[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Google's Chrome Web Browser and Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Google's Chrome Web Browser and Tor
From: Mike Perry <mikeperry@xxxxxxxxxx>
Date: Fri, 5 Sep 2008 19:14:35 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 05 Sep 2008 22:14:40 -0400
In-reply-to: <21f144250809041520v7d67cc3fu1baec2f490600f79@xxxxxxxxxxxxxx>
References: <21f144250809041520v7d67cc3fu1baec2f490600f79@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

Also, more basic things: Cookie creation is blocked, but existing ones
still are present and are transmitted. Also, javascript history
disclosure attacks are not blocked. Timezone is of course still
available as well.  http://gemal.dk/browserspy/

In short, Google's policy with Incognito appears to be that it only
will prevent stuff from being recorded to the local disk. Any remotely
exploitable privacy vulnerabilities are not covered in the scope of
the mode :/

This includes, surprisingly (or unsurprisingly), Google Search
History. It is not even disabled automatically during Incognito mode:
http://www.google.com/support/chrome/bin/answer.py?answer=95464&hl=en-US

Also, Chrome lacks any sort of cross-platform extension API with which
to fix this.. Tears all around.

Thus spake Kyle Williams (kyle.kwilliams@xxxxxxxxx):

> Hi all,
> 
> I've been playing around with Google's new web browser and Tor.  I thought
> it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to use
> this on a regular basis, if at all.
> 
> The first bug I tried was an old one I found with Firefox; the NEWS:// URI
> type.
> Any link that has a NEWS:// URI will launch Outlook Express and attempt to
> contact the server in the URL...without using Tor.
> 
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> 
> The third bug I found was with MIME-TYPEs, specifically Windows Media Player
> supported formats.
> The BANNER tag can also leak your IP address when the playlist is loaded
> *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
> support...no Tor.
> 
> On the flip-side, it is very cool how each browser tab is it's own process,
> making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and local
> files/folders able to be read from your hard drive, I've decided not to use
> this browser.
> 
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?
> 
> 
> - Kyle
> 
> [1] http://www.google.com/chrome/intl/en/privacy.html
> (Basically states you have no privacy when using Chrome)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpyLFUZZYCj8.pgp
Description: PGP signature

Follow-Ups:
- Re: Google's Chrome Web Browser and Tor
  - From: F. Fox

References:
- Google's Chrome Web Browser and Tor
  - From: Kyle Williams

Prev by Author: Re: way too many msgs on this topic
Next by Author: Re: Google's Chrome Web Browser and Tor
Previous by thread: Re: Google's Chrome Web Browser and Tor
Next by thread: Re: Google's Chrome Web Browser and Tor
Index(es):
- Author
- Thread