diff options
-rw-r--r-- | full-description.md | 2 | ||||
-rw-r--r-- | slides.tex | 15 | ||||
-rw-r--r-- | speaker-notes | 22 |
3 files changed, 35 insertions, 4 deletions
diff --git a/full-description.md b/full-description.md index ac1730f..bef6ef7 100644 --- a/full-description.md +++ b/full-description.md @@ -1,5 +1,5 @@ # The Chromium mess meets Android -Proposals on how to get a fully free WebView build or replace it by something +Proposals on how to get a fully free WebView build or replace it with something completely new. ## What is WebView? @@ -33,7 +33,7 @@ } \title[The Chromium mess meets Android]{The Chromium mess meets Android} -\subtitle{Proposals on how to get a fully free WebView build or replace it by something completely new} +\subtitle{Proposals on how to get a fully free WebView build or replace it with something completely new} \author{David Ludovino \and Jeremy Rand \thanks{\footnotesize with support from Andrés D and Kurtis Hanna}} \institute[Replicant]{Replicant} \date{} @@ -144,14 +144,23 @@ public class MainActivity extends Activity { \item Background requests to Google during build and run. \item Depends on Google services for several features (e.g. Safe Browsing). \item Limited privacy controls. + \item API prevents extensions from blocking ads. \end{itemize} - \bigskip + \medskip + \pause + Security issues: + \begin{itemize} + \item Prevents users from escaping the certificate authority system for TLS. + \end{itemize} + \medskip + \pause Freedom issues: \begin{itemize} \item Pre-built binaries throughout the code base. \item Missing license in some source files. \end{itemize} - \bigskip + \medskip + \pause Verdict: unfit for fully free-software distributions. \end{frame} diff --git a/speaker-notes b/speaker-notes new file mode 100644 index 0000000..e793238 --- /dev/null +++ b/speaker-notes @@ -0,0 +1,22 @@ +Which apps use WebView? + A couple years ago, Jeremy checked all the PRISM Break apps to see which ones +obviously used WebView. He doesn't have the exact numbers, but it was something +like a third. Now it's a half. So WebView is becoming increasingly prevelant, +and quickly. + +What's the matter with Chromium? + * Chromium manipulates its extension API to prevent extensions from blocking +ads. They claim this is to prevent performance problems, which is a lie because +Mozilla already solved those performance problems in production via a tiny +tweak to the extension API that didn't impact ad blocking. Someone makes money +when browsers cripple ad blocking, and it's not you the user. +**Chromium is an antitrust violator and this harms the user's interests.** + + * Chromium does everything in their power to prevent users from escaping the +certificate authority system for TLS. Whether it's DNSSEC/DANE/TLSA, +perspective verification, HPKP, manual key pinning, OS-level key pinning, +or Namecoin, you can be pretty sure that if a mechanism exists to verify +TLS certificates without fully trusting public CA's, the Chromium devs have +tried to kill it. +**Chromium is hostile to users' security.** + |