Re: Google's Chrome Web Browser and Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 After reading several articles on the fine-print of Chrome, I wouldn't touch it with a ten-parsec-pole, with or without Tor. That's not even including the technical hurdles that would have to be overcome; given the amount of work given to making Firefox work right with Tor (Torbutton 1.2+), it'd be like reinventing the wheel, anyway. - -- F. Fox Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJIxH02AAoJECxKjnsrYHNHLfYP/2hE7iUp7an85XgtTBwMLhHT A2il8j/XQnFxFdNaqpky1ai2BYpjR0n5Wu1IItXy4CxwZ7q46l2sChyJ3Js/EEQr dEwr7xfkQmFhHUlgjjDQPq5KMM4WKDAV14zFS+J/0kalKJeN9XCg0QQk3AJ6WQjb +iSi7+ldQysjvgjmtUyh2A7EDyGB+0KSBUkrILAa3xgy3eY8JuzOAmwHEH+uMm30 fn9lxh0VgwmUZOPu9kRFpZ/niVxXzuQ2iUPswoJIsEQgt7owA6aUOP6MDk6N8ukq XaGIsaiFLWtHEsBwiNFZx+KHJWyd5eTwgX2V23fc8Hi+JjQrkaRRfC+dG6M6hIEd oNMZWJiHImkhytVG3cqoa7KcC6mm2vRL6lDZNy6lp1gW7XFwG7JufGhWWNaGUx+Y ZXd7QzW1t6WVCvUwv7Rv1czjKRqHo1hYamk74yvx+SLbqqFKykXdCOj6dcndRMC1 gXT75KEZnuRtslCpeDTid3lRtBgGI7kTHrveOrFVaZVHDVWa2l9p4nzSwrJJXhzp dgvTRI7C0VRiL2vrtjoQFq3DZkQAqmaTNVPFQo6kUQbNLyjfv6ByOlTLx242DqM6 y00LT4ZsU+oZ+nbxHhr7UaDLVhHnP/uMp2sibqQ3EYKfm1QJWlDfU5u6O7mkZyS0 +vysmn+3Id1Vm+CQfmad =cCWt -END PGP SIGNATURE-
Re: Google's Chrome Web Browser and Tor
On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote: Hi all, I've been playing around with Google's new web browser and Tor. I thought it might be good to share my findings with everyone. After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all. The first bug I tried was an old one I found with Firefox; the NEWS:// URI type. Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor. The second bug I found resulted in local file/folder disclosure. This is very similar to the one I found in Internet Explorer. The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats. The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy. Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor. On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult. However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser. It just doesn't feel privacy/anonymity friendly to me. Anyone else want to chime in on this? I dig what I've heard of the Chrome architecture, but it seems clear that, like every other consumer browser, it's not suitable for anonymous browsing out-of-the-box. The real question will be how easy it is to adapt it to be safe. Torbutton, for instance, has proven to take some pretty extreme hackery to try to shut down all of Firefox's interesting leaks. If it turned out to be (say) an order of magnitude easier to extend Chrome to be anonymity-friendly, that would be pretty awesome. We'll see, I guess. Has anybody looked into Chrome's extension mechanisms? It would be neat to know how hard it would be to address the information leaks addressed in, say, https://www.torproject.org/torbutton/design/ . yrs, -- Nick
Re: Google's Chrome Web Browser and Tor
On Fri, Sep 5, 2008 at 11:08 AM, Nick Mathewson [EMAIL PROTECTED] wrote: I dig what I've heard of the Chrome architecture, but it seems clear that, like every other consumer browser, it's not suitable for anonymous browsing out-of-the-box. The real question will be how easy it is to adapt it to be safe. Torbutton, for instance, has proven to take some pretty extreme hackery to try to shut down all of Firefox's interesting leaks. If it turned out to be (say) an order of magnitude easier to extend Chrome to be anonymity-friendly, that would be pretty awesome. We'll see, I guess. [snip] Why aren't more people using virtual machines for anonymous browsing? If your VM can't access the outside world except via TOR, and it has no knowledge of the outside world information (because TOR itself is running on the real machine) then pretty much all possible leaks are closed and you're only vulnerable to leakage between multiple anonymous things. Very simple, very clean.
