Chromium sends data to google upon startup
5,657 views
Skip to first unread message
Alexey
Aug 10, 2010, 2:21:16 AM8/10/10
to Chromium-discuss
Hello!
I chosed chromium instead of chrome because wikipedia says, that
chromium is open soure and has no code to send any data to google. But
i see, that chromium make some requests upon startup:
It seems that on first request it query google for unique client ID
(getting NID Cookie):
HEAD / HTTP/1.1
Host: www.google.com
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 302 Found
Location: http://www.google.ru/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=632128af861ebb83:TM=1281420591:LM=1281420591:S=ELyyEhjZ2JNSeGMV;
expires=Thu, 09-Aug-2012 06:09:51 GMT; path=/; domain=.google.com
Set-Cookie: NID=37=r81qA-
WGJc3SVSCovGM80YSzQb0LXRe39SHMzqClX_9reL_jYI7q3Y3UKfXAdVtkv8m5fZl1W6XR-
of4k10wGAw4LQYK5LTatCv3BOGwcmOc5V_1yhWjo9Hj6qbX2acc; expires=Wed, 09-
Feb-2011 06:09:51 GMT; path=/; domain=.google.com; HttpOnly
Date: Tue, 10 Aug 2010 06:09:51 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
Then it query google for full version of the main page:
GET / HTTP/1.1
Host: www.google.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Date: Tue, 10 Aug 2010 06:09:52 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=58cd7371512d08cb:NW=1:TM=1281420592:LM=1281420592:S=Se8DowmfivRBO6qO;
expires=Thu, 09-Aug-2012 06:09:52 GMT; path=/; domain=.google.ru
Set-Cookie:
NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1239IQZkScPg-
nfddL78qiuw-BDEJyCfq9T8S3gL4ZcjNBdQI5sX39iyUiQbw; expires=Wed, 09-
Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
Content-Encoding: gzip
Server: gws
Content-Length: 5917
X-XSS-Protection: 1; mode=block
<!doctype html> .... (page data skipped) ....
And next it makes very strange erquest to clients1.google.com, sending
some data via query string and getting some data back:
GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
HTTP/1.1
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; Win32)
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Aug 2010 06:10:07 GMT
Expires: Tue, 10 Aug 2010 06:10:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked
rlzT4: 1T4GGLL_ru
rlzR7: 1R7GGLL_ru
rlzW1: 1W1GGLL_ru
rlzC1: 1C1_____enRU392RU392
rlzC2: 1C2_____enRU392
rlzI7: 1I7GGLL_ru
dcc: T
set_dcc:
T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,I7:1I7GGLL_ru
events:
stateful-events:
crc32: 7c33310f
Than it makes 3-5 requests to "google safebrowsing", and then verify
all requests i make wia sefebrowsing "feature". But requests to
safebrowsing are not anonymous. All of them signed with cookie, getted
on the first 2-3 requests, that i copied here.
How can I completely remove google spy tools in chromium? I don't need
any assistance and safebrowsing features!
I chosed chromium instead of chrome because wikipedia says, that
chromium is open soure and has no code to send any data to google. But
i see, that chromium make some requests upon startup:
It seems that on first request it query google for unique client ID
(getting NID Cookie):
HEAD / HTTP/1.1
Host: www.google.com
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 302 Found
Location: http://www.google.ru/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=632128af861ebb83:TM=1281420591:LM=1281420591:S=ELyyEhjZ2JNSeGMV;
expires=Thu, 09-Aug-2012 06:09:51 GMT; path=/; domain=.google.com
Set-Cookie: NID=37=r81qA-
WGJc3SVSCovGM80YSzQb0LXRe39SHMzqClX_9reL_jYI7q3Y3UKfXAdVtkv8m5fZl1W6XR-
of4k10wGAw4LQYK5LTatCv3BOGwcmOc5V_1yhWjo9Hj6qbX2acc; expires=Wed, 09-
Feb-2011 06:09:51 GMT; path=/; domain=.google.com; HttpOnly
Date: Tue, 10 Aug 2010 06:09:51 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
Then it query google for full version of the main page:
GET / HTTP/1.1
Host: www.google.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Date: Tue, 10 Aug 2010 06:09:52 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=58cd7371512d08cb:NW=1:TM=1281420592:LM=1281420592:S=Se8DowmfivRBO6qO;
expires=Thu, 09-Aug-2012 06:09:52 GMT; path=/; domain=.google.ru
Set-Cookie:
NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1239IQZkScPg-
nfddL78qiuw-BDEJyCfq9T8S3gL4ZcjNBdQI5sX39iyUiQbw; expires=Wed, 09-
Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
Content-Encoding: gzip
Server: gws
Content-Length: 5917
X-XSS-Protection: 1; mode=block
<!doctype html> .... (page data skipped) ....
