Skip to content

From Firefox to Ungoogled Chromium

Classic Firefox Icon

This past Wednesday Mozilla dropped a bombshell.

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information.

Ungoogled Chromium Red Icon

For many years I was very proud to be a Mozilla user. Over time I came to think of them as the lesser of two evils. And now, I just don't want anything to do with them.

I switched to Ungoogled Chromium and inside are some details.

Why Not Firefox?

I'm not really here to preach to you about it. But the person in this video sums up how I feel if you're interested.

Mozilla has tried to walk it back, which you can read about. I don't buy it and I don't care.

If you've observed your network traffic with something like a pihole, you can see that Mozilla has more telemetry than a Windows installation. It's absurd.

I've been looking the other way each time this company sinks lower for a long time and I'm done. That's it.

Why Ungoogled Chromium?

I don't want to preach to you about this either. There isn't a right answer. Everything about the web of today is dirty and you have to take a shower after you're done with it. We all have decisions to make about the tools we want to use and none of them are perfect.

I chose Ungoogled Chromium

A lightweight approach to removing Google web service dependency from Chromium

HTML5 Game Support

The main reason I don't go with alternative browsers is because I'm an HTML5 game web developer. I need the latest support for WASM, WebGPU, and other features that web games rely on. I need to be working in the browser that my users will be most likely using.

This has honestly been a point of contention with my stubbornly sticking to Firefox for years and one thing I'm really glad about is that I don't have to think about it anymore.

Security Patches

A browser is not a trivial piece of software. We rely on the developers of browsers and the maintainers of codebases to quickly patch vulnerabilities so that we can safely use the web.

I'm not saying I know for a fact every fork maintainer is negligent, but I don't know that they're not. Yeah there's a lot of new alternative browsers, but at least Google and Mozilla have decades of demonstrating that they are up to this task. This is the rationale that's kept me on upstream Firefox for a long time. And it goes into how I'm picking my next thing.

I'm not saying your choice is bad. I'm just giving you my reasons.

Down to Business

The point of this post is to go over things that I will not want to forget about. As I said, I've used Firefox for over a decade and I know exactly how I like everything to be configured. Using something else is different and I need some place to return to when I need to set this all up again.

Enable Extensions

By default you can't install extensions from the Chrome Web Store, but this fixes that problem. After this is installed, you can visit something like uBlock Origin on Chrome Web Store and just click "Add to Chrome." If it's grayed out or doesn't appear, refresh the page.

Disable Chromecast

I can't speak for you, but I don't like the idea that an accidental click on the Cast context menu can forward what I'm looking at on my device to someone else's device on my network.

You can inspect this by going to the url chrome://media-router-internals/. This should show you different devices and clients on your network that are automatically discovered using mDNS and DIAL.

I poked around in chrome://flags for options regarding this. There is one.

#media-router-cast-allow-all-ips Have the Media Router connect to Cast devices on all IP addresses, not just RFC1918/RFC4193 private addresses.

Setting this to disabled doesn't stop it. There's another one.

#media-route-dial-provider !!! NOTE: THIS FLAG IS EXPIRED AND MAY STOP FUNCTIONING OR BE REMOVED SOON !!! Enable/Disable the browser discovery of the DIAL support cast device.It sends a discovery SSDP message every 120 seconds

This is nice but it seems it can't be relied upon.

You could try to block the IPs of the specific devices that you don't want Chromium to be communicating with, but that won't work due to the nature of mDNS and DIAL.

What are mDNS and DIAL?

Multicast traffic is intended to be received by all devices in the multicast group on the local network, not just a single device. When mDNS uses multicast, it’s broadcasting information to all devices that are listening to that multicast address.

DIAL is a protocol used primarily by Chromecast and other media devices for device discovery and casting content. It uses SSDP and mDNS (especially multicast) for device discovery.

You can observe that this is how it works by looking at the logs on that page: chrome://media-router-internals/

The only thing I can think of is to aggressively block both of these protocols.

sudo ufw deny in from 224.0.0.251 port 5353 proto udp comment "Block incoming mDNS"
sudo ufw deny in from 224.0.0.251 port 1900 proto udp comment "Block incoming SSDP (UPnP) discovery"
sudo ufw deny out 5353/udp comment "Block outgoing mDNS"
sudo ufw deny out 1900/udp comment "Block outgoing SSDP (UPnP) discovery"
sudo ufw deny out to 224.0.0.251 port 5353 proto udp comment "Block outgoing mDNS multicast"

A word of warning about this: These rules can cause various devices like ChromeCast, SmartTVs, IoT devices, Apple AirPlay and other things you might be using to not be able to communicate with your system. In my case, this is exactly what I want.

Now when you restart browser and refresh this page chrome://media-router-internals/, you should see

{
  "available_sinks": {},
  "discovered_sinks": {}
}

Stay Tuned

As of today, I have less than 1 day with this browser, so we'll see what else needs to be thought about and added here.