Chromium sends data to google upon startup

5204 views
Skip to first unread message

Alexey

unread,
Aug 10, 2010, 2:21:16 AM8/10/10
to Chromium-discuss
Hello!

I chosed chromium instead of chrome because wikipedia says, that
chromium is open soure and has no code to send any data to google. But
i see, that chromium make some requests upon startup:

It seems that on first request it query google for unique client ID
(getting NID Cookie):

HEAD / HTTP/1.1
Host: www.google.com
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3

HTTP/1.1 302 Found
Location: http://www.google.ru/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=632128af861ebb83:TM=1281420591:LM=1281420591:S=ELyyEhjZ2JNSeGMV;
expires=Thu, 09-Aug-2012 06:09:51 GMT; path=/; domain=.google.com
Set-Cookie: NID=37=r81qA-
WGJc3SVSCovGM80YSzQb0LXRe39SHMzqClX_9reL_jYI7q3Y3UKfXAdVtkv8m5fZl1W6XR-
of4k10wGAw4LQYK5LTatCv3BOGwcmOc5V_1yhWjo9Hj6qbX2acc; expires=Wed, 09-
Feb-2011 06:09:51 GMT; path=/; domain=.google.com; HttpOnly
Date: Tue, 10 Aug 2010 06:09:51 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block


Then it query google for full version of the main page:

GET / HTTP/1.1
Host: www.google.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 OK
Date: Tue, 10 Aug 2010 06:09:52 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=58cd7371512d08cb:NW=1:TM=1281420592:LM=1281420592:S=Se8DowmfivRBO6qO;
expires=Thu, 09-Aug-2012 06:09:52 GMT; path=/; domain=.google.ru
Set-Cookie:
NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1239IQZkScPg-
nfddL78qiuw-BDEJyCfq9T8S3gL4ZcjNBdQI5sX39iyUiQbw; expires=Wed, 09-
Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
Content-Encoding: gzip
Server: gws
Content-Length: 5917
X-XSS-Protection: 1; mode=block

<!doctype html> .... (page data skipped) ....


And next it makes very strange erquest to clients1.google.com, sending
some data via query string and getting some data back:

GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
HTTP/1.1
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; Win32)
Host: clients1.google.com

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Aug 2010 06:10:07 GMT
Expires: Tue, 10 Aug 2010 06:10:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked

rlzT4: 1T4GGLL_ru
rlzR7: 1R7GGLL_ru
rlzW1: 1W1GGLL_ru
rlzC1: 1C1_____enRU392RU392
rlzC2: 1C2_____enRU392
rlzI7: 1I7GGLL_ru
dcc: T
set_dcc:
T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,I7:1I7GGLL_ru
events:
stateful-events:
crc32: 7c33310f

Than it makes 3-5 requests to "google safebrowsing", and then verify
all requests i make wia sefebrowsing "feature". But requests to
safebrowsing are not anonymous. All of them signed with cookie, getted
on the first 2-3 requests, that i copied here.

How can I completely remove google spy tools in chromium? I don't need
any assistance and safebrowsing features!

gulbrandr

unread,
Aug 10, 2010, 4:19:22 AM8/10/10
to Chromium-discuss
Interesting indeed. Do you see the same ID request when google is not
your homepage?

"And next it makes very strange request to clients1.google.com"
This is not strange at all. Google queries this server to retrieve
search suggestions. To turn it off, read this:
http://googlesystem.blogspot.com/2009/02/how-to-disable-google-suggest.html

Alexey

unread,
Aug 10, 2010, 5:43:41 AM8/10/10
to Chromium-discuss
It's not a suggestions or something similar, because i'm doing launch
of chromium and just wait. I'm performing no one action in opened
window, only looking into my sniffer and watching for info.

I disabled ALL plugins and extensions, suggestions, malware
protections. Some requests gone away, but published requests still
there. Each startup chromium (not chrome!) makes 3 requests to google!
I'm not typing or switching anything inside it!

