Re: Google's Chrome Web Browser and Tor

[Mike Perry]

Also, more basic things: Cookie creation is blocked, but existing ones
still are present and are transmitted. Also, javascript history
disclosure attacks are not blocked. Timezone is of course still
available as well.  http://gemal.dk/browserspy/

In short, Google's policy with Incognito appears to be that it only
will prevent stuff from being recorded to the local disk. Any remotely
exploitable privacy vulnerabilities are not covered in the scope of
the mode :/

This includes, surprisingly (or unsurprisingly), Google Search
History. It is not even disabled automatically during Incognito mode:
http://www.google.com/support/chrome/bin/answer.py?answer=95464&hl=en-US

Also, Chrome lacks any sort of cross-platform extension API with which
to fix this.. Tears all around.

Thus spake Kyle Williams ([EMAIL PROTECTED]):

> Hi all,
> 
> I've been playing around with Google's new web browser and Tor.  I thought
> it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to use
> this on a regular basis, if at all.
> 
> The first bug I tried was an old one I found with Firefox; the NEWS:// URI
> type.
> Any link that has a NEWS:// URI will launch Outlook Express and attempt to
> contact the server in the URL...without using Tor.
> 
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> 
> The third bug I found was with MIME-TYPEs, specifically Windows Media Player
> supported formats.
> The BANNER tag can also leak your IP address when the playlist is loaded
> *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
> support...no Tor.
> 
> On the flip-side, it is very cool how each browser tab is it's own process,
> making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and local
> files/folders able to be read from your hard drive, I've decided not to use
> this browser.
> 
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?
> 
> 
> - Kyle
> 
> [1] http://www.google.com/chrome/intl/en/privacy.html
> (Basically states you have no privacy when using Chrome)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpA4F4bLKcd7.pgp
Description: PGP signature

Re: Tor on Nokia Internet Tablet?

[Jacob Appelbaum]

Clemens Eisserer wrote:
> Hi,
> 
> I've about ~768kbit/s upstream and an un-used Nokia770 internet
> tablet, with an ARM9 clocked at 250mhz.
> Do you think it would make sence running a TOR relay on it, and do you
> think the ARM would be able to keep up even with this low bandwith.
> Some performance tests suggested its about as fast as a Pentium-90.
> 
> Thank you in advance, lg Clemens
> 
> 

Hi!

Recently I was given a Nokia 770 by a Nokia Researcher/Developer in
Manaus. Specifically, I have some plans to (in the next month - unless
something more pressing comes up) make official Tor packages for the 770.

I doubt that it would make a useful Tor relay but the 770 does come with
software that will use proxies. Specifically, pidgin (the IM client)
appears able to use a SOCKS5 proxy.

I'll make some packages in the near future and then let people know
where to download them...

Best,
Jacob

Re: Google's Chrome Web Browser and Tor

[Kyle Williams]

On Fri, Sep 5, 2008 at 8:48 AM, Gregory Maxwell <[EMAIL PROTECTED]> wrote:

> On Fri, Sep 5, 2008 at 11:08 AM, Nick Mathewson <[EMAIL PROTECTED]>
> wrote:
> > I dig what I've heard of the Chrome architecture, but it seems clear
> > that, like every other consumer browser, it's not suitable for
> > anonymous browsing out-of-the-box.  The real question will be how easy
> > it is to adapt it to be safe.  Torbutton, for instance, has proven to
> > take some pretty extreme hackery to try to shut down all of Firefox's
> > interesting leaks.  If it turned out to be (say) an order of magnitude
> > easier to extend Chrome to be anonymity-friendly, that would be pretty
> > awesome.  We'll see, I guess.
> [snip]
>
> Why aren't more people using virtual machines for anonymous browsing?
>
> If your VM can't access the outside world except via TOR, and it has
> no knowledge of the outside world information (because TOR itself is
> running on the real machine) then pretty much all possible leaks are
> closed and you're only vulnerable to leakage between multiple
> anonymous things. Very simple, very clean.
>

You sir are spot on!  Multiple VMs is the way to go.  :)

Re: Google's Chrome Web Browser and Tor

[7v5w7go9ub0o]

Nick Mathewson wrote:

On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:

Hi all,

I've been playing around with Google's new web browser and Tor.  I thought
it might be good to share my findings with everyone.
After reading Google's privacy policy[1], I for one would not want to use
this on a regular basis, if at all.

