# SilverBrowser

**Status**: v1 (Linux MVP) — planning

A de-Googled, telemetry-free, fingerprint-resistant browser. Ships as the default on every SilverMetal platform.

## v1 approach

Rebrand of **ungoogled-chromium** with our defaults baked in:
- All Google-services calls stripped (already done by ungoogled-chromium upstream)
- Update channel pointed at our infrastructure
- DNS-over-HTTPS to our resolver default
- WebRTC IP leak prevention enabled
- Strict referrer policy
- Aggressive third-party cookie + tracker blocking via uBlock Origin preinstalled and pinned
- Search engine: privacy-respecting default (DuckDuckGo / Brave Search), Google removed
- No telemetry, no auto-update phone-home, no field trials
- New-tab page = blank or SilverLABS-branded local page (no remote fetch)

## v2 direction (post-MVP)

Evaluate forking Mullvad Browser instead, or maintaining our own Firefox / Gecko fork. Decision criteria:
- Maintenance burden vs. feature gap
- Anti-fingerprinting rigour (Mullvad/Tor leads here)
- Compatibility with mainstream sites users need

## What this is **not**

- Not a Tor browser — that's a separate use case
- Not a "dark web browser" — that framing is wrong; this is a daily-driver browser with privacy defaults
- Not a Brave fork — Brave's BAT/Rewards model is incompatible with our principles

## Per-platform builds

- **Linux**: `.deb` + Flatpak
- **Android**: APK based on Bromite-successor patches (Cromite or similar)
- **Windows**: MSI, signed
- **macOS**: notarised `.pkg`
- **iOS**: webkit-shell with our defaults — Apple does not permit non-WebKit engines on iOS today

## Repository

Build configs and patch sets land here. Upstream is tracked as a submodule or pinned tarball.