Issue 498272 in chromium: Add option to disable unrequested connections to clients4.google.com / www.gstatic.com

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
Labels: Cr-Enterprise Pri-2 Via-Wizard Type-Bug OS-Linux

New issue 498272 by ignaz.fo...@googlemail.com: Add option to disable
unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

UserAgent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/43.0.2357.124 Safari/537.36

Steps to reproduce the problem:
1. Use the following group policy to disable any known automatic
connections:
{
"ShowAppsShortcutInBookmarkBar": false,
"DefaultBrowserSettingEnabled": false,
"SyncDisabled": true,
"MetricsReportingEnabled": false,
"SigninAllowed": false,
"CloudPrintSubmitEnabled": false,
"SafeBrowsingEnabled": false,
"SpellCheckServiceEnabled": false,
"DnsPrefetchingEnabled": false,
"NetworkPredictionOptions": 2,
"AutoFillEnabled": false,
}
2. Start a network traffic capture (e.g. with Wireshark).
3. Start Google Chrome with an empty profile
4. Stop the network traffic capture and look out for unrequested
connections (in this case to https://clients4.google.com and
https://www.gstatic.com)

What is the expected behavior?
It should be possible to configure Chrome in a way that no external
connection is made except when the user requests it.
Unfortunately I wasn't able to find any option to disable these connections.

What went wrong?
Chrome will automatically connect to both www.gstatic.com and
clients4.google.com, and there doesn't seem to be an option to prevent this.

Did this work before? Yes According to several blog posts of around 2011
(e.g.
http://inquimit.tumblr.com/post/6884416454/getting-stealthy-with-google-chrome)
users were able to turn off phoning home features completely.

Chrome version: 43.0.2357.124 Channel: stable
OS Version: Kubuntu 12.04
Flash Version: Shockwave Flash 18.0 r0

We are currently evaluating Chrome for our organization - unrequested
connections to other sites are considered phoning home and are not allowed.

The connection(s) may be related to "Google search locale"
(https://www.google.com/intl/en/chrome/browser/privacy/whitepaper.html#searchlocale),
however changing the default search engine has no effect on those
connections.

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Updates:
Owner: sas...@chromium.org
Labels: -Type-Bug Type-Feature

Comment #1 on issue 498272 by atwi...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

Adding Saswat to prioritize (task is to figure out what is connecting to
clients4.google.com and www.gstatic.com and add policy controls to disable
these services).

[chro...@googlecode.com]

Updates:
Status: Untriaged

Comment #2 on issue 498272 by kavv...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

Marking it as Untriaged as the issue is of type-feature.

[chro...@googlecode.com]

Comment #4 on issue 498272 by p.d.whit...@alumni.lboro.ac.uk: Add option to

disable unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

What's the point of Chromium if we can't disable this sort of thing?

[chro...@googlecode.com]

Comment #6 on issue 498272 by bat...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

I have added this to url_request.cc:

diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index cfacae0..19c7066 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -571,6 +571,10 @@ URLRequest::URLRequest(const GURL& url,

context->url_requests()->insert(this);
net_log_.BeginEvent(NetLog::TYPE_REQUEST_ALIVE);
+
+ if (url.spec().find("clients") != std::string::npos) {
+ LOG(ERROR) << "URLRequest to " << url.spec();
+ }
}

Apparently Chromium fetches experiments:

[11631:11703:0928/161827:ERROR:url_request.cc(576)] URLRequest to
https://clients4.google.com/chrome-sync/dev/experimentstatus

There is also an update ping to the component updater:

[11631:11703:0928/162328:ERROR:url_request.cc(576)] URLRequest to
https://clients2.google.com/service/update2

Saswat, are there ways to disables these?

[chro...@googlecode.com]

Updates:
Cc: ho...@chromium.org

Comment #7 on issue 498272 by bat...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #8 on issue 498272 by bat...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

There is also the ev_whitelist_component_installer.cc, which talks to
https://clients2.googleusercontent.com/crx/blobs/... (but maybe only if the
component updater finds an update, so that might be caught with a policy
for the previous ping)

[chro...@googlecode.com]

Comment #12 on issue 498272 by asvi...@chromium.org: Add option to

disable unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

The https://clients4.google.com/chrome-variations/seed URL, which is to
fetch experiment configs, should not be being queried in Chromium builds.
It should only be done in Google Chrome builds.

Specifically, that URL is requested by VariationsService, which is not
created at all for Chromium builds. This is the relevant code:

https://code.google.com/p/chromium/codesearch#chromium/src/components/variations/service/variations_service.cc&rcl=1445513163&l=485

So, if GOOGLE_CHROME_BUILD is not set (which it isn't for Chromium builds),
then unless a special command line flag is specified by a developer (this
flag isn't specified by default), then VariationsService::Create() returns
null and thus there should be no requests to that URL being made.

[chro...@googlecode.com]

Updates:
Cc: z...@chromium.org jia...@chromium.org

Comment #13 on issue 498272 by asvi...@chromium.org: Add option to

disable unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

Ah, looks like the URLs mentioned in comment #6 is something else.

+zea@ and jianli@ from Sync team to comment on
https://clients4.google.com/chrome-sync/dev/experimentstatus

[chro...@googlecode.com]

Updates:
Cc: fgor...@chromium.org

Comment #14 on issue 498272 by bat...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

https://code.google.com/p/chromium/codesearch#chromium/src/components/gcm_driver/gcm_desktop_utils.cc
seems
to be the origin of the experiment status.

[chro...@googlecode.com]

Comment #16 on issue 498272 by sas...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

#6 - Neither for experiment fetches, nor for component updates do we have a
policy today. Some component updates are considered critical for security.

[chro...@googlecode.com]

Comment #17 on issue 498272 by fgor...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

#11 and #14 - Special way that we are using the experiment status is to
enable killing the GCM in cases where it misbehaves and DDoSes the backend.
This is independent of chrome vs. chromium.

https://code.google.com/p/chromium/codesearch#chromium/src/components/gcm_driver/gcm_channel_status_syncer.cc
disables
the driver in 164.

jianli@ can provide more details.

[chro...@googlecode.com]

Comment #19 on issue 498272 by fgor...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

#18 Great question :)

GCM Channel status syncer only runs when GCM does (meaning starts when
there is at least one application/web page/component needing GCM, and stops
when last one of these is gone, at which point GCM stops as well.

[chro...@googlecode.com]

Comment #20 on issue 498272 by kanepy...@gmail.com: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

The gstatic request is probably to https://www.gstatic.com/generate_204 ,
which is used to check for a working network connection as well as captive
portals, if I remember correctly.

[chro...@googlecode.com]

Comment #21 on issue 498272 by bat...@chromium.org: Add option to disable

unrequested connections to clients4.google.com / www.gstatic.com
https://code.google.com/p/chromium/issues/detail?id=498272

#19: Ok, if this is only started on demand, that sounds good to me. Thanks.