<imgtitle="Bromite - take back your browser!"src="https://www.bromite.org/android-icon-192x192.png"width="96"alt="Bromite"/>
<ahref="https://www.cromite.org">
<imgtitle="Cromite - take back your browser!"src="https://www.cromite.org/app_icon.png"width="96"alt="Bromite"/>
</a>
Bromite is a [Chromium](https://www.chromium.org/Home) fork with support for ad blocking and enhanced privacy.
Bromite is only available for Android Marshmallow (v6.0, API level 23) and above.
Cromite is a [Chromium](https://www.chromium.org/Home) fork based on [Bromite](https://github.com/bromite/bromite) with built-in support for ad blocking and an eye for privacy.
<imgsrc="https://fdroid.bromite.org/fdroid/bromite_bromite_gh_downloads.svg"alt="Downloads on Github"title="Downloads on Github"/>
Cromite is available for Android Marshmallow and above (v6.0, API level 23) and Windows.
For the Frequently Asked Questions see [F.A.Q.](./FAQ.md).
@@ -20,22 +20,17 @@ For documentation see the [wiki](https://github.com/bromite/bromite/wiki).
# Goals
Bromite aims at providing a no-clutter browsing experience without privacy-invasive features and with the addition of a fast ad-blocking engine.
Minimal UI changes are applied to help curbing the idea of "browser as an advertisement platform".
# Donate
Please donate to support development of Bromite and the costs for the build system.
Cromite's goal is to
- limit the features built into the browser that can be used as a platform for tracking users' habits, and, if it is not technically possible, disable them and leave it up to the user to choose whether to re-enable them
- limit the close integration between the browser and its manufacturer
- not let the excellent research work done by csagan5 with Bromite be lost
[→ Support development with a donation](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JP3XTQPVRNET2): [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JP3XTQPVRNET2)
ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
In addition, Cromite would like to promote greater integration with other non-profit, open source browsers, encouraging closer collaboration with others, and attempt to integrate them directly into Chromium once they have reached an appropriate level of maturity.
# Features
* customizable adblock filters via user-provided URL (see https://www.bromite.org/custom-filters)
#### Derived from Bromite
* customizable adblock filters via user-provided URL (see https://www.bromite.org/custom-filters) (deprecated, replaced by adblock plus)
* automatically updated adblock filters
* remove click-tracking and AMP from search results
* DNS-over-HTTPS support with any valid IETF DoH endpoint
@@ -44,20 +39,18 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
* disable smart search by default, allow web search from incognito mode
* always-visible cookies, javascript and ads site settings from address bar popup
* remove Play integration binary blobs
* use [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) on all architectures except x86
* use [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) on all architectures except x86 and Windows
* enable trivial auto var init
* disable media router and remoting by default
* disable dynamic module loading
* show warnings for TLSv1.0/TLSv1.1 pages
* enable site-per-process isolation for all devices with memory > 1GB
* completely remove safe browsing and other privacy-unfriendly features
*[proxy configuration page](https://github.com/bromite/bromite/wiki/ProxyConfiguration) with PAC and custom proxy lists support
* settings to disable custom intents and clear session on exit
* flags to toggle anti-fingerprinting mitigations for canvas, audio, client rects, webGL and sensor APIs (see full list below for all the new flags)
* use frozen User-Agent to conceal real model and browser version
* privacy enhancement patches from [Iridium](https://iridiumbrowser.de/), [Inox patchset](https://github.com/gcarq/inox-patchset), [Brave](https://brave.com/) and [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium) projects
* security enhancement patches from [GrapheneOS](https://github.com/GrapheneOS) project
* disable scroll-to-text-fragment
* reduced referer granularity
* block gateway attacks via websockets (partial fix, see [this upstream issue](https://bugs.chromium.org/p/chromium/issues/detail?id=590714))
* use 64-bit ABI for webview processes
@@ -85,10 +78,73 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
* disable idle detection
* HTTPS-only mode enabled by default
* disable TLS resumption by default
* partition DoH requests by top-frame NIK
* strict site isolation and strict origin isolation
* partition blobs by top frame URL
#### Cromite-specific features
* Built-in Adblock Plus [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Eyeo-Adblock-Remove-Privacy-Issues.patch)(issue[84](https://github.com/uazo/bromite-buildtools/issues/84))