On 10 авг, 12:19, gulbrandr <mohammed.led...@googlemail.com> wrote:
> Interesting indeed. Do you see the same ID request when google is not
> your homepage?
>
> "And next it makes very strange request to clients1.google.com"
> This is not strange at all. Google queries this server to retrieve
> search suggestions. To turn it off, read this:http://googlesystem.blogspot.com/2009/02/how-to-disable-google-sugges...
> > PREF=ID=58cd7371512d08cb:NW=1:TM=1281420592:LM=1281420592:S=Se8DowmfivRBO6q­O;
> > expires=Thu, 09-Aug-2012 06:09:52 GMT; path=/; domain=.google.ru
> > Set-Cookie:
> > NID=37=f4RNcYXija2zWgTpn10_D_YUh3x3U2kdNxGkEJXB7iCtmPzg1FUT1BzUPOEBLaqyHIg1­239IQZkScPg-
> > nfddL78qiuw-BDEJyCfq9T8S3gL4ZcjNBdQI5sX39iyUiQbw; expires=Wed, 09-
> > Feb-2011 06:09:52 GMT; path=/; domain=.google.ru; HttpOnly
> > Content-Encoding: gzip
> > Server: gws
> > Content-Length: 5917
> > X-XSS-Protection: 1; mode=block
>
> > <!doctype html> .... (page data skipped) ....
>
> > And next it makes very strange erquest to clients1.google.com, sending
> > some data via query string and getting some data back:
>
> > GET /tools/pso/ping?
> > as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGL­L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
> > HTTP/1.1
> > Accept: text/*
> > User-Agent: Mozilla/4.0 (compatible; Win32)
> > Host: clients1.google.com
>
> > HTTP/1.1 200 OK
> > Content-Type: text/html; charset=utf-8
> > Date: Tue, 10 Aug 2010 06:10:07 GMT
> > Expires: Tue, 10 Aug 2010 06:10:07 GMT
> > Cache-Control: private, max-age=0
> > X-Content-Type-Options: nosniff
> > X-XSS-Protection: 1; mode=block
> > Server: GSE
> > Transfer-Encoding: chunked
>
> > rlzT4: 1T4GGLL_ru
> > rlzR7: 1R7GGLL_ru
> > rlzW1: 1W1GGLL_ru
> > rlzC1: 1C1_____enRU392RU392
> > rlzC2: 1C2_____enRU392
> > rlzI7: 1I7GGLL_ru
> > dcc: T
> > set_dcc:
> > T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2___­__enRU392,I7:1I7GGLL_ru

Alexey

unread,
Aug 10, 2010, 5:54:09 AM8/10/10
to Chromium-discuss
Besides it, Google says, that it use RLZ for only branded
distribution. But in quiries above we see "GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGL­
L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T"
request even in Chromium!

Alexey

unread,
Aug 10, 2010, 6:08:13 AM8/10/10
to Chromium-discuss
Ok, i found related code in RLZ library:
http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc

//
// Ping information.
//

// rep=2: includes the new stateful events.
const char kProtocolCgiArgument[] = "rep=2";

const char kEventsCgiVariable[] = "events";
const char kStatefulEventsCgiVariable[] = "stateful-events";
const char kEventsCgiSeparator = ',';

const char kRlzCgiVariable[] = "rlz";
const char kRlzCgiSeparator[] = ",";
const char kRlzCgiIndicator[] = ":";

const char kProductSignatureCgiVariable[] = "as";
const char kProductBrandCgiVariable[] = "brand";
const char kProductLanguageCgiVariable[] = "hl";
const char kProductIdCgiVariable[] = "pid";

const char kDccCgiVariable[] = "dcc";
const char kRlsCgiVariable[] = "rls";
const char kMachineIdCgiVariable[] = "id";
const char kSetDccResponseVariable[] = "set_dcc";

