Categories
Browser

Chromium removed the ability to compile the Browser without WebRTC

There bad news and there’s good news for security fans, first things first – the Chromium source code disabled the ability to compile the Browser without WebRTC. For those who have no clue why WebRTC is a thing, well back in 2015 there was a huge security breach based on the Web Real-Time Communication project which allowed attackers to reveal your real IP even behind a VPN. So people started to asking what can we do and it seems disabling WebRTC is the best solution – in case you’re VPN hasn’t patched his own VPN configuration.

Cent Browser WebRTC
Cent Browser still allows you to disable WebRTC together with some other gimmicks.

Alternative Chromium based Browsers

I often recommend the project woolyss because these guys behind the project compiled a Chromium version (stable/beta) without stuff like WebRTC (and more) but the times are over because Chromium project decided to remove the ability to compile the Browser without the flag. The change made sense in my opinion because WebRTC is not evil it’s just that some bad guys can abuse some weaknesses but no protocol/project is perfect and most VPN providers have already patched their server configuration in order to prevent any IP leakage. Chromium official provided a extension, to control this but some people prefered to entirely disable WebRTC, well that’s imo not optimal solution because WebRTC Video calls are still more secure than compared to other insecure protocols. Most modern chat clients also using WebRTC like Discord, Riot or Signal.

So what can you do?

Well the woolyss project is not dead and I’m sure these guys will work on it but in the meantime you might want to try out Cent Browser. It’s a pretty young project from 2015 and it looks promising since these developers including patches in order to provide builds without WebRTC and other stuff like disabling HTML5 canvas in order to reduce your Browser fingerprint. It seems – from what I saw so far – the CHromium based Browser with the most features.

The developers seem to put a lot of effort into the project in order to provide a ‘unfucked’ Browser. I already wrote a comment on woolyss (which wasn’t published for no reasons) that they might could ask those devs to get the necessary patches to continue to provide their builds without WebRTC.

Final Words

WebRTC is a privacy concern since 2015 for some people, because attackers might can abuse a weakness and WebRTC itself can’t be patches to solve this without breaking existent implementations so it’s up to your Browser to protect you against it, but the implementations are problematically. You can Enable or disable WebRTC in Firefox or Cent Browser but there is no domain based rule exclusion possible, which would be optimal to disallow WebRTC on a global level and allow it only for those pages which are secured.

Categories
Tips and Tricks

The Answer why Chome communicates behind your back without user consent

First of all, it’s not only Chrome which has some background connections but I decided to mention Chrome in this article because some people constantly telling me that Google is trying to observe the Browser or even worse some people say ‘it’s spying’ in order to steal your data.

Chrome dns
Chrome’s own net-internals tools can reveal what’s going on – a simple visit on motherboard.vice.com reveals what DNS requests are made.
Categories
Google

YouTube tests Picture-in-Picture function in Desktop Browsers

YouTube again! Sorry, but this function seems useful so I have to write about it. In fact the Picture-in-Picture function isn’t new and already available for mobile users, but now it seems to work on the Desktop version too.

youtubepicinpic.gif
Picture Source: YouTube
Categories
Browser Security Tutorials

Chrome Flags which you need to checkout

Firefox becomes more and more a PR GAG and Mozilla doesn’t deliver what they promise – a secure Browser – so you might want to switch to Chrome, or a fork like Chromium instead in order to get a ‘clean’ Browser. However, you can tweak several about:flags options in order to harden your Chrome even more.

Chrome Flags

Categories
Browser extensions Security

ChomeZero protects you against JavaScript-based side-channel attacks

A new Chrome extension was released on GitHub, by some academics which allows to protect your Chrome or Chrome based Browser against JavaScript code to avoid a data leakage from a computer’s RAM or CPU.

ChromeZero
ChromeZero Settings.
Categories
Browser

Google Chrome 65.0.3325.146

Google just updated their Chrome browser to version 65.0.3325.146 and there isn’t any changelog yet available on the official announcement Blog. But this will be the first stable v65 build after several Beta builds. According to the source file there is also another build 65.0.3325.147 but I haven’t found an official compiled download link for it so I assume this build isn’t ready yet.

chrome

Categories
Browser

Chrome’s integrated Ad-Blocker explained

You can hate Google or you can like them, but they are usually the first which introducing the new things which everyone else only copy. There were the first which introduced e.g. the sandbox mechanism and the first which released a phishing filter among several other web browser defaults. Now the next step is that the users finally getting an integrated ad-blocker.

chrome-block-ads-desktop-settings

Categories
Browser

Google Chrome 64.0.3282.140

Another day, another day on earth with updates, cool isn’t it? Google released just another final version, the second for this year if I’m not totally wrong. The focus in this release was security related fixes and it also added several new features into the Browser.

google
Nope it’s not a Pokeball, you only can catch cookies with it. Picture: Google
Categories
Browser

Chrome 64 is out

Google just announced the new Chrome final release for Android and all other platforms. An explicit log-file can be found here. Security updates were one of their focus, Meltdown & Spectre got fixes among several other WebGL and URL related fixes. Starting with Chrome 64, autoplay videos are disabled by default

google-chrome-logo