> None of the proprietary browsers will track you.
Can you elaborate a bit on this, how do you know they won't? My default assumption is that anything I can't see the source code of and compile myself is compromised.
Sociologically: there is a surprisingly large contingent of people who believe that if a company makes a claim, it's the God's honest Truth. The OP may not necessarily fall into this camp.
Technically: if the browsers were somehow phoning home, even if the data were highly fuzzed, I'm sure there would be guys like tpatcek who would manage to detail, if not the content of the tracking, at least the amount of data sent and the targets. I don't recall there being such a scandal in recent memory.
It is possible to send data along with other data so that it's reaaally hard to find. Also, they don't need to send data all the time, but rather activate this mode on request, say when a person using this browser is a suspect for some reason and govt needs to track his every move on the internet. This would make detecting of such a functionality virtually impossible, because it'd be turned off most of the time for most people.
It is possible. However, considering that it would only take one person being exceptionally curious with IDA, one employee to blow the whistle (the source is still "open" to a fairly large number of people, and a backdoor is far harder to hide than passive collection of existing data), or one slipup to cause a massive amount of PR damage, and this has never occurred, nor does the Snowden leak suggest this is happening, I personally consider this claim extremely improbable. YMMV.
I wonder if anyone tried frequency-modulating the data stream they send home, i.e. encode the sensitive data as changes in frequency of sending packets. Now try to Wireshark that one.
> Although proprietary software may be easier for a government to compel to be modified to add tracking, it still runs the risk of being noticed in most reasonable cases, and there is in fact no evidence that any Western government is doing any such thing. It does increase the chance that you are being tracked due to incompetence, but I don't think this is particularly likely for such well-known software.
Do you inspect every single line of code? Or at least grep the file list to see if you find a suspicious looking name? Don't think so. Your default assumption should thus be 'everything is compromised' since you did not verify it :]
Unless they frequency-modulate the packets they send home to transmit additional data and you'd probably never figure it out looking at Wireshark output that they are sending more than meets the eye. This is a simple trick; there are probably many other I can't even think of.
I've never heard the term "frequency-modulate" applied to software, and Wikipedia only knows about the radio kind of modulation. Can you please explain what this is?
This is an interesting idea. I assume by "frequency modulation" of data, he means adjusting the timing of the transmissions to create an out-of-band channel that might be more difficult to notice when packet sniffing. As a crude example, if I uploaded War and Peace to you, not as a steady stream of traffic, but as bursts of dots and dashes, I could send "The Magic Words are Squeamish Ossifrage" in Morse code. (Although in the context of apps phoning phone, I'm not sure what the advantage is over simply encrypting the stream...)
Can you elaborate a bit on this, how do you know they won't? My default assumption is that anything I can't see the source code of and compile myself is compromised.