> Shouldn't there be a "Chromium-Privacy" project that branches Chromium and reviews code changes, to keep it aligned with such goals?
Maybe Iridium is what you're looking for. From their fp:
> Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers.
Unfortunately these forks -- of which there are many -- often fall behind Chromium's security updates and even introduce serious bugs of their own. E.g. "WhiteHat Aviator", another "security-oriented" fork, had this fiasco:
More went wrong with Aviator than that: they munged up the code rebranding it and made it much harder to track upstream. It also didn't start out open source!
Maybe Iridium is what you're looking for. From their fp:
> Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers.
https://iridiumbrowser.de/