[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Google's Chrome Web Browser and Tor
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Google's Chrome Web Browser and Tor
- From: Hideki Saito <hidekis@xxxxxxxxx>
- Date: Thu, 04 Sep 2008 15:27:23 -0700
- Cc: or-talk@xxxxxxxx
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 04 Sep 2008 18:27:34 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=Imt2779rWxOsrEVRPzPT3kxbBce0jhnhRl1fgk5mpjo=; b=BICE2iKGbXXQX+o+JaUOoqu9sN/Ukw/t1vE8bKAPfK5XeEQIp8g8hdhKWtSYFWGi5j afZ4XUSe6CYb6gM735Y/NVhOyuQkUZP48wHfZK6EREyZXsadnIdxzpRIVUG0Mst6SaN/ B0qUoW2necLwxInXcjyMFiQAuuZyHjx6sfbhc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=p/btU1AhAjR7ftFCtBQBPPFd3T/TTbHlPt1yYhgP6+T6L1gPXc+tNEA0nCLHbAma9+ NgzrDy3nj5necvFIbZ4hrjPd0ajBatbrIi3QXoTBql987M7smSIZKKJTFiuUW+QnohX8 VHnXbyvlxjfagwZyjPUJoVN82QSq6oyG9K2JA=
- In-reply-to: <21f144250809041520v7d67cc3fu1baec2f490600f79@xxxxxxxxxxxxxx>
- Openpgp: id=041E778C
- References: <21f144250809041520v7d67cc3fu1baec2f490600f79@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 18.104.22.168 (Windows/20080708)
Just curious to how private is their private browsing feature. Don't
feel much secure to me for plugins (perhaps cookies are isolated though)
as it is not really meant for use with Tor...
> Hi all,
> I've been playing around with Google's new web browser and Tor. I
> thought it might be good to share my findings with everyone.
> use this on a regular basis, if at all.
> The first bug I tried was an old one I found with Firefox; the NEWS://
> URI type.
> Any link that has a NEWS:// URI will launch Outlook Express and
> attempt to contact the server in the URL...without using Tor.
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> The third bug I found was with MIME-TYPEs, specifically Windows Media
> Player supported formats.
> The BANNER tag can also leak your IP address when the playlist is
> loaded *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no
> proxy support...no Tor.
> On the flip-side, it is very cool how each browser tab is it's own
> process, making several types of attacks much more difficult.
> local files/folders able to be read from your hard drive, I've decided
> not to use this browser.
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?
> - Kyle
>  http://www.google.com/chrome/intl/en/privacy.html
> (Basically states you have no privacy when using Chrome)