And next it makes very strange erquest to clients1.google.com, sending
some data via query string and getting some data back:
GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
HTTP/1.1
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; Win32)
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Aug 2010 06:10:07 GMT
Expires: Tue, 10 Aug 2010 06:10:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked
rlzT4: 1T4GGLL_ru
rlzR7: 1R7GGLL_ru
rlzW1: 1W1GGLL_ru
rlzC1: 1C1_____enRU392RU392
rlzC2: 1C2_____enRU392
rlzI7: 1I7GGLL_ru
dcc: T
set_dcc:
T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,I7:1I7GGLL_ru
events:
stateful-events:
crc32: 7c33310f
Than it makes 3-5 requests to "google safebrowsing", and then verify
all requests i make wia sefebrowsing "feature". But requests to
safebrowsing are not anonymous. All of them signed with cookie, getted
on the first 2-3 requests, that i copied here.
How can I completely remove google spy tools in chromium? I don't need
any assistance and safebrowsing features!
gulbrandr
Aug 10, 2010, 4:19:22 AM8/10/10
to Chromium-discuss
Interesting indeed. Do you see the same ID request when google is not
your homepage?
"And next it makes very strange request to clients1.google.com"
This is not strange at all. Google queries this server to retrieve
search suggestions. To turn it off, read this:
http://googlesystem.blogspot.com/2009/02/how-to-disable-google-suggest.html
your homepage?
"And next it makes very strange request to clients1.google.com"
This is not strange at all. Google queries this server to retrieve
search suggestions. To turn it off, read this:
http://googlesystem.blogspot.com/2009/02/how-to-disable-google-suggest.html
Alexey
Aug 10, 2010, 5:43:41 AM8/10/10
to Chromium-discuss
It's not a suggestions or something similar, because i'm doing launch
of chromium and just wait. I'm performing no one action in opened
window, only looking into my sniffer and watching for info.
I disabled ALL plugins and extensions, suggestions, malware
protections. Some requests gone away, but published requests still
there. Each startup chromium (not chrome!) makes 3 requests to google!
I'm not typing or switching anything inside it!
On 10 авг, 12:19, gulbrandr <mohammed.led...@googlemail.com> wrote:
> Interesting indeed. Do you see the same ID request when google is not
> your homepage?
>
> "And next it makes very strange request to clients1.google.com"
> This is not strange at all. Google queries this server to retrieve
> search suggestions. To turn it off, read this:http://googlesystem.blogspot.com/2009/02/how-to-disable-google-sugges...
> > PREF=ID=58cd7371512d08cb:NW=1:TM=1281420592:LM=1281420592:S=Se8DowmfivRBO6qO;
> > NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1239IQZkScPg-
of chromium and just wait. I'm performing no one action in opened
window, only looking into my sniffer and watching for info.
I disabled ALL plugins and extensions, suggestions, malware
protections. Some requests gone away, but published requests still
there. Each startup chromium (not chrome!) makes 3 requests to google!
I'm not typing or switching anything inside it!
