The endless browser wars

Posted Jan 25, 2021 18:36 UTC (Mon) by re:fi.64 (subscriber, #132628)
Parent article: The endless browser wars

Note that a Chromium team member has confirmed on Google Groups that safe browsing still will work: https://groups.google.com/a/chromium.org/g/chromium-packa...

This matches with the initial email, which said that the API keys will lose access to Google APIs like Chrome Sync.

The endless browser wars

Posted Jan 25, 2021 20:03 UTC (Mon) by ceplm (subscriber, #41334) [Link] (1 responses)

Which is true until Google changes their mind. Again.

The endless browser wars

Posted Jan 26, 2021 16:17 UTC (Tue) by NYKevin (subscriber, #129325) [Link]

Safe Browsing has been used by Firefox and Safari, as well as a number of smaller browsers, for years. Locking it down now would certainly be a surprise.

(Disclaimer: I work for Google. I don't work on Chrome, and don't know anything more about this than you probably do.)

The endless browser wars

Posted Jan 26, 2021 18:20 UTC (Tue) by mcatanzaro (subscriber, #93033) [Link] (1 responses)

Meanwhile, I've decided to disable Safe Browsing in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/-/blob/74912f8ccb...

Firefox Sync is still going strong though. It's really amazingly nice of Mozilla to make this service available to non-Firefox apps with very few requirements (they boil down to "don't be malware" and "don't pretend to be Firefox").

The endless browser wars

Posted Jan 26, 2021 18:25 UTC (Tue) by mcatanzaro (subscriber, #93033) [Link]

To be clear: this is a separate issue. Since 2019, Google has required that API keys be kept secret. That is, they can no longer be included in open source projects (which presumably includes distro build systems). Everybody has just been ignoring the new rules since then. The Safe Browsing team clearly intends for their API to be used by open source projects, but it is just not possible to do anymore without violating the terms of service or somehow injecting secrets into the build process. Secrets are actually possible when building with GitLab (which is why the upstream build still has Safe Browsing enabled), but not possible for Linux distributions with fully public build systems and a goal of making builds reproducible.