The story of Iron

December 30, 2009

Update from 2013: this post was written in 2009. While the statements it made about Chrome were true then, Chrome today is a much different project.

Iron claims to be a "privacy-oriented" fork of Chrome, which removes a bunch of pieces that the Iron author claims are privacy invasive. In the abstract this is a thing I'd support — nothing like some publicity to put pressure on the project to be more careful about user privacy — but when you look at the details it kinda falls down.

Right when we first came out our IRC channel was flooded with hundreds of curious people, and for posterity's sake I logged it. (It's now logged by a third party.) It turns out the log of September 19, 2008 is interesting to look back on. That link is to the unmodified file that my IRC client produced, but since you're unlikely to want to read through it all (search for "Iron" if you'd like), I'll summarize the interesting bits.

(For context, I am "evmar" in that log, and the usernames with a + before their names are Chrome developers.)

  1. Someone with the nick of "Iron" joins the channel and announces they're making a fork of Chrome.

  2. They ask some semi-legal questions about how to advertise it, which we can't answer.

  3. They ask some technical questions, like how to change the name of the browser that shows up in the executable, which kuchhal nicely helps them with.

  4. Then there's this exchange (reformatted to remove timestamps and add line wrapping):

    <Kmos> Iron: why not contribute to it, instead of forking ?
    <Iron> because i removed all privacy-related code
    <Iron> e.g. RLZ
    <Iron> and URL tracking every 5 seconds after start
    <Iron> the original chrome  is heavily communitating to google...i
           hate that
    <jamessan> all of those are supposed to have options to disable them,
    <Iron> yes but they haven't options yet
    <Iron> and nobody knows when the next beta is released
    <jamessan> so work on getting the options added so they'll be there
               for the next release
    <mgreenblatt> Iron.. why not propose a patch based on preprocessor
                  defines that disables the sections you dislike without
                  forking the code?
    <mgreenblatt> (assuming such a thing doesn't already exist)
    <Iron> because a fork will bring a lot of publicity to my person and
           my homepage
    <Iron> that means: a lot of money too ;)
    <Kmos> rotflol
    <Iron> what means rotful?
    <mgreenblatt> Iron.. you're a large corporation that can dedicate the
                  time to support a fork of something as complicated as
    <Kmos> Iron: google about it
    <Iron> yes there is enough time to support it
    <jamessan> heh, you're expecting to make lots of money from making a
               fork of chromium? that's quite amusing
    <Iron> i dont take money for my fork
    <Iron> but i have adsense on my page ;)
    <Iron> a lot of visitor -> a lot of clicka > a lot of money ;)
    <Kmos> and do you think google should support your fork
    <Kmos> lol
    <mgreenblatt> Iron.. it's always good to have dreams ;-)
    <Iron> we are here in germany
    <Iron> the press will love my fork
    <Iron> i talked to much journalists already
    <DrPizza> Why are you forking?
    <DrPizza> to do what?
    <Iron> to remove all things in source talking to google ;)
    <jamessan> to get fame and fortune
    <Iron> nobody here trusts google
    <Iron> the german people say: google is very evil
    <jamessan> yet you use google's adsense
  5. Then follows a bunch of "Google is evil" conversation which you've heard before. (And a rather strongly-worded flame from DannyB about the above, which I'll skip for brevity.) This sort of non-technical discussion is frowned upon in our development channel, so he's then more or less told to go away (surprisingly politely, in retrospect).

(Now, it's possible (but highly unlikely) this isn't the eventual author of Iron, but in some sense that's irrelevant to the two meta-points: (1) if you don't trust Google to not do something sneaky, you probably shouldn't be running software made by Google, and (2) why would you trust code from some random third party more?)

Furthermore, the "URL tracking" mentioned both on IRC and on the Iron website refers to the GoogleURLTracker class. This unforutnately-named class figures out whether to use or for searches from the URL bar, and does not in any way do any sort of spyware URL monitoring. This is obvious to anyone who can read code, and should be obvious to anyone technical enough to produce a product like Iron. At this point I can't believe they're doing anything other than being intentionally misleading.

The header plainly says as much, and also:

// To protect users' privacy and reduce server load, no updates
// will be performed (ever) unless at least one consumer registers
// interest by calling RequestServerCheck().

Which, you can easily verify, is only ever called if you're using Google as your default search engine, which Chrome doesn't even use by default (Chrome asks you what search engine to use the first time you install).

This serves as a good example of the sort or significant effort we've put in to make Chrome be privacy-conscious and Google-independent. Half of the bullet points on the Iron "feature" page are options that can be turned off in a clearly-marked "Privacy" section of the Chrome options, and the other half are misunderstandings like this one.

(Edit: I am biased here towards Linux Chrome; Windows Chrome does not make it obvious how to remove the updater nor RLZ. I will hopefully find time to post about those some other time.)

So where does that leave users? I think there is a space for a privacy-conscious browser: a "portable" one that starts in Incognito mode, that integrates Tor or some other proxying system, one that defaults some features that trade privacy for convenience off — but I am highly skeptical the Iron developer is the person able to produce such a thing. In fact, I think that browser could be Chrome, if someone would contribute patches for it (there's an incognito-at-startup flag already, I believe) instead of needlessly forking for shady reasons.

(Edit: It is negligent for me not to point out the reportedly excellent Torbutton extension for Firefox, which is probably your current best bet in this space.)