Niki Tonsky2d ago
I kinda like the idea of Helium (no nonsense chromium-based browser) but why do they need to connect to some “services” to make basic functionality work? What is this all-or-nothing ultimatum? Looks sketchy AF
Show threaddmd2d ago

@nikitonsky My read on this is that they are asking for permission for things that most other products just do invisibly in the background, without asking. The fact that it's even possible to use Helium without it connecting to any servers ever (!) other than what you type in the address bar makes it different than other web browsers.

For example, how would they do software updates without connecting to a server?

Show threaddmd
@nikitonsky I appreciate this because I struggle with the same kind of things with my app. I deliberately and noisily surface privacy choices for things that users didn’t even know other apps were doing. Because I feel they need to have a choice, and the others don’t give them that choice. But it requires the user to think about things they never thought about before. So it’s a delicate balance.
Mar 19 at 3:28pmIvory for Mac
Show threadNiki Tonsky2d ago
@dmd software update is not what I am worried about. I am worried that they want to see and authorize every extension I install and also don’t let me use !bangs without consenting to constant updates
Show threaddmd2d ago
@nikitonsky The dilemma is between connecting to Helium servers for extension downloads, or connecting directly to Google servers for the same. I believe the argument they are trying to make is that Helium is inherently more trustworthy than Google, so they don't offer the latter. It's fair to be skeptical of this claim. They don't explain or justify it, and they should probably offer a three-way option, rather than Helium or nothing.
Show threaddmd2d ago
@nikitonsky My read of this screen is that the top toggle is merely a shortcut for batch toggling all the options below it - that it doesn't do anything on its own. But I could be reading it wrong. The ambiguity could likely be resolved with a different design.
Show threadNiki Tonsky2d ago
@dmd That makes no sense. They proxy the request but end up downloading from Google anyway. So now you have to trust them AND google. Which is, just mathematically, less truthworthy
Show threaddmd2d ago

@nikitonsky In terms of trusting the extension contents, correct that you are now required to trust two entities instead of one. The difference is that Google (presumably) does not know anything about who is downloading the extensions; it seems to me that this is the problem they were trying to solve.

I'm not sure exactly what your concern is, though. The browser maker might tamper with an extension? They made the entire browser, which you're already running. They could do anything.