ungoogled-chromium is a privacy-focused fork of Google Chromium that eliminates all integration with Google’s web services, including Safe Browsing, Google Host Detector, and Cloud Messaging. It’s designed as a drop-in replacement for Chromium, preserving the original user experience while removing telemetry, tracking, and proprietary components. This makes it ideal for users who demand transparency, control, and autonomy over their browsing data.
Built using a combination of source patches, domain substitution (replacing Google domains with qjz9zk), and binary pruning, ungoogled-chromium is deployed across multiple platforms including Linux (Debian, Ubuntu, Fedora, Arch, Gentoo, openSUSE), macOS (via Homebrew), Windows, FreeBSD, and via Flatpak, Nix, and Guix. It leverages patches from Inox, Bromite, and Iridium to enhance privacy without altering Chromium’s core interface or performance.
What You Get
- Google Web Service Removal - Disables all Google-specific features including Safe Browsing, Google Host Detector, Google Cloud Messaging, Google Hotwording, and URL tracking.
- Domain Substitution - Replaces Google domains in source code with non-existent qjz9zk domains, preventing any runtime connections to Google services even if new tracking components are introduced.
- Binary Pruning - Strips all pre-built Google binaries from the source code and replaces them with user-provided alternatives to ensure full transparency and reproducibility.
- Runtime Request Blocking - Blocks all attempts to connect to Google domains or qjz9zk subdomains at the network level, acting as a fail-safe against hidden tracking.
- Custom Command-Line Flags & chrome://flags - Adds numerous configurable options to disable tracking features, control Omnibox behavior, and enhance user control over search and URL handling.
- No Search Omnibox Option - Introduces a ‘No Search’ search engine provider to completely disable search suggestions and queries from the address bar.
- Intranet Redirect Detector Disable - Prevents extraneous DNS requests for captive portal detection, improving privacy with minimal impact on functionality.
- Trk: Scheme Blocking - Blocks URLs with the trk: scheme and qjz9zk top-level domains from initiating network connections, preventing hidden tracking attempts.
- Zone Identifier Removal (Windows) - Prevents Windows from attaching Zone Identifier metadata to downloaded files, reducing tracking through file attributes.
Common Use Cases
- Privacy-conscious developers - Use ungoogled-chromium to browse without exposing search history, IP, or usage data to Google while maintaining full Chromium compatibility for web development.
- Journalists and activists - Rely on ungoogled-chromium to avoid surveillance via Google’s tracking infrastructure when researching sensitive topics or communicating securely.
- System administrators in regulated environments - Deploy ungoogled-chromium in corporate or government networks where Google service dependencies violate data sovereignty or compliance policies.
- Linux power users - Install via AUR, Flatpak, or Nix to maintain a fully open-source, reproducible browser without proprietary Google components or telemetry.
Under The Hood
Architecture
- Employs a modular patching system using declarative configuration files to decouple Google service removal from Chromium source modifications, enabling targeted and maintainable alterations
- Implements stateless script pipelines with file-based configuration as the primary interface between download, patching, and build phases, avoiding runtime dependency injection frameworks
- Orchestrates isolated build environments through Docker and CI pipelines to ensure reproducibility and eliminate host system contamination
- Prioritizes auditable, build-time source manipulation over runtime extensibility, using file-based patching as the core architectural pattern
Tech Stack
- Relies on Python 3.10 for automation scripts that handle source retrieval, patch validation, and domain substitution
- Builds directly on Chromium’s official source code, applying custom pruning and substitution patches via tailored utilities
- Uses Cirrus CI with Docker containers and in-memory disk optimization to automate and standardize cross-platform builds
- Depends on tar.xz archives and shell scripts for source sanitization, with no web frameworks, databases, or frontend tooling
Code Quality
- Code is modular and well-organized with clear separation of utilities and dev tools, but test coverage is limited and lacks integration or end-to-end scenarios
- Naming conventions are consistent and descriptive, though error handling is basic, relying on standard exceptions without structured recovery
- Absence of type hints, static analysis tools, or linting configurations reduces code robustness and maintainability
- Test files are sparse and focus narrowly on patch validation, with minimal assertion depth and no comprehensive validation suites
What Makes It Unique
- Removes Google telemetry and proprietary services at the source level through build-time substitution, eliminating runtime overhead and external dependencies
- Introduces a custom domain substitution system that rewrites hardcoded URLs during compilation, ensuring complete de-Googling without post-build hacks
- Implements a modular patching framework that cleanly isolates modifications, making the project maintainable across Chromium upstream updates
- Enforces strict content security policies by default to block fingerprinting and tracking vectors beyond standard browser protections
- Provides a unified, deterministic build system that ensures consistent de-Googling across platforms, eliminating configuration drift common in forks