[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Google's Chrome Web Browser and Tor

On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
> Hi all,
> I've been playing around with Google's new web browser and Tor.  I thought
> it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to use
> this on a regular basis, if at all.
> The first bug I tried was an old one I found with Firefox; the NEWS:// URI
> type.
> Any link that has a NEWS:// URI will launch Outlook Express and attempt to
> contact the server in the URL...without using Tor.
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> The third bug I found was with MIME-TYPEs, specifically Windows Media Player
> supported formats.
> The BANNER tag can also leak your IP address when the playlist is loaded
> *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
> support...no Tor.
> On the flip-side, it is very cool how each browser tab is it's own process,
> making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and local
> files/folders able to be read from your hard drive, I've decided not to use
> this browser.
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?

I dig what I've heard of the Chrome architecture, but it seems clear
that, like every other consumer browser, it's not suitable for
anonymous browsing out-of-the-box.  The real question will be how easy
it is to adapt it to be safe.  Torbutton, for instance, has proven to
take some pretty extreme hackery to try to shut down all of Firefox's
interesting leaks.  If it turned out to be (say) an order of magnitude
easier to extend Chrome to be anonymity-friendly, that would be pretty
awesome.  We'll see, I guess.

Has anybody looked into Chrome's extension mechanisms?  It would be
neat to know how hard it would be to address the information leaks
addressed in, say, https://www.torproject.org/torbutton/design/ .