From f116f4fa81f9d7665e6d2530fc82b5ea711a6a80 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Wed, 25 Dec 2019 22:34:15 +0100 Subject: Addendums and speaker notes. Signed-off-by: dllud dllud@riseup.net: fit addendums into slides' text; commit message. --- full-description.md | 2 +- slides.tex | 15 ++++++++++++--- speaker-notes | 22 ++++++++++++++++++++++ 3 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 speaker-notes diff --git a/full-description.md b/full-description.md index ac1730f..bef6ef7 100644 --- a/full-description.md +++ b/full-description.md @@ -1,5 +1,5 @@ # The Chromium mess meets Android -Proposals on how to get a fully free WebView build or replace it by something +Proposals on how to get a fully free WebView build or replace it with something completely new. ## What is WebView? diff --git a/slides.tex b/slides.tex index be13fb2..c1b962d 100644 --- a/slides.tex +++ b/slides.tex @@ -33,7 +33,7 @@ } \title[The Chromium mess meets Android]{The Chromium mess meets Android} -\subtitle{Proposals on how to get a fully free WebView build or replace it by something completely new} +\subtitle{Proposals on how to get a fully free WebView build or replace it with something completely new} \author{David Ludovino \and Jeremy Rand \thanks{\footnotesize with support from Andrés D and Kurtis Hanna}} \institute[Replicant]{Replicant} \date{} @@ -144,14 +144,23 @@ public class MainActivity extends Activity { \item Background requests to Google during build and run. \item Depends on Google services for several features (e.g. Safe Browsing). \item Limited privacy controls. + \item API prevents extensions from blocking ads. \end{itemize} - \bigskip + \medskip + \pause + Security issues: + \begin{itemize} + \item Prevents users from escaping the certificate authority system for TLS. + \end{itemize} + \medskip + \pause Freedom issues: \begin{itemize} \item Pre-built binaries throughout the code base. \item Missing license in some source files. \end{itemize} - \bigskip + \medskip + \pause Verdict: unfit for fully free-software distributions. \end{frame} diff --git a/speaker-notes b/speaker-notes new file mode 100644 index 0000000..e793238 --- /dev/null +++ b/speaker-notes @@ -0,0 +1,22 @@ +Which apps use WebView? + A couple years ago, Jeremy checked all the PRISM Break apps to see which ones +obviously used WebView. He doesn't have the exact numbers, but it was something +like a third. Now it's a half. So WebView is becoming increasingly prevelant, +and quickly. + +What's the matter with Chromium? + * Chromium manipulates its extension API to prevent extensions from blocking +ads. They claim this is to prevent performance problems, which is a lie because +Mozilla already solved those performance problems in production via a tiny +tweak to the extension API that didn't impact ad blocking. Someone makes money +when browsers cripple ad blocking, and it's not you the user. +**Chromium is an antitrust violator and this harms the user's interests.** + + * Chromium does everything in their power to prevent users from escaping the +certificate authority system for TLS. Whether it's DNSSEC/DANE/TLSA, +perspective verification, HPKP, manual key pinning, OS-level key pinning, +or Namecoin, you can be pretty sure that if a mechanism exists to verify +TLS certificates without fully trusting public CA's, the Chromium devs have +tried to kill it. +**Chromium is hostile to users' security.** + -- cgit v1.2.3