If you're using the official web installer (see http://www.google.com/chrome/?hl=en) to get Google Chrome, in addition another program will be downloaded and installed on your box - the Google Updater. This small tool resides permanent in memory and stays even active if you choose to abandon Chrome by uninstalling it (maybe fixed somehow in the future).
So lets have a small look on the Google Updater: If you're checking for an update for Chrome (via menu) the Google Updater gets active. It sends a HTTP(!) request to tools.google.com. The request header looks like this: POST /service/update2? w=3:u33IULhCnzW9wBlvFrT1ILtFQDuzPkshhzt4Ls93HeJd-8fXB3LeeTgd1N7b- eztU3eD5K5opEFOGELtUyYOwOhZgICKNaE3PRN4TQlxmKYrF9sKyxty86kTrPZTm_2JgXUYrflvMJqFSjILxaPDUkLjd7Av-7aMnJqXDOSlQxY HTTP/1.1 If-Match: "zwx7omnGt-2HnRyZbaA4wDP1Ff4" Cookie: c=ANcH4TLRgw9du6N- l77_wxbdFP6AX1f7xGBJ0WhXdyPM4PmnObRJKgRdv-7fI465UpSlRX8meBCQ14WZrn3jt- hheBM2PCfw2g User-Agent: Google Update/1.2.131.11;winhttp;cup Host: tools.google.com Content-Length: 558 Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache The request data contains some interesting xml markup: <?xml version="1.0" encoding="UTF-8"?> <o:gupdate xmlns:o="http://www.google.com/update2/request"; protocol="2.0" version="1.2.131.11" ismachine="0" machineid="{6BDEBB78-7CA6-4529-826F-BE8262C42075}" userid="{11660812-092F-437C-95A4-8766595570E4}" requestid="{43C554F0-A20A-4598-93AF-FAC026AAD1A3}"> <o:os platform="win" version="5.1" sp="Service Pack 2"/> <o:app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="0.2.149.27" lang="de" brand="CHMG" client="" installsource="ondemandcheckforupdate"> <o:updatecheck/> <o:ping active="1"/> </o:app> </o:gupdate> If attributes like machineid or userid raise your eyebrows, you'll start to investigate a little bit more. A quick look up in your Windows Registry reveal some new stored keys (among others). HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\mi HKEY_CURRENT_USER\Software\Google\Update\ui Flying through the src of chromium I couldn't locate code that is responsible for creating these keys. Conclusion: the Google Updater must be the culprit. Seems as the Updater is tagging your system with a machine-id and your Windows user account with an user-id. These to values are send with each update request to the Google servers. This leads me to a few questions: Google claims Chrome respective Chromium is open source (see http://groups.google.com/group/chromium-discuss/msg/6376a7793f3f0051). What about the Google Updater? Where is the src code for this program? (Please point me to the right direction if I missed that out.) What's the reason behind tagging each box and each user account with such GUIDs? Where does Google document these features of the Google Updater? What about users that don't want to get tagged this way? (Yeah, I know about Mozilla doing something similar, but there are significant differences. And I know about the Chrome EULA - not the Updater EULA). Why does Google use HTTP instead of a HTTPS request? Ok, first I have to be glad about that fact, it made it easier to get the request details. But for the future it seems to be more secure to use HTTPS for such purposes. Will the Google Updater be integrated with the Google Update Service used by Google Pack? Will this Google Update Service get open sourced too? How to configure the Google Updater? Where you can choose the update interval or choose to disable automatic update checks (besides renaming the .exe or disabling the auto-start for the Google Updater)? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
