• trolololol@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 months ago

    This that and the article are very light on details, but I couldn’t find an article deeper in details

    My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

    Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

      That’s strange, I’ve never heard of that before

      Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

      There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.

      Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.

      This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).

      • beeb@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Sounds easier to switch to another browser at that point

          • beeb@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Oh I didn’t catch that my bad. I hope they get a work computer where this kind of stuff doesn’t interfere with private life!

  • T156@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Does this also affect Chromium, or is it just Google Chrome?

    The article mentions it being affecting Google Chrome through Chromium, but it’s not clear if it also affects Chromium on its own, or other Chromium-based browsers.

  • _sideffect@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Why do people still use Chrome?

    Please uninstall it from everyone’s home pc and phone that you come into contact with

    • Tja@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Because it’s fast and works well enough to keep the fame acquired over the last 10 years.

      • _sideffect@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.

  • NutWrench@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

    • asdfasdfasdf@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I’m also doing this. Proton is amazing, for the most part. Ente Photos is also incredible for ditching Google Photos, although I’ll probably switch to Proton Photos when that comes out since Ente is pricey.

    • flop_leash_973@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        There are more options than GrapheneOS with broader device support, such as Calyx or LineageOS.

        But if you use Android already, you can start by using F-Droid (or others) to install apps to find FOSS replacements for apps you use.