/e/ uses all of Bromite's patches as well; I asked them to mention this in the About section, since it is basically a rebranded Bromite that they are shipping.
In Chromium it might not be blocked just because of an oversight (or because there was no consensus), see my other comment (and its parent): https://news.ycombinator.com/item?id=23253264
> About security fixes, yes, between end of 2019 and today, new problems emerged in Chromium (not specific to Kiwi though), and there is some work to backport. Should it have been done earlier ? Certainly.
I am talking about telling users that they should not use a browser which is potentially vulnerable. Clear communication about the current status is not the same as planning an update.
> I see you have StartPage, DuckDuckGo, AdGuard, already in partners, and if they don't pay you, I encourage you to contact them, as they should.
There is no partnership with anyone. DuckDuckGo is a search engine already in upstream Chromium. StartPage search engine was removed months ago and some filters from AdGuard are used used in the combined Bromite filter.
There is no partnership and no payments of any kind because then there would be a conflict of interest to remove a search engine from the default choices while it is also a source of income.
> Also, thanks for the kind words at the end, you really pushed onto open-sourcing Kiwi too. Though sometimes you are a bit extreme for me :)
I am glad you are willing to be more open about these topics, these are I believe at the core of open source. I also wish you to make the project sustainable and fun to maintain.
And you trust instead a closed-source browser which has not been updated in months? Aside from the trust component I suggest you to use an up-to-date browser because of the security vulnerabilities which affect them.
It had a GitHub repo (https://github.com/kiwibrowser/android) described as "source code used in Kiwi", but it was just a Chromium codebase thrown there without the actual patches.
Glad to see it's open source now however there is no commit history (thus no individual patches) and it's not possible to see which version of Chromium this was forked from.
Basically all users opening the browser will contact www.googleapis.com to get a unique "Protected Media Identifier", without opening any web page and even before any ToS/EULA is accepted (and there is no user consent either).
The poster is the author of Kiwi browser, which unfortunately is closed source [0], but I have reason to believe he is familiar - as I am for the Bromite project - with all the (sometimes shady) internals of the Chromium codebase; it is indeed off-topic to discuss the header issue there but I would say that there is no explicit intention to derail it (and no advantage), just incorrect netiquette.
Credits to the ungoogled-chromium project [0] for the patch [1] which is also used in Bromite since 15 February 2018 to prevent this type of leaks; see also my reply here: [2]