* policy browser patch for the use of enterprise policy [patch](https://github.com/uazo/bromite/blob/master/build/patches/00add-browser-policy.patch)(issue[191](https://github.com/uazo/bromite-buildtools/issues/191))
- deactivate safe browsing and extended reporting
- disabled scroll-to-text-fragment
- disabled contextual search
- disabled media router
- disabled url keyed anonymized data collection
- disabled translate
- disabled network prediction
- disabled sign-in
- disabled google search side panel
- disabled automatic https upgrades
* internal firewall to block all unauthorised calls made from the browser [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Internal-firewall.patch)(issue[147](https://github.com/uazo/bromite-buildtools/issues/147))
* show warnings on downloads over HTTP [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Show-warnings-on-downloads-over-HTTP.patch)
* remove support for device memory and cpu recovery [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-support-for-device-memory-and-cpu-recovery.patch)
* disable speechSynthesis getVoices API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-speechSynthesis-getVoices-API.patch)
* disable GamePad API [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Add-a-flag-to-disable-GamePad-API.patch)
* remove external https connection from chrome://discards [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-https-connection-from-chrome-discards.patch)
* links the use of screen.isExtended to WINDOW_MANAGEMENT permission granted by user [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Multi-Screen-Window-Placement-API-fix.patch)
* clear CORS Preflight Cache on clearing data [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Clear-CORS-Preflight-Cache-on-clearing-data.patch)
* remove auth header upon cross origin redirect [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-auth-header-upon-cross-origin-redirect.patch)
* disable SHA1 Server Signature [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-SHA1-Server-Signature.patch)
* remove detection of captive portals [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Remove-detection-of-captive-portals.patch)
* disable devtools remote and custom protocols [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Disable-devtools-remote-and-custom-protocols.patch)
* enable Document Open Inheritance Removal [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Enable-Document-Open-Inheritance-Removal.patch)
* warning message for unsupported hardware aes [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Warning-message-for-unsupported-hardware-aes.patch)
* partition HSTS cache by NAK [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Partition-HSTS-cache-by-NAK.patch)
* partitioning all cookies by top frame domain [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Partitioning-all-cookies-by-top-frame-domain.patch)
* fingerprint mitigation for AudioBuffer and AnalyserNode [patch](https://github.com/uazo/bromite/blob/master/build/patches/AudioBuffer-AnalyserNode-fp-mitigations.patch)
#### Windows Cromite-specific features
* enable Network Service Sandbox by default
* disable sharing hub
* disable search for image
* simpler logging to file
* disable TabHoverCard images
* enable File System Access blocklist
* enable HighEfficiencyMode by default
* disable annotates on downloads
* enabled pdf plugin by default
## Features not related to privacy
#### Derived da Bromite
* browser automatic updates, enabled by default
* native Android autofill support
* import/export bookmarks
@@ -118,7 +174,11 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
* allow moving navigation bar to bottom
* add option to use home page as NTP
You can inspect all functionality/privacy changes by reading the [patches](https://github.com/bromite/bromite/tree/master/build/patches) and/or the [CHANGELOG](./CHANGELOG.md).
#### Cromite-specific features
* add setting in android to invert tap and long tap [patch](https://github.com/uazo/bromite/blob/master/build/patches/00Add-setting-to-invert-tap-and-long-tap.patch)
(TODO) You can inspect all functionality/privacy changes by reading the [patches](https://github.com/bromite/bromite/tree/master/build/patches) and/or the [CHANGELOG](./CHANGELOG.md).
### Flags
@@ -162,25 +222,25 @@ New flags:
* timezone customization override
* autoplay, disabled by default
* webRTC, disabled by default
* viewport protection, enabled by default
# Privacy limitations
Bromite's privacy features, including anti-fingerprinting mitigations (which are not comprehensive), **are not to be considered useful for journalists and people living in countries with freedom limitations**, please look at [Tor Browser](https://www.torproject.org/download/) in such cases.
