the full receipts

58 patches.
All readable.

This is the whole diff between Chromium and Surferse, grouped by what each cut kills. Nothing else changes — which is exactly the point: a patch set small enough to re-audit on every rebase.

Telemetry & phone-homes

14 patches

Everything that reports on you, deleted at the source. Not a settings page — a smaller binary.

001-disable-safe-browsing-pings.patchSafe Browsing lookups and CSD pings never leave the machine+18 −412
002-remove-uma-metrics-uploader.patchUMA histogram uploader deleted, not just switched off+9 −1204
003-remove-ukm-service.patchURL-keyed metrics collection removed entirely+6 −868
004-remove-crash-uploader.patchCrashpad keeps local dumps; the Google upload path is gone+22 −340
005-disable-field-trials.patchNo variations seed fetch — every experiment flag is local and yours+14 −96
006-remove-variations-service.patchThe variations service itself, compiled out+4 −522
007-remove-network-time-probe.patchNo clock checks against Google time servers+7 −58
008-remove-domain-reliability.patchThe domain-reliability beacon (it uploads to Google) removed+3 −214
009-local-omnibox-suggest.patchAddress-bar suggestions come from your history only — no remote suggest+41 −187
010-remove-preconnect-to-google.patchStartup no longer warms connections to Google properties+2 −49
011-local-spellcheck-only.patchWeb spellcheck service gone; dictionaries live on disk+11 −203
012-remove-translate-ranker-ping.patchTranslate model telemetry removed along with the feature+2 −77
013-remove-rlz-tracking.patchRLZ promotional tracking library compiled out+5 −331
014-remove-promo-doodle-fetch.patchNew Tab promo and doodle fetchers removed+3 −158

Google services

12 patches

Product hooks that assume a Google backend. Where a feature earns its keep, it gets a local implementation; where it doesn't, it gets a clean deletion.

015-remove-translate-offer.patchThe "translate this page?" service and its UI, dropped+8 −644
016-remove-gcm-invalidations.patchGoogle Cloud Messaging invalidation channel removed+12 −487
017-remove-cloud-print-remnants.patchLeftover cloud-print hooks cleaned out+0 −92
018-remove-gaia-endpoints.patchaccounts.google.com stripped from the identity configuration+16 −228
019-remove-play-services-hooks.patchNo Play-services integration paths+4 −171
020-remove-hotword-module.patchThe "OK Google" hotword module, gone+2 −119
021-remove-feedback-uploader.patchFeedback reports stay on disk; nothing uploads itself+9 −143
022-remove-ntp-remote-content.patchNew Tab never fetches remote tiles, cards or promos+6 −261
023-local-extension-verification.patchExtension install verification runs locally — any store, or unpacked+87 −134
024-remove-supervised-user-service.patchFamily Link service calls removed+3 −186
025-remove-drive-integration.patchDrive-backed features detached+5 −97
026-remove-safety-check-pings.patchSafety check runs against local data only+19 −84

Identity → UniAuth

11 patches

Right where Chrome reaches for a Google account, Surferse asks for you. One identity, over a real OAuth 2.1 + PKCE handshake.

027-remove-google-signin.patchSign-in-with-Google surface removed everywhere it appears+14 −702
028-uniauth-profile-picker.patchThe profile picker offers UniAuth instead+238 −61
029-uniauth-oauth-client.patchOAuth 2.1 client with PKCE, pointed at uniauth.id+412 −0
030-pkce-verifier-handling.patchCode verifiers are single-use and never touch disk+96 −0
031-uniauth-token-store.patchRefresh tokens sealed in the OS keychain+147 −22
032-uniauth-account-ui.patchAccount chip, avatar and sign-out wired to UniAuth+188 −94
033-remove-account-consistency.patchMirror/DICE account-consistency headers gone+7 −156
034-remove-gaia-cookies.patchNo gaia cookie minting or reconciliation+4 −138
035-uniauth-profile-avatar.patchAvatars come from your Vault, not a Google profile+52 −31
036-remove-signin-promos.patchEvery "sign in to Chrome" nag, removed+2 −167
037-uniauth-signout-flow.patchSign-out leaves synced data sealed behind your Vault key+74 −12

Sync → UniAuth E2E

9 patches

Bookmarks, settings and tabs cross the void sealed with a key derived in your Vault. The relay stores ciphertext and nothing else.

038-uniauth-sync-backend.patchSync speaks to relay.uniauth.id and nowhere else+201 −340
039-vault-key-derivation.patchSync key derived in the Vault via HKDF-SHA-256 — never uploaded+164 −0
040-aes-gcm-sealing.patchEvery record sealed with AES-256-GCM before it leaves the device+212 −48
041-sync-payload-padding.patchFixed-size payloads — the relay can't infer what or how much you sync+58 −6
042-bookmarks-sync-adapter.patchBookmarks ride the sealed pipeline+89 −114
043-settings-sync-adapter.patchSettings and preferences, same pipeline+76 −98
044-tabs-sync-adapter.patchOpen tabs, same pipeline+83 −91
045-remove-google-sync-service.patchThe Google-hosted sync service, deleted+11 −1466
046-sync-key-rotation.patchA password change re-derives the key and re-seals your data+67 −9

Branding & defaults

12 patches

The parts you can see. A browser should look like what it is — and it isn't Chrome.

047-surferse-branding.patchThe pinwheel becomes the Surferse globe, everywhere it appears+310 −287
048-surferse-wordmarks.patchProduct strings, about box, menus+204 −196
049-surferse-scheme.patchsurferse:// internal pages — start, vault, settings, history+156 −102
050-default-search-chooser.patchFirst run asks which engine you want; none is pre-anointed+128 −44
051-surferse-ntp.patchThe New Tab: your planet, your shortcuts, a search bar, nothing else+342 −518
052-ua-brand-token.patchThe user-agent brand token says Surferse, honestly+21 −13
053-updates-endpoint.patchThe updater speaks only to updates.surferse.com+64 −171
054-remove-default-browser-nag.patchNo default-browser ambush on launch+2 −88
055-surferse-first-run.patchFirst-run flow: three screens, zero upsells+117 −236
056-remove-promo-bubbles.patchIn-product promotional bubbles compiled out+3 −142
057-surferse-icons-macos.patchApp, document and volume icons+38 −29
058-license-and-credits.patchsurferse://credits carries this exact list, offline+59 −4

the net effect

Zero Google endpoints.
Run it and watch.

This is what all 58 add up to. Put Surferse behind any proxy on first run — the log is the whole story.

$ surferse --first-run --log-network
watching outbound connections …
0 requests   *.google.com
0 requests   *.gstatic.com
0 requests   *.googleapis.com
1 request    updates.surferse.com  manifest · no cookies
first run complete. nobody was told.