uazo / cromite

Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!
https://www.cromite.org/
GNU General Public License v3.0
3.55k stars 84 forks source link

Add portable mode #1021

Open graphixillusion opened 6 months ago

graphixillusion commented 6 months ago

Preliminary checklist

Can the bug be reproduced with corresponding Chromium version?

No

Are you sure?

Yes

Cromite version

123.0.6312.122

Device architecture

x64

Platform version

Windows 10

Android Device model

Windows 10

Is the device rooted?

No

Changed flags

no flags changed

Is this bug happening in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

no

Describe the bug

As the title says i'm running cromite with these two flags for enable portable mode but when i move the folder into another computer, all the extensions, cookies and everything else are gone. You need to install the extensions again for make them show up again.

Steps to reproduce the bug

  1. Start cromite with these flags: --user-data-dir=..\profile --disable-machine-id --disable-encryption

  2. Install some extensions

  3. Move cromite folder to another system

Expected behavior

Extensions, cookies and everything else should be keeped correctly on the new system.

Screenshots

No response

uazo commented 6 months ago

are you sure it doesn't work? i don't think i have modified anything about it (although I am pleased that it does not work :) the problem is that there is nothing in windows to protect the profile folder from external tampering, only, precisely, encryption of important data with Windows user-related encryption. the only possibility would be to produce another executable (with another icon, to be clear), which is less secure by default. One would need to understand how much this mode is used, I would not use it for example.

graphixillusion commented 6 months ago

I have tested several times including last version and while everything it's working under ungoogledchromium, it doesn't work in Cromite. Clean install in both situation. I know and i'm agree with yout about security but sadly this is the only way to move stuff arounds without a sync mechanism.

uazo commented 6 months ago

ah, now I understand. that flag doesn't exist in chromium, it's an ungoogled specific patch!

amymor commented 3 months ago

For a workaround until dev adds that patch, you can try Chrome++.

uazo commented 3 months ago

thanks! that's exactly what i wish it was never done, which is to inject dll into cromite. but does it work?

now that i know it can be done, i will try to make it no longer possible.

amymor commented 3 months ago

I didn't try that because my Cromite profile was already encrypted due to the lack of --disable-encryption. This profile is somehow corrupted and can't be fully restored; this is a significant problem. It's not just about another computer; let's say you perform a clean install of Windows, then suddenly, all your passwords, extensions, and settings disappear and cannot be restored in any way. It only keeps your history, bookmarks, and open tabs. Additionally, I encountered other strange issues, such as being unable to add any passwords.

In summary, if you want to install a new OS, Google forces you to use an account for syncing, which goes against your privacy.

For the above reasons, I switched back to Ungoogled Chromium and gave it another try. The results show that fingerprinting is slightly better than Cromite too.

uazo commented 3 months ago

let's say you perform a clean install of Windows, then suddenly, all your passwords, extensions, and settings disappear and cannot be restored in any way.

of course, I realise, it's a big problem. that's why I also use keepass in windows.

Google forces you to use an account for syncing, which goes against your privacy.

theoretically, if you enter the passphrase in google sync, the data is indecipherable (chromium uses nigori, but I'm not a mathematician so I'm just going by what I read).

The results show that fingerprinting is slightly better than Cromite too.

I like comparisons. if you want to open a discussion on the subject, I would be happy to engage in it.

amymor commented 3 months ago

I also use KeePass. My main browser is LibreWolf, but I use Chrome-based browsers as secondary, which means I don't have as many passwords to manage. Additionally, I have backups of these passwords. I already knew that Chrome encrypts profiles by default, but there were two switches for disabling it. So, I didn't encounter any problems until I migrated from Ungoogled to Cromite. Then, for about a year, I thought that Cromite supported these switches too. It was only after reinstalling Windows that I came to realize my mistake. Additionally, Cromite is my main browser on phone (I didn't store anything on the phone, so there is no issue). Overall, this is not a big problem for me, but I believe it could be a big problem for average users. Also, it limits me to using only Ungoogled, whereas I enjoy trying various options and choosing the best one. Therefore, this limitation is somewhat annoying.

For comparison, I don't have enough free time to reproduce the situation in every case, so please excuse me if I can't open a new discussion. However, you can test both Cromite and Ungoogled with the Ublock (Medium mode) and Spoof Timezone on these tests: CoverYourTracks AmiUnique As I said , they are similar, but Ungoogled performed slightly better in resolution and font for me.

graphixillusion commented 3 months ago

Btw, are you going to implement the portable patch in Cromite or there are problems doing it?