Cromite's privacy features, including anti-fingerprinting mitigations (which are not comprehensive), **are not to be considered useful for journalists and people living in countries with freedom limitations**, please look at [Tor Browser](https://www.torproject.org/download/) in such cases.
Please note that this project is not free of bugs and that changing the behaviour of a browser can be risky and not without problems.
# Releases
# (TODO) Releases
All built versions are available as [releases](https://github.com/bromite/bromite/releases); the [official website](https://www.bromite.org/) points to those releases and - when browsing via Android - it will automatically highlight the one apt for your device (or none otherwise).
Each tag corresponds to a Chromium Stable release tag.
Bromite is currently built for ARM, ARM64 and x86 and for the Android SDK version 23+; [Bromite SystemWebView](https://www.bromite.org/system_web_view) is provided as well (SDK23+).
For every Bromite build you can always find a matching [vanilla Chromium](https://www.bromite.org/chromium) build which is used for example to verify which issues are specific to Bromite or not.
Bromite is currently built for ARM64, x86 (Android SDK version 23+) and Windows.
You will automatically receive notifications about new updates (and be able to install them) via the auto updater functionality (enabled by default), see [related wiki page](https://github.com/bromite/bromite/wiki/AutomaticUpdates).
All official releases are also available through the [official third-party F-Droid repository](https://www.bromite.org/fdroid).
## Integrity and authenticity
## (TODO) Integrity and authenticity
You can verify the integrity of a downloaded APK file from this project with any `sha256sum`-compatible tool by downloading the corresponding `brm_X.Y.Z.sha256.txt` or `chr_X.Y.Z.sha256.txt` file, where X.Y.Z is the release version number. Example:
```
@@ -200,7 +260,7 @@ gpg: Good signature from "csagan5 <32685696+csagan5@users.noreply.github.com>"
You can download csagan5's public GnuPG key from here: [csagan5.asc](./csagan5.asc).
# How to build
# (TODO) How to build
The [Bromite main repository](https://github.com/bromite/bromite) contains tags for each corresponding Chromium release (see https://chromium.googlesource.com/chromium/src.git).
@@ -210,13 +270,7 @@ The Chromium version tag used as base for the patches is available here: [RELEAS
The GN args used to build Bromite are available here: [bromite.gn_args](./build/bromite.gn_args).
The patches are to be applied second the order specified in the `bromite_patches_list.txt` file (you can use `git am`).
## How to build the filters
See upstream documentation: https://github.com/chromium/chromium/blob/master/components/subresource_filter/FILTER_LIST_GENERATION.md
Bromite uses an unindexed filter file, which is periodically published at https://github.com/bromite/filters
# Contributing
# (TODO) Contributing
Please submit issues following the issue template; beware that GitHub does not display the templates from mobile.
@@ -227,23 +281,15 @@ For any usage or development discussion please use GitHub Discussions: https://g
# Credits
*[Chromium project](https://www.chromium.org/Home) and developers
*[Bromite](https://github.com/bromite/bromite)
*[Iridium project](https://github.com/iridium-browser) for some patches
*[ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium) for some patches
*[ungoogled-chromium-android](https://github.com/ungoogled-software/ungoogled-chromium-android) for some patches
*[GrapheneOS](https://github.com/GrapheneOS) for some security patches
*[Inox patchset](https://github.com/gcarq/inox-patchset) for some patches (via ungoogled-chromium)
*[Brave Browser](https://github.com/brave/brave-core) for some patches
*[Vadim Pleshkov](http://vadimpleshkov.me/) for Bromite's logo
# Filters credits
*[EasyList](https://easylist.to/#easylist)
*[EasyPrivacy](https://easylist.to/#easyprivacy)
*[uBlock Origin](https://github.com/uBlockOrigin)
*[Peter Lowe's Ad and tracking server list](https://pgl.yoyo.org/adservers/)
The URLs of the lists used are available at: https://github.com/bromite/filters/blob/master/lists.txt
# License
# (TODO) License
The patches published as part of the Bromite project are released under [GNU GPL v3](./LICENSE).