//
// Financial server information.
//

const char kFinancialPingPath[] = "/tools/pso/ping";
const char kFinancialServer[] = "clients1.google.com";
const char kFinancialPingType[] = "GET";

const int kFinancialPort = 80;

// Ping times in 100-nanosecond intervals.
const int64 kEventsPingInterval = 24LL * 3600LL * 10000000LL; // 1
day
const int64 kNoEventsPingInterval = kEventsPingInterval * 7LL; // 1
week

const char kFinancialPingUserAgent[] = "Mozilla/4.0 (compatible;
Win32)";
const char* kFinancialPingResponseObjects[] = { "text/*", NULL };


My build is downloaded from http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/
and it seems to be RLZ-enabled.

What the hell? Why Chromium is spyware-enabled?!

PhistucK

unread,
Aug 10, 2010, 6:18:37 AM8/10/10
to Carlos Pizano, ale...@uzhva.ru, Chromium-discuss
This is serious. Can anyone respond?

Carlos, I remember seeing you in some discussions regarding RLZ, statistics and reporting, so I added you. Sorry if this is not your area.


☆PhistucK


--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
   http://groups.google.com/a/chromium.org/group/chromium-discuss

gulbrandr

unread,
Aug 10, 2010, 7:30:09 AM8/10/10
to Chromium-discuss
Thank you Alexey for looking into the source code. Can you please redo
your test with a different default search engine than Google?

The comments in rlz.h and rlz.cc in /trunk/src/chrome/browser/rlz/ are
informative of what it is trying to do upon startup:
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup

This is also interesting: http://blog.chromium.org/2010/06/in-open-for-rlz.html
It says that "RLZ gives us the ability to accurately measure the
success of marketing promotions and distribution partnerships in order
to meet our contractual and financial obligations.".

On 10 août, 12:08, Alexey <ale...@uzhva.ru> wrote:
> Ok, i found related code in RLZ library:http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/li...
> My build is downloaded fromhttp://build.chromium.org/buildbot/snapshots/chromium-rel-xp/

Alexey

unread,
Aug 10, 2010, 7:33:29 AM8/10/10
to Chromium-discuss
> Thank you Alexey for looking into the source code. Can you please redo
> your test with a different default search engine than Google?

Already did it. Result is the same, nothing changed.

On 10 авг, 15:30, gulbrandr <mohammed.led...@googlemail.com> wrote:
> Thank you Alexey for looking into the source code. Can you please redo
> your test with a different default search engine than Google?
>
> The comments in rlz.h and rlz.cc in /trunk/src/chrome/browser/rlz/ are
> informative of what it is trying to do upon startup:http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rl...http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rl...

gulbrandr

unread,
Aug 10, 2010, 10:09:16 AM8/10/10
to Chromium-discuss
PhistucK, when you say "This is serious", what do you mean?

On 10 août, 12:18, PhistucK <phist...@chromium.org> wrote:
> This is serious. Can anyone respond?
>
> Carlos, I remember seeing you in some discussions regarding RLZ, statistics
> and reporting, so I added you. Sorry if this is not your area.
>
> ☆PhistucK
>
>
>
>
>
>
>
> On Tue, Aug 10, 2010 at 13:08, Alexey <ale...@uzhva.ru> wrote:
> > Ok, i found related code in RLZ library:
>
> >http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/li...
> > Chromium Discussion mailing list: chromium-disc...@chromium.org

