Without signing in to a Google Account, Chromium does pretty well in terms of security and privacy. However, Chromium still has some dependency on Google web services and binaries. In addition, Google designed Chromium to be easy and intuitive for users, which means they compromise on transparency and control of internal operations.
ungoogled-chromium addresses these issues in the following ways:
- Remove all remaining background requests to any web services while building and running the browser
- Remove all code specific to Google web services
- Remove all uses of pre-made binaries from the source code, and replace them with user-provided alternatives when possible.
- Disable features that inhibit control and transparency, and add or modify features that promote them (these changes will almost always require manual activation or enabling).
These features are implemented as configuration flags, patches, and custom scripts
These are the core features introduced by ungoogled-chromium
- Replace many web domains in the source code with non-existent alternatives ending in qjz9zk (known as domain substitution; see docs/design.md for details)
- Strip binaries from the source code (known as binary pruning; see docs/design.md for details)
- Disable functionality specific to Google domains (e.g. Google Host Detector, Google URL Tracker, Google Cloud Messaging, Google Hotwording, etc.)
- This includes disabling Safe Browsing. Consult the FAQ for the rationale.
- Add many new command-line switches and chrome://flags entries to configure disabled-by-default features. See docs/flags.md for the exhaustive list.
These are the non-essential features introduced by ungoogled-chromium.
- Use HTTPS by default when a URL scheme is not provided (e.g. Omnibox, bookmarks, command-line)
- Add Suggestions URL text field in the search engine editor (chrome://settings/searchEngines) for customizing search engine suggestions.
- Add more URL schemes allowed to save page schemes.
- Add Omnibox search provider "No Search" to allow disabling of searching
- Add a custom cross-platform build configuration and packaging wrapper for Chromium. It currently supports many Linux distributions, macOS, and Windows. (See docs/design.md for details on the system.)
- Force all pop-ups into tabs
- Disable automatic formatting of URLs in Omnibox (e.g. stripping http://, hiding certain parameters)
- Disable intranet redirect detector (extraneous DNS requests)
- This breaks captive portal detection, but captive portals still work.
- (Iridium Browser feature change) Prevent URLs with the trk: scheme from connecting to the Internet
- Also prevents any URLs with the top-level domain qjz9zk (as used in domain substitution) from attempting a connection
- (Iridium and Inox feature change) Prevent pinging of IPv6 address when detecting the availability of IPv6. See the --set-ipv6-probe-false flag above to adjust the behavior instead.