On 10 авг, 12:19, gulbrandr <mohammed.led...@googlemail.com> wrote:
> Interesting indeed. Do you see the same ID request when google is not
> your homepage?
>
> "And next it makes very strange request to clients1.google.com"
> This is not strange at all. Google queries this server to retrieve
> > NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1239IQZkScPg-
> > nfddL78qiuw-BDEJyCfq9T8S3gL4ZcjNBdQI5sX39iyUiQbw; expires=Wed, 09-
> > Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
> > Content-Encoding: gzip
> > Server: gws
> > Content-Length: 5917
> > X-XSS-Protection: 1; mode=block
>
> > <!doctype html> .... (page data skipped) ....
>
> > And next it makes very strange erquest to clients1.google.com, sending
> > some data via query string and getting some data back:
>
> > GET /tools/pso/ping?
> > as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
> > Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
> > Content-Encoding: gzip
> > Server: gws
> > Content-Length: 5917
> > X-XSS-Protection: 1; mode=block
>
> > <!doctype html> .... (page data skipped) ....
>
> > And next it makes very strange erquest to clients1.google.com, sending
> > some data via query string and getting some data back:
>
> > GET /tools/pso/ping?
> > HTTP/1.1
> > Accept: text/*
> > User-Agent: Mozilla/4.0 (compatible; Win32)
> > Host: clients1.google.com
>
> > HTTP/1.1 200 OK
> > Content-Type: text/html; charset=utf-8
> > Date: Tue, 10 Aug 2010 06:10:07 GMT
> > Expires: Tue, 10 Aug 2010 06:10:07 GMT
> > Cache-Control: private, max-age=0
> > X-Content-Type-Options: nosniff
> > X-XSS-Protection: 1; mode=block
> > Server: GSE
> > Transfer-Encoding: chunked
>
> > rlzT4: 1T4GGLL_ru
> > rlzR7: 1R7GGLL_ru
> > rlzW1: 1W1GGLL_ru
> > rlzC1: 1C1_____enRU392RU392
> > rlzC2: 1C2_____enRU392
> > rlzI7: 1I7GGLL_ru
> > dcc: T
> > set_dcc:
> > T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,I7:1I7GGLL_ru
> > Accept: text/*
> > User-Agent: Mozilla/4.0 (compatible; Win32)
> > Host: clients1.google.com
>
> > HTTP/1.1 200 OK
> > Content-Type: text/html; charset=utf-8
> > Date: Tue, 10 Aug 2010 06:10:07 GMT
> > Expires: Tue, 10 Aug 2010 06:10:07 GMT
> > Cache-Control: private, max-age=0
> > X-Content-Type-Options: nosniff
> > X-XSS-Protection: 1; mode=block
> > Server: GSE
> > Transfer-Encoding: chunked
>
> > rlzT4: 1T4GGLL_ru
> > rlzR7: 1R7GGLL_ru
> > rlzW1: 1W1GGLL_ru
> > rlzC1: 1C1_____enRU392RU392
> > rlzC2: 1C2_____enRU392
> > rlzI7: 1I7GGLL_ru
> > dcc: T
> > set_dcc:
Alexey
Aug 10, 2010, 5:54:09 AM8/10/10
to Chromium-discuss
Besides it, Google says, that it use RLZ for only branded
distribution. But in quiries above we see "GET /tools/pso/ping?
distribution. But in quiries above we see "GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGL
L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T"
request even in Chromium!
L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T"
Alexey
Aug 10, 2010, 6:08:13 AM8/10/10
to Chromium-discuss
Ok, i found related code in RLZ library:
http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc
//
// Ping information.
