[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Google's Chrome Web Browser and Tor

On Fri, Sep 5, 2008 at 8:46 PM, Jonathan Addington <madjon@xxxxxxxxx> wrote:
> On Fri, Sep 5, 2008 at 10:08 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
>> On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
>> > Hi all,
>> >
>> > I've been playing around with Google's new web browser and Tor.  I thought
>> > it might be good to share my findings with everyone.
>> > After reading Google's privacy policy[1], I for one would not want to use
>> > this on a regular basis, if at all.
>> >
>> > The first bug I tried was an old one I found with Firefox; the NEWS:// URI
>> > type.
>> > Any link that has a NEWS:// URI will launch Outlook Express and attempt to
>> > contact the server in the URL...without using Tor.
>> >
>> > The second bug I found resulted in local file/folder disclosure.
>> > This is very similar to the one I found in Internet Explorer.
>> >
>> > The third bug I found was with MIME-TYPEs, specifically Windows Media Player
>> > supported formats.
>> > The BANNER tag can also leak your IP address when the playlist is loaded
>> > *IF* WMP is not set to use a proxy.
>> > Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
>> > support...no Tor.
>> >
>> >
>> > On the flip-side, it is very cool how each browser tab is it's own process,
>> > making several types of attacks much more difficult.
>> > However, with an invasive privacy policy, local proxy bypassing, and local
>> > files/folders able to be read from your hard drive, I've decided not to use
>> > this browser.
>> >
>> > It just doesn't feel privacy/anonymity friendly to me.
>> > Anyone else want to chime in on this?
>> I dig what I've heard of the Chrome architecture, but it seems clear
>> that, like every other consumer browser, it's not suitable for
>> anonymous browsing out-of-the-box.  The real question will be how easy
>> it is to adapt it to be safe.  Torbutton, for instance, has proven to
>> take some pretty extreme hackery to try to shut down all of Firefox's
>> interesting leaks.  If it turned out to be (say) an order of magnitude
>> easier to extend Chrome to be anonymity-friendly, that would be pretty
>> awesome.  We'll see, I guess.
>> Has anybody looked into Chrome's extension mechanisms?  It would be
>> neat to know how hard it would be to address the information leaks
>> addressed in, say, https://www.torproject.org/torbutton/design/ .
> Is there a particular reason Torbutton or the like isn't just hard
> coded into Firefox? Or any reason not to for Chrome?

Google and Mozilla dont see a sufficient reason to do so..?