Advice Request Anyone using Chrome's flags to increase security and/or privacy

[Windows_Security]

Are members using the beta features of Chrome browser by tweaking the about://flags settings?

Privacy enhancement
#disable-hyperlink-auditing
#reduced-referrer-granularity

Security improvements RC (which are available a very long time so they won't give problems)
#extension-content-verification (set to strict)
#enable-permissions-blacklist

Security improvements Beta (most are available since 2012, so on my PC stable for at least two years)
#enable-site-per-process (which I always use with the flag below to for performance and resource)
#enable-top-document-isolation (puts all isolated iframes together in stead of each in its own)
#disallow-doc-written-script-loads
#enable-framebusting-needs-sameorigin-or-usergesture

 

[Mr.X]

Tell me how it goes if you don't mind.

So far after several hours running Chrome with QUIC protocol, I see no negative side effects yet. Neither any noticeable improvement, perhaps due to my laptop is quite old and has low resources. In other words, I see Chrome working as usual. Maybe a computer powerful enough could see benefits.

 

[509322]

Hi @Lockdown

Are you referring to plugins in Chrome? I couldn't find the plugins when I type chrome://plugins

Google removes Plugin controls from Chrome - gHacks Tech News

If yes, then enabling Appcontainer in Chrome has any effect on Emsisoft products or vice versa?

Thanks

Enabling Chrome to run in the AppContainer with EAM installed will cause Chrome plug-ins to fail to load. When you disable AppContainer they still fail to load. You will have to uninstall EAM to reset AppContainer to the default (OFF).

@Umbra reported this to Emsisoft many months ago.

 

[SHvFl]

So far after several hours running Chrome with QUIC protocol, I see no negative side effects yet. Neither any noticeable improvement, perhaps due to my laptop is quite old and has low resources. In other words, I see Chrome working as usual. Maybe a computer powerful enough could see benefits.

Enabled it but i doubt i will notice anything.
Edit: Enable this and chrome://flags#enable-brotli

I can notice a significant improvement in loading speed. Don't ask which did it because i am too lazy to check if none of them creates any issues.

 

[Mr.X]

Enabled it but i doubt i will notice anything.
Edit: Enable this and chrome://flags#enable-brotli

I can notice a significant improvement in loading speed. Don't ask which did it because i am too lazy to check if none of them creates any issues.

Lucky you. Even enabling Brotli Content-Encoding, I can't notice any improvement in my side. Again, it's my own scenario which is not able to take advantage of those tweaks. That's for sure.

 

[SHvFl]

Lucky you. Even enabling Brotli Content-Encoding, I can't notice any improvement in my side. Again, it's my own scenario which is not able to take advantage of those tweaks. That's for sure.

The connection matters for sure. If you are on adsl you will not notice it because the delay of adsl will be a lot bigger than the improvement so it will not show up. Atm i am on a good fiber connection with less than 10 ms on local servers. I am pretty sure if you time it with an addon you will have an improvement but it's probably irrelevant.

 

[Mr.X]

The connection matters for sure. If you are on adsl you will not notice it because the delay of adsl will be a lot bigger than the improvement so it will not show up. Atm i am on a good fiber connection with less than 10 ms on local servers. I am pretty sure if you time it with an addon you will have an improvement but it's probably irrelevant.

I'm on a cable connection with obsolete technology infrastructure. Is there anything I can do for myself in this case?

 

[SHvFl]

I'm on a cable connection with obsolete technology infrastructure. Is there anything I can do for myself in this case?

Just keep them on. They should help even if it's just a tiny bit. Especially the brotli thingy. The other one i am not sure because apparently it's still not finished work.

 

[given]

have anyone here enable the " Experimental QUIC protocol " in Chrome://flags ? just found out that "Experimental QUIC protocol " is speeding up a bit way faster in browser,,you guys should try it urself out and the "Experimental Canvas Features " also

 

[Mr.X]

have anyone here enable the " Experimental QUIC protocol " in Chrome://flags ?

I did and see no positive nor negative effects. Maybe my internet connection is not good enough to perceive them.

 

[ForgottenSeer 58943]

I use command line switches, not flags.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-extensions-with-background-pages --dns-prefetch-disable --no-pings --disable-logging

QUIC is UDP over 80/443 which bypasses many security protocols and content filtration. As such, BY DEFAULT most quality UTM/NGFW/FW block QUIC by default. Many proxy firewalls watch for TCP 80/443 so security can be compromised/bypassed with QUIC in some cases. Always best to disable it IMO or block it from your UTM appliance if you can. Similar to how you should disable IPv6 over IPv4 protocols (Teredo, etc), there are security risks to these.