//
// rep=2: includes the new stateful events.
const char kProtocolCgiArgument[] = "rep=2";
const char kEventsCgiVariable[] = "events";
const char kStatefulEventsCgiVariable[] = "stateful-events";
const char kEventsCgiSeparator = ',';
const char kRlzCgiVariable[] = "rlz";
const char kRlzCgiSeparator[] = ",";
const char kRlzCgiIndicator[] = ":";
const char kProductSignatureCgiVariable[] = "as";
const char kProductBrandCgiVariable[] = "brand";
const char kProductLanguageCgiVariable[] = "hl";
const char kProductIdCgiVariable[] = "pid";
const char kDccCgiVariable[] = "dcc";
const char kRlsCgiVariable[] = "rls";
const char kMachineIdCgiVariable[] = "id";
const char kSetDccResponseVariable[] = "set_dcc";
//
// Financial server information.
//
const char kFinancialPingPath[] = "/tools/pso/ping";
const char kFinancialServer[] = "clients1.google.com";
const char kFinancialPingType[] = "GET";
const int kFinancialPort = 80;
// Ping times in 100-nanosecond intervals.
const int64 kEventsPingInterval = 24LL * 3600LL * 10000000LL; // 1
day
const int64 kNoEventsPingInterval = kEventsPingInterval * 7LL; // 1
week
const char kFinancialPingUserAgent[] = "Mozilla/4.0 (compatible;
Win32)";
const char* kFinancialPingResponseObjects[] = { "text/*", NULL };
My build is downloaded from http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/
and it seems to be RLZ-enabled.
What the hell? Why Chromium is spyware-enabled?!
http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc
//
// Ping information.
//
// rep=2: includes the new stateful events.
const char kProtocolCgiArgument[] = "rep=2";
const char kEventsCgiVariable[] = "events";
const char kStatefulEventsCgiVariable[] = "stateful-events";
const char kEventsCgiSeparator = ',';
const char kRlzCgiVariable[] = "rlz";
const char kRlzCgiSeparator[] = ",";
const char kRlzCgiIndicator[] = ":";
const char kProductSignatureCgiVariable[] = "as";
const char kProductBrandCgiVariable[] = "brand";
const char kProductLanguageCgiVariable[] = "hl";
const char kProductIdCgiVariable[] = "pid";
const char kDccCgiVariable[] = "dcc";
const char kRlsCgiVariable[] = "rls";
const char kMachineIdCgiVariable[] = "id";
const char kSetDccResponseVariable[] = "set_dcc";
//
// Financial server information.
//
const char kFinancialPingPath[] = "/tools/pso/ping";
const char kFinancialServer[] = "clients1.google.com";
const char kFinancialPingType[] = "GET";
const int kFinancialPort = 80;
// Ping times in 100-nanosecond intervals.
const int64 kEventsPingInterval = 24LL * 3600LL * 10000000LL; // 1
day
const int64 kNoEventsPingInterval = kEventsPingInterval * 7LL; // 1
week
const char kFinancialPingUserAgent[] = "Mozilla/4.0 (compatible;
Win32)";
const char* kFinancialPingResponseObjects[] = { "text/*", NULL };
My build is downloaded from http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/
and it seems to be RLZ-enabled.
What the hell? Why Chromium is spyware-enabled?!
PhistucK
Aug 10, 2010, 6:18:37 AM8/10/10
to Carlos Pizano, ale...@uzhva.ru, Chromium-discuss
This is serious. Can anyone respond?
☆PhistucK
Carlos, I remember seeing you in some discussions regarding RLZ, statistics and reporting, so I added you. Sorry if this is not your area.
☆PhistucK
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
gulbrandr
Aug 10, 2010, 7:30:09 AM8/10/10
to Chromium-discuss
Thank you Alexey for looking into the source code. Can you please redo
your test with a different default search engine than Google?
The comments in rlz.h and rlz.cc in /trunk/src/chrome/browser/rlz/ are
informative of what it is trying to do upon startup:
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup
This is also interesting: http://blog.chromium.org/2010/06/in-open-for-rlz.html
It says that "RLZ gives us the ability to accurately measure the
success of marketing promotions and distribution partnerships in order
to meet our contractual and financial obligations.".