The first bug I tried was an old one I found with Firefox; the NEWS:// URI
type.
Any link that has a NEWS:// URI will launch Outlook Express and attempt to
contact the server in the URL...without using Tor.

The second bug I found resulted in local file/folder disclosure.
This is very similar to the one I found in Internet Explorer.

The third bug I found was with MIME-TYPEs, specifically Windows Media Player
supported formats.
The BANNER tag can also leak your IP address when the playlist is loaded
*IF* WMP is not set to use a proxy.
Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
support...no Tor.


On the flip-side, it is very cool how each browser tab is it's own process,
making several types of attacks much more difficult.
However, with an invasive privacy policy, local proxy bypassing, and local
files/folders able to be read from your hard drive, I've decided not to use
this browser.

It just doesn't feel privacy/anonymity friendly to me.
Anyone else want to chime in on this?


I dig what I've heard of the Chrome architecture, but it seems clear
that, like every other consumer browser, it's not suitable for
anonymous browsing out-of-the-box.  The real question will be how easy
it is to adapt it to be safe.  Torbutton, for instance, has proven to
take some pretty extreme hackery to try to shut down all of Firefox's
interesting leaks.  If it turned out to be (say) an order of magnitude
easier to extend Chrome to be anonymity-friendly, that would be pretty
awesome.  We'll see, I guess.

Has anybody looked into Chrome's extension mechanisms?  It would be
neat to know how hard it would be to address the information leaks
addressed in, say, https://www.torproject.org/torbutton/design/ .




ISTM this thing is more a web 2.0 portal than a browser; it is conceived 
and designed first and foremost to make user access of Google online 
services smooth, slick, (and advertisement laden). Its secondary 
function as a good browser simply allows most users to have only one 
browser active.


Given it is OpenBSD Open source, if it proves to be a good design 
(interesting for sure) with potential to become a good privacy browser, 
and proves to have the very-quick JS engine that some claim, it might be 
"forked" at some point.


The first thing the sibling would hopefully do is remove the "unique 
application number" business (see below); the second would be all 
phone-home features (see below).


Even if it doesn't become officially forked, if it becomes a good 
package (say, 6 months from now after intense support and development), 
there will likely be patch files and/or "enthusiast" versions available.


Certainly Linux/TOR users will "repair" the userid business before 
compiling it (or with a hex editor), and firewall-off any connection 
with home base.


Thankfully, Opera with plugins removed is already an extremely quick, 
lightweight, secure, general-purpose TOR and non-TOR browser; FireFox 
with extensions well-addresses "expanded features", so dual-browser 
users can comfortably wait for chrome to mature.


 

"When you type URLs or queries in the address bar, the letters you type
are sent to Google so the Suggest feature can automatically recommend
terms or URLs you may be looking for. If you choose to share usage
statistics with Google and you accept a suggested query or URL, Google
Chrome will send that information to Google as well. You can disable
this feature as explained here.
If you navigate to a URL that does not exist, Google Chrome may send the
URL to Google so we can help you find the URL you were looking for. You
can disable this feature as explained here.
Google Chrome's SafeBrowsing feature periodically contacts Google's
servers to download the most recent list of known phishing and malware
sites. In addition, when you visit a site that we think could be a
phishing or malware site, your browser will send Google a hashed,
partial copy of the site's URL so that we can send more information
about the risky URL. Google cannot determine the real URL you are
visiting from this information. More information about how this works is
here.
Your copy of Google Chrome includes one or more unique application
numbers. These numbers and information about your installation of the
browser (e.g., version number, language) will be sent to Google when you
first install and use it and when Google Chrome automatically checks for
updates.  If you choose to send usage statistics and crash reports to
Google, the browser will send us this information along with a unique
application number as well.  Crash repor

Re: Google's Chrome Web Browser and Tor

[Anil Gulecha]