 

[Mr.X]

I use command line switches, not flags.

Why? Because they're not available as flags?

 

[Prorootect]

I use Chromium forks not command line switches, or flags.
- too boring these enhancements, changes, no time for me

 

[ZeroDay]

I use Chromium forks not command line switches, or flags.
- too boring these enhancements, changes, no time for me

Forks aren't updated as quickly as Chrome itself though are they?

 

[Prorootect]

Forks aren't updated as quickly as Chrome itself though are they?

Yes, but they are much more secure - Chrome is real spy, once he prohibited me from load proxy..

 

[ZeroDay]

Yes, but they are much more secure - Chrome is real spy, once he prohibited me from load proxy..

How can they be more secure if they get the latest security patches a while after Chrome?

 

[Prorootect]

How can they be more secure if they get the latest security patches a while after Chrome?

Yes, more secure when it comes to privacy. They don't have the latest security patches - but they're much less spying.
Good examples are Slimjet, or CENT Browser - look in the Settings .. you have many privacy settings under the hood ... then I have more confidence.

Eg CENT has natively: Disable WebRTC, Prevent my local IP address from leaking by WebRTC, Disable HTLM5 canvas fingerprinting, Disable screenshots by extension API ..

Then SLIMJET Block cross-domain HTTP referrer, Block social network javascript on third-party websites, Block Google ads on third-party websites, Replace indirect link in search engine results with direct link to original site .. "Do Not Track" requests too ..

- The remaining ones are doing my extensions.

So I use these Chromium forks, NOT Chrome.
I don't want to hurt you, sorry and so on, ZeroDay!

 

[ForgottenSeer 58943]

I use Chromium forks not command line switches, or flags.
- too boring these enhancements, changes, no time for me

1) Actually if you do some investigation, you might find some of these forks are less secured. Install them, then grab packet sniffers and get back to me on what you see. Of course I already know the answer because I have already done this. It's great one popular fork doesn't send telemetry to Google, but do you feel safer with all of the crap it sends to Quantcast?

2) Can you guarantee integrity of systems those forks are compiled on? What if they are compromised?

3) How about fast patching and exploit plugging, are they on top of that?

4) Cent Browser, playing off the CentOS is cute. Do you know who they are? No, you probably don't because they don't disclose who they are. Just a random Gmail account. I'll tell you who they are; (you trust a shell holding company owned by the telemetry wing of Alibaba?)

Nexperian Holding Limited
Le Jia International No.999 Liang Mu Road Yuhang District
Hangzhou Zhejiang 311121 China

5) Slimjet? From Flashpeak? So you trust a browser programmed by a Chinese Ex-Pat:

from THIS location?

5) Since those command line switches work with most forks, you probably should STILL use them.

6) WebRTC is nonsense, nobody cares about it, virtually everything blocks it. Even firewalls are adding SPI to block RTC local subnet disclosure by default.

 

[Sunshine-boy]

ForgottenSeer 58943 I really enjoy reading your comments!a lot of research by yourself!thanks for sharing your information with us
Is it safe to disable QUIC protocol?Also, what is your opinion on Yandex browser?

 

[ForgottenSeer 58943]

ForgottenSeer 58943 I really enjoy reading your comments!a lot of research by yourself!thanks for sharing your information with us
Is it safe to disable QUIC protocol?Also, what is your opinion on Yandex browser?

QUIC can be disabled. It's useless. Sure, it may take 0.1ms more to load Youtube or Google, but who cares. You shouldn't shoe horn TCP 80/443 into a UDP parallel protocol for many reasons, Google is being naughty. Realize most inspection for WF is looking at TCP 80/443 not UDP. This is like trying to shove over-sized packets through 53 to bypass scanning. Nope. There is a reason corporate/enterprise security gear block QUIC by default (and so do others)

I like Yandex Browser, easily the best fork if you like forks.

 

[Sunshine-boy]

QUIC can be disabled. It's useless. Sure, it may take 0.1ms more to load Youtube or Google, but who cares

I just disabled it for the peace of my mind I also don't care about that 0.1 ms.

WF is looking at TCP 80/443 not UDP

I didn't know that thanks.

I like Yandex Browser

I always have the last beta version of Yandex but their chrome version is behidne the offifela veriosn! like i have the 61.0.3163.1512 version right now when the last is 62.0.3202!
They also have a bug bounty page!
The Yandex Bug Bounty
Keep us posted thanks<3