Taming Chromium with few cmd-line switches

Discussion in 'privacy technology' started by Stefan Froberg, Nov 20, 2017.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    540
    Peter Beverloo is keeping excellent, updated list of various cmd-line switches for Chromium (and Chrome)
    and I picked from there few ones that might make it less "chatty" by running it like this under Linux (and should work with Windows too):

    chromium-browser --disable-background-networking --disable-breakpad --disable-cloud-import --disable-databases --disable-preconnect --disable-speech-api --disable-sync --disable-voice-input --disable-webgl --incognito --media-cache-dir=/dev/null --disk-cache-dir=/dev/null --no-pings --no-wifi --disable-local-storage --proxy-server=socks5://127.0.0.1:9050

    So far everything seems to work okay (knocks wood).

    Of course, running Chromium with Tor (--proxy-server switch) might be questionable but I just couldn't resist trying it.

    Here is Peter's blog
    https://peter.sh/experiments/chromium-command-line-switches/
     
  2. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    152
    Location:
    Albany, CA
    I at least would be very interested in this endeavor. I currently run SRWare Iron and Chromodo instead of Chrome, but I am aware they are not much better, and so I keep close watch on alternates for XP Pro...which eliminates Iridium and ungoogled-chromium.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,048
    Um, no, that doesn't work under Windows.... lol.

    You'd be better off using the actual flags instead of command line switches.

    Understatement of the year.
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    Note most of switches are not configurable from flags. I currently don't use Chromium on Linux, but on Windows I use:

    --cipher-suite-blacklist=0x00aa
    --disable-breakpad
    --disable-cloud-import
    --disable-speech-api
    --disable-sync
    --disable-voice-input
    --disk-cache-size=1
    --enable-strict-powerful-feature-restrictions
    --no-wifi
    --flag-switches-begin
    --no-pings
    --disable-touch-adjustment
    --enable-appcontainer
    --history-entry-requires-user-gesture
    --disable-offline-auto-reload
    --disable-push-api-background-mode
    --site-per-process
    --disable-touch-drag-drop
    --extension-content-verification=enforce_strict
    --load-media-router-component-extension=0
    --pull-to-refresh=0
    --reduced-referrer-granularity
    --touch-events=disabled
    --enable-features=FramebustingNeedsSameOriginOrUserGesture,HttpFormWarning,PermissionsBlacklist,VibrateRequiresUserGesture
    --disable-features=AccountConsistency,AppBanners,DesktopIOSPromotion,DoodlesOnLocalNtp,ExperimentalAppBanners,GamepadExtensions,GenericSensor,GenericSensorExtraClasses,IPH_DemoMode,ImageCaptureAPI,NewUsbBackend,NoStatePrefetch,OmniboxSpeculativeServiceWorkerStartOnQueryInput,OpenVR,OptimizationHints,ServiceWorkerPaymentApps,SpeculativePreconnect,SpeculativeResourcePrefetching,TopSitesFromSiteEngagement,TranslateRankerEnforcement,UseSuggestionsEvenIfFew,VoiceSearchOnLocalNtp,WebPayments,ZeroSuggestRedirectToChrome,affiliation-based-matching
    --flag-switches-end

    I basically don't toggle switches/flags which are not relevant unless certain flag/function is enabled (password manager, autofill, suggest etc.) tho there're exception. There're still many privacy/security related flags I haven't touched for some reason.

    What bothers me most is those switches/flags change rapidly. I periodically check them and remove obsolete ones and add new ones...
    e.g. --disable-preconnect listed in OP is obsolete. BTW I personally against disabling media cache & HTML5 storage for performance/usability perspective.

    In Windows you can also use policies to further restrict Chrome, but it's not available on Home version unless you install unofficial policy editor. Even if you edit corresponding registry, they have no effect.

    Android version have a quite different flag set, but I'm lazy to upload/write down these tweaks.
     
    Last edited: Feb 3, 2018
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    They might be better in privacy (not much sure, actually) but not better in security, due to slow update and added attack surface they may introduce.
    I'll never use Comodo's browser again. Their PrivDog MITM was really ridiculous as certificate organization/security vendor, but their response to that matter was even more terrible. And it was NOT only sign of their bad practice in security, low adoption rate of DEP/ASLR, another vuln found in Comodo Dragon discovered by Tavis Ormandy, etc...

    I think maybe only Opera, Yandex, and Brave manage to keep up with latest security standard.
     
  6. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    I can't edit earlier post, but it seems now policy restriction work on Windows Home too. I don't remember when, but at least it didn't work, but anyway it works in the latest Winodws 10 Home.

    I attached a registry tweak script just in case someone want it (changed extension to txt), but use it in your own risk!
     

    Attached Files:

  7. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,560
    Location:
    Toronto, Canada
    @Yuki2718 Thank you for sharing your list of flags. I had to look up many of them. :thumb:

    By the way, I have found chrome://flags/#enable-policy-tool to be quite useful lately. It adds new Chrome URL chrome://policy-tool which allows easy user-level (not machine level) policy editing.
     
  8. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    You're welcome:)
    Yes, that will be useful if you want to apply policy to per-user level.:thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.