On 10 août, 12:08, Alexey <ale...@uzhva.ru> wrote:
> Ok, i found related code in RLZ library:http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/li...
> My build is downloaded fromhttp://build.chromium.org/buildbot/snapshots/chromium-rel-xp/
your test with a different default search engine than Google?
The comments in rlz.h and rlz.cc in /trunk/src/chrome/browser/rlz/ are
informative of what it is trying to do upon startup:
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup
This is also interesting: http://blog.chromium.org/2010/06/in-open-for-rlz.html
It says that "RLZ gives us the ability to accurately measure the
success of marketing promotions and distribution partnerships in order
to meet our contractual and financial obligations.".
On 10 août, 12:08, Alexey <ale...@uzhva.ru> wrote:
> Ok, i found related code in RLZ library:http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/li...
Alexey
Aug 10, 2010, 7:33:29 AM8/10/10
to Chromium-discuss
> Thank you Alexey for looking into the source code. Can you please redo
> your test with a different default search engine than Google?
Already did it. Result is the same, nothing changed.
> your test with a different default search engine than Google?
On 10 авг, 15:30, gulbrandr <mohammed.led...@googlemail.com> wrote:
> Thank you Alexey for looking into the source code. Can you please redo
> your test with a different default search engine than Google?
>
> The comments in rlz.h and rlz.cc in /trunk/src/chrome/browser/rlz/ are
gulbrandr
Aug 10, 2010, 10:09:16 AM8/10/10
to Chromium-discuss
PhistucK, when you say "This is serious", what do you mean?
On 10 août, 12:18, PhistucK <phist...@chromium.org> wrote:
> This is serious. Can anyone respond?
>
> Carlos, I remember seeing you in some discussions regarding RLZ, statistics
> and reporting, so I added you. Sorry if this is not your area.
>
> ☆PhistucK
>
>
>
>
>
>
>
> On Tue, Aug 10, 2010 at 13:08, Alexey <ale...@uzhva.ru> wrote:
> > Ok, i found related code in RLZ library:
>
> >http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/li...
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
On 10 août, 12:18, PhistucK <phist...@chromium.org> wrote:
> This is serious. Can anyone respond?
>
> Carlos, I remember seeing you in some discussions regarding RLZ, statistics
> and reporting, so I added you. Sorry if this is not your area.
>
> ☆PhistucK
>
>
>
>
>
>
>
> On Tue, Aug 10, 2010 at 13:08, Alexey <ale...@uzhva.ru> wrote:
> > Ok, i found related code in RLZ library:
>
Romkin
Aug 10, 2010, 11:29:14 AM8/10/10
to Chromium-discuss
Hmm, it maybe simply a version check, chrome updates automatically?
still doesn't prove that it sends personal information.
> as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGL L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
still doesn't prove that it sends personal information.
> HTTP/1.1
> Accept: text/*
> User-Agent: Mozilla/4.0 (compatible; Win32)
> Host: clients1.google.com
>
> HTTP/1.1 200 OK
> Content-Type: text/html; charset=utf-8
> Date: Tue, 10 Aug 2010 06:10:07 GMT
> Expires: Tue, 10 Aug 2010 06:10:07 GMT
> Cache-Control: private, max-age=0
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> Server: GSE
> Transfer-Encoding: chunked
>
> rlzT4: 1T4GGLL_ru
> rlzR7: 1R7GGLL_ru
> rlzW1: 1W1GGLL_ru
> rlzC1: 1C1_____enRU392RU392
> rlzC2: 1C2_____enRU392
> rlzI7: 1I7GGLL_ru
> dcc: T
> set_dcc:
> T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2___ __enRU392,I7:1I7GGLL_ru
> Accept: text/*
> User-Agent: Mozilla/4.0 (compatible; Win32)
> Host: clients1.google.com
>
> HTTP/1.1 200 OK
> Content-Type: text/html; charset=utf-8
> Date: Tue, 10 Aug 2010 06:10:07 GMT
> Expires: Tue, 10 Aug 2010 06:10:07 GMT
> Cache-Control: private, max-age=0
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> Server: GSE
> Transfer-Encoding: chunked
>
> rlzT4: 1T4GGLL_ru
> rlzR7: 1R7GGLL_ru
> rlzW1: 1W1GGLL_ru
> rlzC1: 1C1_____enRU392RU392
> rlzC2: 1C2_____enRU392
> rlzI7: 1I7GGLL_ru
> dcc: T
> set_dcc:
Sinister
Aug 10, 2010, 11:34:25 AM8/10/10
to Chromium-discuss
A pity, Chromium doesn't update automatically.
