summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Rand <jeremyrand@airmail.cc>2019-12-25 22:34:15 +0100
committerdllud <dllud@riseup.net>2019-12-25 22:34:15 +0100
commitf116f4fa81f9d7665e6d2530fc82b5ea711a6a80 (patch)
tree845003bdc56e8baa6444fe852d237d30631cca47
parente3494ff72e1214d532f7c309d712c9e99b7d454f (diff)
downloadwebview-presentation-f116f4fa81f9d7665e6d2530fc82b5ea711a6a80.zip
webview-presentation-f116f4fa81f9d7665e6d2530fc82b5ea711a6a80.tar.gz
webview-presentation-f116f4fa81f9d7665e6d2530fc82b5ea711a6a80.tar.bz2
Addendums and speaker notes.
Signed-off-by: dllud <dllud@riseup.net> dllud@riseup.net: fit addendums into slides' text; commit message.
-rw-r--r--full-description.md2
-rw-r--r--slides.tex15
-rw-r--r--speaker-notes22
3 files changed, 35 insertions, 4 deletions
diff --git a/full-description.md b/full-description.md
index ac1730f..bef6ef7 100644
--- a/full-description.md
+++ b/full-description.md
@@ -1,5 +1,5 @@
# The Chromium mess meets Android
-Proposals on how to get a fully free WebView build or replace it by something
+Proposals on how to get a fully free WebView build or replace it with something
completely new.
## What is WebView?
diff --git a/slides.tex b/slides.tex
index be13fb2..c1b962d 100644
--- a/slides.tex
+++ b/slides.tex
@@ -33,7 +33,7 @@
}
\title[The Chromium mess meets Android]{The Chromium mess meets Android}
-\subtitle{Proposals on how to get a fully free WebView build or replace it by something completely new}
+\subtitle{Proposals on how to get a fully free WebView build or replace it with something completely new}
\author{David Ludovino \and Jeremy Rand \thanks{\footnotesize with support from Andrés D and Kurtis Hanna}}
\institute[Replicant]{Replicant}
\date{}
@@ -144,14 +144,23 @@ public class MainActivity extends Activity {
\item Background requests to Google during build and run.
\item Depends on Google services for several features (e.g. Safe Browsing).
\item Limited privacy controls.
+ \item API prevents extensions from blocking ads.
\end{itemize}
- \bigskip
+ \medskip
+ \pause
+ Security issues:
+ \begin{itemize}
+ \item Prevents users from escaping the certificate authority system for TLS.
+ \end{itemize}
+ \medskip
+ \pause
Freedom issues:
\begin{itemize}
\item Pre-built binaries throughout the code base.
\item Missing license in some source files.
\end{itemize}
- \bigskip
+ \medskip
+ \pause
Verdict: unfit for fully free-software distributions.
\end{frame}
diff --git a/speaker-notes b/speaker-notes
new file mode 100644
index 0000000..e793238
--- /dev/null
+++ b/speaker-notes
@@ -0,0 +1,22 @@
+Which apps use WebView?
+ A couple years ago, Jeremy checked all the PRISM Break apps to see which ones
+obviously used WebView. He doesn't have the exact numbers, but it was something
+like a third. Now it's a half. So WebView is becoming increasingly prevelant,
+and quickly.
+
+What's the matter with Chromium?
+ * Chromium manipulates its extension API to prevent extensions from blocking
+ads. They claim this is to prevent performance problems, which is a lie because
+Mozilla already solved those performance problems in production via a tiny
+tweak to the extension API that didn't impact ad blocking. Someone makes money
+when browsers cripple ad blocking, and it's not you the user.
+**Chromium is an antitrust violator and this harms the user's interests.**
+
+ * Chromium does everything in their power to prevent users from escaping the
+certificate authority system for TLS. Whether it's DNSSEC/DANE/TLSA,
+perspective verification, HPKP, manual key pinning, OS-level key pinning,
+or Namecoin, you can be pretty sure that if a mechanism exists to verify
+TLS certificates without fully trusting public CA's, the Chromium devs have
+tried to kill it.
+**Chromium is hostile to users' security.**
+