Follow

I think some people may not know that Google does Man In The Middle shit by default in mobile Chrome? They basically download everything to their servers and then send "optimized" to the client. SSL? HTTPS? Forget it.

There was an opt-out header which website owner could set but they're removing it.

This company doesn't know what privacy is. Or security.

So how could you avoid that?
1. Don't use Chrome on Android or
2. Disable "Data Saving" while you still can

@charlag

That makes me vomit actually, and they have the guts to blame symantec for some mississued certificates when themself do fuckup after fuckup

@selea that's not fuckup, that's deliberate evil and they make it look like they don't understand what's the problem

@charlag You can disable this "feature" but it's still a big issue...

@finlaydag33k yeah, how many people do? How many are aware of consequences?

@charlag
@finlaydag33k
Well I mean it does explicitely ask you. Like whenever ypu start using a clean chrome version, it pops up a giant window, literally asking whether it should save data by sending the data through Google's servers. So, anyone who cares even the slightest should be aware of that.

@BloomKitty @finlaydag33k devil's in details, isn't it? I've seen this before too but now they expanded it to https. Do they tell that they break encryption and can spy on everything? Do they show warning sign when they do it? No, they show "lite"?
I care about people who don't care because they don't know about this because they have other problems in life!

@charlag No, they get told that they will save data by sending the data through googles servers :p
It doesn't tell them it doesn't break encryption n stuff.

@charlag you basically lied in your first post only to then complain about something different when you were called out for it. @BloomKitty @finlaydag33k

@charlag they're also explicitly sharing that all they see is the URL (for SNI purposes, I assume) and neither cookies not content:

> When Chrome optimizes an HTTPS page, only the URL is shared with Google; other information – cookies, login information, and personalized page content – is not shared with Google.

There's so much to complain about with regards to Google, why lie?

@BloomKitty
@finlaydag33k

@dictvm @BloomKitty @finlaydag33k well, no shit, cookies are on the device but they're breaking end-to-end guarantees of SSL blatantly. They say that they can easily distinguish that some page is personal or not but I say it's bullshit

@charlag

@dictvm @BloomKitty

They can't, but the general public doesn't know, which is exactly what they want.
Make it look like magic by being as obscure as possible.

@charlag
I would like to have a more robust opinion on this subject. Could you point me to the correct place to look at?

I'm really concerned about this topic.
Thanks 🙂

@txusinho I will ask my collegue to give me a link
But here's the (outdated) article on technology where they say they don't re-route secure connections (they do now afaik)
developer.chrome.com/multidevi

@charlag thank you very much for the time answering.

Uninstalling Chrome from every computer at home / family

@charlag No way Google is evil! Everyone and their mom loves them! How could they possibly do anything wrong?!

Did I put the cynicism well enough? :mastozany:

@charlag I'd say they know very well what it is and circumvent it on purpose.

@charlag
I thought they did that only for plain http:// pages. They say that TLS secure pages are always direct client to first party server even if data saver is enabled. Have they changed this recently to route even TLS traffic somehow through their data compressor, without having the browser show cert warning ? 😲

@gkrishnaks well, they argue that they don't break TLS connection because it's another connection, they show somehow different icon I think

@charlag
And we can't verity to confirm because those components are not libre software? :/

@charlag We can use Bromite. They have removed lots of invasive 'features' from chrome

bromite.org

@charlag Wow, do you have a source for this information? I saw they *proposed* to enable this at some point, but I would be very surprised that it's a default behavior.

@bnjbvr when you install it, they ask if you want it (or at least they were, didn't use it for some time) and I guess that most people just press "ok", that's "default" for me.
I'll come back with link to the issue in chromium repo tomorrow

@charlag okay yeah, that's what I've seen recently indeed. And you're probably right about this default choice...

@charlag by default? I though it was requiring the user to manually activate this feature. Can you verify this?

@charlag They know very well what privacy and security are - a central aspect of their business model is all about the minimisation of consumer's privacy and security.

@charlag but it's private and secure because google does it /s

@charlag Oh, they know what privacy is. It’s what they violate by design to make billions of dollars.

@charlag No shit!? So that's why Chrome was so damn slow while loading any website, on any connection. Just installed FOSS Browser from F-Droid, and everything loads *instantly*. Faster than on the desktop, in fact.

@claude well they say that they enable" light pages" only on slow connections but "data server" could do that too

@charlag "Slow connections" apparently include a wi-fi router two feet away from the phone.

@charlag I guess that's one valid reason to use user-agent sniffing, I guess.

Sign in to participate in the conversation
birb site

This site is dedicated to birbs. A birb is a cute bird. In some instances another animal (dog, cat, rodent, even a snek may qualify)

More...

This instance uses Mutant Standard emoji, which are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.