D
Aug 10, 2010, 11:36:51 AM8/10/10
to sin...@gmail.com, Chromium-discuss
Sinister
Aug 10, 2010, 11:46:38 AM8/10/10
to Chromium-discuss
My sarcasm is lost on you. I just meant to point out that Chromium's
highly suspicious behaviour has nothing to do with updating.
On Aug 10, 7:36 pm, D <din...@gmail.com> wrote:
> try this
>
> http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...
> <http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...>
> Greetings,
> Dinsan
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
highly suspicious behaviour has nothing to do with updating.
On Aug 10, 7:36 pm, D <din...@gmail.com> wrote:
> try this
>
> http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...
> <http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...>
> Greetings,
> Dinsan
Glenn Wilson
Aug 10, 2010, 1:31:58 PM8/10/10
to sin...@gmail.com, Chromium-discuss
Hi everyone,
We think that the reported RLZ ping behavior (that request to "/tools/pso/ping...") is a regression -- RLZ pings should not be happening in Chromium or non-promotional Google Chrome builds, so this is not the intended behavior.
I've filed this as bug http://code.google.com/p/chromium/issues/detail?id=51693. We're working on it now.
Thanks for reporting the issue!
Glenn
Chromium Discussion mailing list: chromium...@chromium.org
Nico Weber
Aug 10, 2010, 1:42:22 PM8/10/10
to ale...@uzhva.ru, Chromium-discuss
The first two requests are to find out what language your suggestions
should be in (you're in russia, so your search suggestions should come
from google.ru. Chromium needs to find somehow). I think this doesn't
happen if you use a different default search engine.
This seems to be a bug, see Glenn's reply.
> Than it makes 3-5 requests to "google safebrowsing", and then verify
> all requests i make wia sefebrowsing "feature". But requests to
> safebrowsing are not anonymous. All of them signed with cookie, getted
> on the first 2-3 requests, that i copied here.
The safebrowsing requests have a cookie as ddos protection, and for
anonymous usage stats tracking, to answer questions like "How many
clients have up-to-date safe browsing data?" etc.
> How can I completely remove google spy tools in chromium? I don't need
> any assistance and safebrowsing features!
Phishing is a very real problem:
http://www.avira.com/en/threats/section/worldphishing/top/7/index.html
PhistucK
Aug 10, 2010, 3:28:02 PM8/10/10
to mohamme...@googlemail.com, Chromium-discuss
That this is a serious issue, Chromium is supposed to be free of these things.
☆PhistucK
And, as you see, Glenn responded and they are taking care of it.
☆PhistucK
Chromium Discussion mailing list: chromium...@chromium.org
Glenn Wilson
Aug 13, 2010, 4:13:04 PM8/13/10
to phis...@gmail.com, mohamme...@googlemail.com, Chromium-discuss
Just to follow up on this, the bug has been fixed as of revision 56032: http://src.chromium.org/viewvc/chrome?view=rev&revision=56032 I tested on version 6.0.493.0 and it works as expected again (no RLZ.)
We've also made some changes in this revision to help prevent it from happening again.
Thanks for the report, and your patience!
Best regards,
Glenn
Reply all
Reply to author
Forward
0 new messages