Skip to main content
Helium is built with privacy as the foundation. Unlike mainstream browsers, privacy isn’t an optional feature - it’s the default configuration.

Build-Time Privacy Flags

Helium’s privacy starts at compile time with flags configured in flags.gn: 
# Safe Browsing completely disabled
safe_browsing_mode=0

# No Google services
google_api_key=""
google_default_client_id=""
google_default_client_secret=""
use_official_google_api_keys=false

# Disable unnecessary services
enable_hangout_services_extension=false
enable_mdns=false
enable_remoting=false
enable_reporting=false
enable_service_discovery=false

# No field trials or A/B testing
disable_fieldtrial_testing_config=true
These flags are set at build time and cannot be re-enabled at runtime, ensuring privacy cannot be accidentally compromised.

What Each Flag Means

Safe Browsing DisabledGoogle Safe Browsing sends URLs you visit to Google for malware checking. While this can protect against phishing, it creates a privacy concern.Helium sets this to 0 to completely disable Safe Browsing:
  • No URLs sent to Google
  • No real-time lookups
  • No Safe Browsing database downloads
You retain full control over which sites you visit without third-party monitoring.
No Google Service IntegrationSetting all Google API keys to empty strings disables:
  • Google account sync
  • Chrome Web Store integration (uses alternative methods)
  • Google-specific features
  • Default search engine telephony
This ensures Helium doesn’t “phone home” to Google services by default.
No Google Hangouts ExtensionThe Hangouts extension enables Google Meet/Hangouts calling features. Helium removes this entirely:
enable_hangout_services_extension=false
This eliminates unnecessary background processes and potential privacy vectors.
No Local Network DiscoverymDNS enables service discovery on local networks (finding printers, Chromecasts, etc.):
enable_mdns=false
Disabled to prevent:
  • Automatic network scanning
  • Device fingerprinting via local network topology
  • Unnecessary network traffic
No Chrome Remote DesktopChrome Remote Desktop allows remote access to your computer:
enable_remoting=false
Helium removes this feature entirely as it’s not needed for most users and represents a security surface.
No Telemetry or Crash ReportsChromium includes extensive telemetry and reporting features:
enable_reporting=false
This disables:
  • Usage statistics collection
  • Crash report uploads
  • Performance metrics
  • Feature usage tracking
Your browser usage stays on your device.
No Automatic Service DetectionService discovery finds and connects to network services automatically:
enable_service_discovery=false
Disabled to prevent automatic connections and fingerprinting.
No A/B Testing or ExperimentsChromium uses field trials for A/B testing features on users:
disable_fieldtrial_testing_config=true
Helium disables this to ensure:
  • Consistent behavior for all users
  • No telemetry for experiment tracking
  • Predictable feature set

Settings Page Reorganization

Helium restructures the Settings page to prioritize privacy controls:

Simplified Privacy Page

The privacy page removes clutter and focuses on essential controls: 
<!-- Third-party cookies link removed -->
<template is="dom-if" if="[[false]]">
  <cr-link-row id="thirdPartyCookiesLinkRow">...</cr-link-row>
</template>
Reorganized order:
  1. Clear Browsing Data
  2. Site Settings (permissions, cookies, pop-ups)
  3. Security (connection security, DNS, certificates)
  4. Helium Services (privacy-preserving services)
Cookies are still fully manageable through Site Settings - we just removed the redundant dedicated page.

Clearer Descriptions

Settings descriptions focus on what they actually do: 
Permissions: "Manage site permissions and content settings 
             (cookies, pop-ups, and more)"

Security: "Connection security, DNS settings, certificate management, 
           and other security settings"
No marketing language - just clear explanations.

Helium Services

Helium includes optional privacy-preserving services:

Extension Proxy

Download extensions through Helium’s proxy to avoid direct Chrome Web Store connectionsPref: helium.services.ext_proxy
Default: Enabled

Native Bangs

Fetch the !bangs list from Helium services for DuckDuckGo-style shortcutsPref: helium.services.bangs
Default: Enabled

Service Configuration

All services are controlled through preferences in chrome/browser/ui/browser_ui_prefs.cc: 
registry->RegisterBooleanPref(prefs::kHeliumServicesEnabled, true);
registry->RegisterBooleanPref(prefs::kHeliumBangsEnabled, true);
registry->RegisterBooleanPref(prefs::kHeliumExtProxyEnabled, true);
registry->RegisterStringPref(prefs::kHeliumServicesOrigin, "");
All Helium Services can be disabled in Settings > Privacy > Helium Services if you prefer complete isolation.

Network Request Policy

Helium’s codebase includes helpers to control when network requests are made: 
bool ShouldAccessServices(const PrefService& prefs);
bool ShouldFetchBangs(const PrefService& prefs);
bool ShouldAccessExtensionService(const PrefService& prefs);
These helpers ensure:
  • User preferences are respected
  • No automatic connections without permission
  • Clear control over when network activity occurs

Bang Loading Example

From template_url_bang_manager.cc: 
request->load_flags = helium::ShouldFetchBangs(prefs)
                        ? net::LOAD_NORMAL
                        : net::LOAD_ONLY_FROM_CACHE;
If bangs are disabled, the browser will only use cached data - no network request is made.

Privacy by Design

Every feature in Helium considers privacy implications:
1

Evaluate Network Requirements

Does this feature require network access? Can it work offline?
2

User Control

Add a preference so users can disable if desired
3

Respect Settings

Check preferences before making any network request
4

Minimal Data

Only send what’s absolutely necessary - no fingerprinting data

What About DRM?

Helium includes Widevine support for streaming services: 
enable_widevine=true
This is enabled because:
  • Many users need it for Netflix, Spotify, etc.
  • It’s opt-in at runtime (only loads when needed)
  • Can be disabled through chrome://components
  • Doesn’t compromise privacy when not in use
If you don’t use DRM-protected content, you can disable Widevine in chrome://components to remove it entirely.

Comparison: Helium vs Chrome

FeatureChromeHelium
Safe BrowsingEnabledDisabled
Google SyncDefaultRemoved
Crash ReportingEnabledDisabled
Usage StatisticsEnabledDisabled
Field TrialsEnabledDisabled
mDNSEnabledDisabled
Hangouts ExtensionIncludedRemoved
Privacy ControlsHiddenProminent

Verifying Privacy Settings

You can verify Helium’s privacy configuration:
  1. Check build flags: Look at flags.gn in the source
  2. Monitor network: Use Wireshark to confirm no unexpected connections
  3. Review code: All patches are in patches/helium/ directories
  4. Inspect settings: Check chrome://prefs for privacy-related preferences
Helium is open source (GPL-3.0). You can review every privacy-related change in the repository.

Further Reading

Build docs developers (and LLMs) love

Get started for freeTalk to us