[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Google's Chrome Web Browser and Tor

Just curious to how private is their private browsing feature. Don't
feel much secure to me for plugins (perhaps cookies are isolated though)
as it is not really meant for use with Tor...

> Hi all,
> I've been playing around with Google's new web browser and Tor.  I
> thought it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to
> use this on a regular basis, if at all.
> The first bug I tried was an old one I found with Firefox; the NEWS://
> URI type.
> Any link that has a NEWS:// URI will launch Outlook Express and
> attempt to contact the server in the URL...without using Tor.
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> The third bug I found was with MIME-TYPEs, specifically Windows Media
> Player supported formats.
> The BANNER tag can also leak your IP address when the playlist is
> loaded *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no
> proxy support...no Tor.
> On the flip-side, it is very cool how each browser tab is it's own
> process, making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and
> local files/folders able to be read from your hard drive, I've decided
> not to use this browser.
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?
> - Kyle
> [1] http://www.google.com/chrome/intl/en/privacy.html
> (Basically states you have no privacy when using Chrome)