with lots of rights.

    The idea behind PDF.js is to lower the trusted code and attack surface. Chrome does this by treating the PDF plugin as untrusted, so does Adobe, and Firefox does this by simply eliminating a separate plugin entirely, it's handled by Javascript, which has the renderer already there. The problem with Chrome/Adobe's implementation is that there's now a ton of code that's exploitable whereas Firefox has added very little code and the rest is handled entirely within the renderer.

    I'll put a note in about that.

    I'm planning on updating these guides further, like when I get a guide on convergence. I want to do an entire post on convergence first though so it'll probably wait until tomorrow. (edit: I finished the convergence guide and edited the FF post)
     
    Last edited: Jun 4, 2012
Loading...
Thread Status:
Not open for further replies.