Romkin

unread,
Aug 10, 2010, 11:29:14 AM8/10/10
to Chromium-discuss
Hmm, it maybe simply a version check, chrome updates automatically?
still doesn't prove that it sends personal information.
> as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGL L_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
> HTTP/1.1
> Accept: text/*
> User-Agent: Mozilla/4.0 (compatible; Win32)
> Host: clients1.google.com
>
> HTTP/1.1 200 OK
> Content-Type: text/html; charset=utf-8
> Date: Tue, 10 Aug 2010 06:10:07 GMT
> Expires: Tue, 10 Aug 2010 06:10:07 GMT
> Cache-Control: private, max-age=0
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> Server: GSE
> Transfer-Encoding: chunked
>
> rlzT4: 1T4GGLL_ru
> rlzR7: 1R7GGLL_ru
> rlzW1: 1W1GGLL_ru
> rlzC1: 1C1_____enRU392RU392
> rlzC2: 1C2_____enRU392
> rlzI7: 1I7GGLL_ru
> dcc: T
> set_dcc:
> T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2___ __enRU392,I7:1I7GGLL_ru

Sinister

unread,
Aug 10, 2010, 11:34:25 AM8/10/10
to Chromium-discuss
A pity, Chromium doesn't update automatically.

D

unread,
Aug 10, 2010, 11:36:51 AM8/10/10
to sin...@gmail.com, Chromium-discuss

Sinister

unread,
Aug 10, 2010, 11:46:38 AM8/10/10
to Chromium-discuss
My sarcasm is lost on you. I just meant to point out that Chromium's
highly suspicious behaviour has nothing to do with updating.

On Aug 10, 7:36 pm, D <din...@gmail.com> wrote:
> try this
>
> http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...
> <http://www.thechromesource.com/using-the-chromium-updater-to-stay-cur...>
> Greetings,
> Dinsan
> > Chromium Discussion mailing list: chromium-disc...@chromium.org

Glenn Wilson

unread,
Aug 10, 2010, 1:31:58 PM8/10/10
to sin...@gmail.com, Chromium-discuss
Hi everyone,

We think that the reported RLZ ping behavior (that request to "/tools/pso/ping...") is a regression -- RLZ pings should not be happening in Chromium or non-promotional Google Chrome builds, so this is not the intended behavior.

I've filed this as bug http://code.google.com/p/chromium/issues/detail?id=51693.  We're working on it now.

Thanks for reporting the issue!

Glenn

Chromium Discussion mailing list: chromium...@chromium.org

Nico Weber

unread,
Aug 10, 2010, 1:42:22 PM8/10/10
to ale...@uzhva.ru, Chromium-discuss

The first two requests are to find out what language your suggestions
should be in (you're in russia, so your search suggestions should come
from google.ru. Chromium needs to find somehow). I think this doesn't
happen if you use a different default search engine.

This seems to be a bug, see Glenn's reply.

> Than it makes 3-5 requests to "google safebrowsing", and then verify
> all requests i make wia sefebrowsing "feature". But requests to
> safebrowsing are not anonymous. All of them signed with cookie, getted
> on the first 2-3 requests, that i copied here.

The safebrowsing requests have a cookie as ddos protection, and for
anonymous usage stats tracking, to answer questions like "How many
clients have up-to-date safe browsing data?" etc.

> How can I completely remove google spy tools in chromium? I don't need
> any assistance and safebrowsing features!

Phishing is a very real problem:
http://www.avira.com/en/threats/section/worldphishing/top/7/index.html

PhistucK

unread,
Aug 10, 2010, 3:28:02 PM8/10/10
to mohamme...@googlemail.com, Chromium-discuss
That this is a serious issue, Chromium is supposed to be free of these things.
And, as you see, Glenn responded and they are taking care of it.

☆PhistucK


Chromium Discussion mailing list: chromium...@chromium.org

Glenn Wilson

unread,
Aug 13, 2010, 4:13:04 PM8/13/10
to phis...@gmail.com, mohamme...@googlemail.com, Chromium-discuss
Just to follow up on this, the bug has been fixed as of revision 56032: http://src.chromium.org/viewvc/chrome?view=rev&revision=56032  I tested on version 6.0.493.0 and it works as expected again (no RLZ.)

We've also made some changes in this revision to help prevent it from happening again.

Thanks for the report, and your patience!

Best regards,
Glenn
Reply all
Reply to author
Forward
0 new messages