SRWare Iron Logo

SRWare Iron

SRWare Iron is a free web browser, and an implementation of Chromium by SRWare of Germany.

Spyware Level: EXTREMELY HIGH

SRWare Iron claims to be a privacy respecting web browser that is an alternative to Google Chrome's spyware, and specifically brands itself as a privacy respecting web browser that aims to give users the Chrome experience without Google's spyware. However, when examining this program, these claims instantly melt away. SRWare Iron connects to an absolutely incredible amount of trackers and opens connections to an enormous amount of servers on its first run. It racks up a rough estimate of ~400-500 unsolicited connections, and it actually took several minutes for it to stop making new requests and connections. SRWare Iron uses the spyware search engine Bing as its default search engine, however it goes beyond that and routes your requests to Bing through its own servers so that it can spy on your internet searches as well. The bottom line is that this browser is just another false privacy initiative and is really no better than Chrome.

Version 69.0.3600.0 of SRWare Iron was tested on Windows 7 64-bit. MITMproxy, Microsoft Network Monitor 3.4, and Sysinternals ProcMon were used to monitor the behavior of this program.

False Privacy Initiative

SRWare Iron claims on its website that it is:

"Chrome thrilled with an extremely fast site rendering, a sleek design and innovative features. But it also gets critic from data protection specialists, for reasons such as creating a unique user ID or the submission of entries to Google to generate suggestions. SRWare Iron is a real alternative. The browser is based on the Chromium-source and offers the same features as Chrome, but without the critical points that the privacy concern." [1]

The reality is that you are merely trading in one spyware product for another. Where Chrome's spyware has been removed, Iron's spyware is there to replace it. Which poison are you going to pick? The worst part is that people will read what is claimed on SRWare's website and believe it without doing any tests for themselves. Like this article [web.archive.org] that just copies the comparison-list from Iron's website without any real investigation before declaring it a privacy alternative to Chrome. The most audacious thing about it is this incredible quote on the FAQ section for the Iron browser:

"Can i really check that Iron doesn't submit any private data, how you say? Yes, you can. There are tools like Wireshark, which scan the whole network-traffic. We could not recognize any obvious activity. But you can proof this by yourself." [2]

Which is just an amazing gem in the context of what is actually found when running tests on the software.

Massive amount of connections on first startup

When you first start SRWare Iron, it will immediately open the following two pages: https://iron.start.me/us and https://www.srware.net/en/software_srware_iron.php. The most offensive page is the start.me domain which begins loading in an enormous amount of spyware from all over the internet. I did not count the specific amount of requests but it was somewhere in the 400-500 range (my software doesn't provide a great amount of automation... or maybe i'm not using it as well as I could). This image (at 1.06 MB- almost 1/4 of the size of the entire site as of writing!) should give you an idea of the amount of requests I was swamped by. It took a while for it to die down. On subsequent runs the amount of requests it sent was far less. It connected to spyware platforms like Google Analytics and Piwik, and executed their JavaScript payloads. There were a lot of redundant connections to Google Analytics so it's probable that multiple companies are able to send their own analytics payloads through this homescreen. Thus thoroughly fingerprinting and profiling your web browser and computer the moment you begin browsing the internet with your new "privacy respecting" browser — so that all of these advertising companies can track you everywhere you go!

When checking the browser's connections in Network Monitor 3.4, you could see that it connected to a huge amount of servers, even though only two domains were ever contacted. This screenshot doesn't capture all of the IP addresses that it connected, but should give you an idea.

And just so that there is no ambiguity, this notice is shown when you load this homepage:

"We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information you’ve provided to them or they’ve collected from your use of their services."

Just so that there is no doubt- you are being served tracking cookies by advertising companies.

Redirecting of internet searches through developer's domain

After you've finished identifying your web browser to just about every single spyware company on the internet, you can begin making internet searches with your new SRWare Iron browser. The default search engine is the spyware search engine Bing. However, it's not enough to just point you at a spyware search engine... when you try and actually run a search on Bing, this is what happens:

SRWare Iron redirecting through its own servers

Basically, every time you make a search with this browser, your searches are sent through the developer's servers. So, the developer can know exactly what your internet history is, in this way. Your searches are also being sent through wisesearches.com, but I don't know who they are. So now instead of giving up your search history to one spyware company, Google, you can give it to three spyware companies, by switching to this browser. This is a very similar tactic to the one that the spyware browser Slimjet uses, where it routes searches to Bing through its own domains.

Motivations of the SRWare Iron developer?

If you dig deeper into how SRWare Iron was created, you can find some interesting information from some of the developers of Chrome about the motivations behind the creation of this fork. More specifically this very interesting conversation:[3]

<Kmos> Iron: why not contribute to it, instead of forking ? <Iron> because i removed all privacy-related code <Iron> e.g. RLZ <Iron> and URL tracking every 5 seconds after start <Iron> the original chrome is heavily communitating to google...i hate that <jamessan> all of those are supposed to have options to disable them, iirc <Iron> yes but they haven't options yet <Iron> and nobody knows when the next beta is released <jamessan> so work on getting the options added so they'll be there for the next release <mgreenblatt> Iron.. why not propose a patch based on preprocessor defines that disables the sections you dislike without forking the code? <mgreenblatt> (assuming such a thing doesn't already exist) <Iron> because a fork will bring a lot of publicity to my person and my homepage <Iron> that means: a lot of money too ;) <Kmos> rotflol <Iron> what means rotful? <mgreenblatt> Iron.. you're a large corporation that can dedicate the time to support a fork of something as complicated as chromium? <Kmos> Iron: google about it <Iron> yes there is enough time to support it <jamessan> heh, you're expecting to make lots of money from making a fork of chromium? that's quite amusing <Iron> i don't take money for my fork <Iron> but i have adsense on my page ;) <Iron> a lot of visitor -> a lot of clicka > a lot of money ;) <Kmos> and do you think google should support your fork <Kmos> lol <mgreenblatt> Iron.. it's always good to have dreams ;-) <Iron> we are here in germany <Iron> the press will love my fork <Iron> i talked to much journalists already <DrPizza> Why are you forking? <DrPizza> to do what? <Iron> to remove all things in source talking to google ;) <jamessan> to get fame and fortune <Iron> nobody here trusts google <Iron> the german people say: google is very evil <jamessan> yet you use google's adsense

So, this could explain a lot... the motivation for this web browser to exist was to monetize privacy concerns by generating traffic to his website, where he could make money by serving spyware to the very users that wanted to escape from it. Then his fork gets loaded up with all sorts of spyware from all sorts of other companies... which he probably makes some amount of money from as well. (why else would he take the time to integrate these things into his browser? We can only speculate.) At the end of the day it's pretty clear that this browser is a huge scam and you shouldn't use it.