Re: Google's Chrome Web Browser and Tor
Nick Mathewson wrote: On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote: Hi all, I've been playing around with Google's new web browser and Tor. I thought it might be good to share my findings with everyone. After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all. The first bug I tried was an old one I found with Firefox; the NEWS:// URI type. Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor. The second bug I found resulted in local file/folder disclosure. This is very similar to the one I found in Internet Explorer. The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats. The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy. Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor. On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult. However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser. It just doesn't feel privacy/anonymity friendly to me. Anyone else want to chime in on this? I dig what I've heard of the Chrome architecture, but it seems clear that, like every other consumer browser, it's not suitable for anonymous browsing out-of-the-box. The real question will be how easy it is to adapt it to be safe. Torbutton, for instance, has proven to take some pretty extreme hackery to try to shut down all of Firefox's interesting leaks. If it turned out to be (say) an order of magnitude easier to extend Chrome to be anonymity-friendly, that would be pretty awesome. We'll see, I guess. Has anybody looked into Chrome's extension mechanisms? It would be neat to know how hard it would be to address the information leaks addressed in, say, https://www.torproject.org/torbutton/design/ . ISTM this thing is more a web 2.0 portal than a browser; it is conceived and designed first and foremost to make user access of Google online services smooth, slick, (and advertisement laden). Its secondary function as a good browser simply allows most users to have only one browser active. Given it is OpenBSD Open source, if it proves to be a good design (interesting for sure) with potential to become a good privacy browser, and proves to have the very-quick JS engine that some claim, it might be forked at some point. The first thing the sibling would hopefully do is remove the unique application number business (see below); the second would be all phone-home features (see below). Even if it doesn't become officially forked, if it becomes a good package (say, 6 months from now after intense support and development), there will likely be patch files and/or enthusiast versions available. Certainly Linux/TOR users will repair the userid business before compiling it (or with a hex editor), and firewall-off any connection with home base. Thankfully, Opera with plugins removed is already an extremely quick, lightweight, secure, general-purpose TOR and non-TOR browser; FireFox with extensions well-addresses expanded features, so dual-browser users can comfortably wait for chrome to mature. http://www.google.com/chrome/intl/en/privacy.html When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for. If you choose to share usage statistics with Google and you accept a suggested query or URL, Google Chrome will send that information to Google as well. You can disable this feature as explained here. If you navigate to a URL that does not exist, Google Chrome may send the URL to Google so we can help you find the URL you were looking for. You can disable this feature as explained here. Google Chrome's SafeBrowsing feature periodically contacts Google's servers to download the most recent list of known phishing and malware sites. In addition, when you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site's URL so that we can send more information about the risky URL. Google cannot determine the real URL you are visiting from this information. More information about how this works is here. Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates. If you choose to send usage statistics and crash reports to Google, the browser will send us this information along with a unique application number as well. Crash reports can
Re: Google's Chrome Web Browser and Tor
On Fri, Sep 5, 2008 at 8:48 AM, Gregory Maxwell [EMAIL PROTECTED] wrote: On Fri, Sep 5, 2008 at 11:08 AM, Nick Mathewson [EMAIL PROTECTED] wrote: I dig what I've heard of the Chrome architecture, but it seems clear that, like every other consumer browser, it's not suitable for anonymous browsing out-of-the-box. The real question will be how easy it is to adapt it to be safe. Torbutton, for instance, has proven to take some pretty extreme hackery to try to shut down all of Firefox's interesting leaks. If it turned out to be (say) an order of magnitude easier to extend Chrome to be anonymity-friendly, that would be pretty awesome. We'll see, I guess. [snip] Why aren't more people using virtual machines for anonymous browsing? If your VM can't access the outside world except via TOR, and it has no knowledge of the outside world information (because TOR itself is running on the real machine) then pretty much all possible leaks are closed and you're only vulnerable to leakage between multiple anonymous things. Very simple, very clean. You sir are spot on! Multiple VMs is the way to go. :)
Re: Google's Chrome Web Browser and Tor
Also, more basic things: Cookie creation is blocked, but existing ones still are present and are transmitted. Also, javascript history disclosure attacks are not blocked. Timezone is of course still available as well. http://gemal.dk/browserspy/ In short, Google's policy with Incognito appears to be that it only will prevent stuff from being recorded to the local disk. Any remotely exploitable privacy vulnerabilities are not covered in the scope of the mode :/ This includes, surprisingly (or unsurprisingly), Google Search History. It is not even disabled automatically during Incognito mode: http://www.google.com/support/chrome/bin/answer.py?answer=95464hl=en-US Also, Chrome lacks any sort of cross-platform extension API with which to fix this.. Tears all around. Thus spake Kyle Williams ([EMAIL PROTECTED]): Hi all, I've been playing around with Google's new web browser and Tor. I thought it might be good to share my findings with everyone. After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all. The first bug I tried was an old one I found with Firefox; the NEWS:// URI type. Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor. The second bug I found resulted in local file/folder disclosure. This is very similar to the one I found in Internet Explorer. The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats. The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy. Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor. On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult. However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser. It just doesn't feel privacy/anonymity friendly to me. Anyone else want to chime in on this? - Kyle [1] http://www.google.com/chrome/intl/en/privacy.html (Basically states you have no privacy when using Chrome) -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpA4F4bLKcd7.pgp Description: PGP signature
Google's Chrome Web Browser and Tor
Hi all, I've been playing around with Google's new web browser and Tor. I thought it might be good to share my findings with everyone. After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all. The first bug I tried was an old one I found with Firefox; the NEWS:// URI type. Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor. The second bug I found resulted in local file/folder disclosure. This is very similar to the one I found in Internet Explorer. The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats. The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy. Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor. On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult. However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser. It just doesn't feel privacy/anonymity friendly to me. Anyone else want to chime in on this? - Kyle [1] http://www.google.com/chrome/intl/en/privacy.html (Basically states you have no privacy when using Chrome)
Re: Google's Chrome Web Browser and Tor
Is there an echo in here? Is there an echo in here? On 4 Sep 2008, at 23:46, Kyle Williams wrote: I've also noticed that while using the incognito feature, I was able to see my history from a regular browser window. Example: If I were to visit www.microsoft.com in a regular window, opened a new incognito window, then type in www in the URL bar, it shows that I've visited www.microsoft.com or any other site that was visited from a regular browser window. So it looks like the History in a regular browser window is accessible from the incognito window, but not the other way around. On Thu, Sep 4, 2008 at 3:27 PM, Hideki Saito [EMAIL PROTECTED] wrote: Just curious to how private is their private browsing feature. Don't feel much secure to me for plugins (perhaps cookies are isolated though) as it is not really meant for use with Tor... Hi all, I've been playing around with Google's new web browser and Tor. I thought it might be good to share my findings with everyone. After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all. The first bug I tried was an old one I found with Firefox; the NEWS:// URI type. Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor. The second bug I found resulted in local file/folder disclosure. This is very similar to the one I found in Internet Explorer. The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats. The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy. Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor. On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult. However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser. It just doesn't feel privacy/anonymity friendly to me. Anyone else want to chime in on this? - Kyle [1] http://www.google.com/chrome/intl/en/privacy.html (Basically states you have no privacy when using Chrome)