On Fri, Sep 5, 2008 at 8:46 PM, Jonathan Addington <[EMAIL PROTECTED]> wrote:
> On Fri, Sep 5, 2008 at 10:08 AM, Nick Mathewson <[EMAIL PROTECTED]> wrote:
>>
>> On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
>> > Hi all,
>> >
>> > I've been playing around with Google's new web browser and Tor.  I thought
>> > it might be good to share my findings with everyone.
>> > After reading Google's privacy policy[1], I for one would not want to use
>> > this on a regular basis, if at all.
>> >
>> > The first bug I tried was an old one I found with Firefox; the NEWS:// URI
>> > type.
>> > Any link that has a NEWS:// URI will launch Outlook Express and attempt to
>> > contact the server in the URL...without using Tor.
>> >
>> > The second bug I found resulted in local file/folder disclosure.
>> > This is very similar to the one I found in Internet Explorer.
>> >
>> > The third bug I found was with MIME-TYPEs, specifically Windows Media 
>> > Player
>> > supported formats.
>> > The BANNER tag can also leak your IP address when the playlist is loaded
>> > *IF* WMP is not set to use a proxy.
>> > Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
>> > support...no Tor.
>> >
>> >
>> > On the flip-side, it is very cool how each browser tab is it's own process,
>> > making several types of attacks much more difficult.
>> > However, with an invasive privacy policy, local proxy bypassing, and local
>> > files/folders able to be read from your hard drive, I've decided not to use
>> > this browser.
>> >
>> > It just doesn't feel privacy/anonymity friendly to me.
>> > Anyone else want to chime in on this?
>>
>> I dig what I've heard of the Chrome architecture, but it seems clear
>> that, like every other consumer browser, it's not suitable for
>> anonymous browsing out-of-the-box.  The real question will be how easy
>> it is to adapt it to be safe.  Torbutton, for instance, has proven to
>> take some pretty extreme hackery to try to shut down all of Firefox's
>> interesting leaks.  If it turned out to be (say) an order of magnitude
>> easier to extend Chrome to be anonymity-friendly, that would be pretty
>> awesome.  We'll see, I guess.
>>
>> Has anybody looked into Chrome's extension mechanisms?  It would be
>> neat to know how hard it would be to address the information leaks
>> addressed in, say, https://www.torproject.org/torbutton/design/ .
>
> Is there a particular reason Torbutton or the like isn't just hard
> coded into Firefox? Or any reason not to for Chrome?
>

Google and Mozilla dont see a sufficient reason to do so..?

~Anil

Re: Google's Chrome Web Browser and Tor

[Gregory Maxwell]

On Fri, Sep 5, 2008 at 11:08 AM, Nick Mathewson <[EMAIL PROTECTED]> wrote:
> I dig what I've heard of the Chrome architecture, but it seems clear
> that, like every other consumer browser, it's not suitable for
> anonymous browsing out-of-the-box.  The real question will be how easy
> it is to adapt it to be safe.  Torbutton, for instance, has proven to
> take some pretty extreme hackery to try to shut down all of Firefox's
> interesting leaks.  If it turned out to be (say) an order of magnitude
> easier to extend Chrome to be anonymity-friendly, that would be pretty
> awesome.  We'll see, I guess.
[snip]

Why aren't more people using virtual machines for anonymous browsing?

If your VM can't access the outside world except via TOR, and it has
no knowledge of the outside world information (because TOR itself is
running on the real machine) then pretty much all possible leaks are
closed and you're only vulnerable to leakage between multiple
anonymous things. Very simple, very clean.

Re: Google's Chrome Web Browser and Tor

[Jonathan Addington]

On Fri, Sep 5, 2008 at 10:08 AM, Nick Mathewson <[EMAIL PROTECTED]> wrote:
>
> On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
> > Hi all,
> >
> > I've been playing around with Google's new web browser and Tor.  I thought
> > it might be good to share my findings with everyone.
> > After reading Google's privacy policy[1], I for one would not want to use
> > this on a regular basis, if at all.
> >
> > The first bug I tried was an old one I found with Firefox; the NEWS:// URI
> > type.
> > Any link that has a NEWS:// URI will launch Outlook Express and attempt to
> > contact the server in the URL...without using Tor.
> >
> > The second bug I found resulted in local file/folder disclosure.
> > This is very similar to the one I found in Internet Explorer.
> >
> > The third bug I found was with MIME-TYPEs, specifically Windows Media Player
> > supported formats.
> > The BANNER tag can also leak your IP address when the playlist is loaded
> > *IF* WMP is not set to use a proxy.
> > Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
> > support...no Tor.
> >
> >
> > On the flip-side, it is very cool how each browser tab is it's own process,
> > making several types of attacks much more difficult.
> > However, with an invasive privacy policy, local proxy bypassing, and local
> > files/folders able to be read from your hard drive, I've decided not to use
> > this browser.
> >
> > It just doesn't feel privacy/anonymity friendly to me.
> > Anyone else want to chime in on this?
>
> I dig what I've heard of the Chrome architecture, but it seems clear
> that, like every other consumer browser, it's not suitable for
> anonymous browsing out-of-the-box.  The real question will be how easy
> it is to adapt it to be safe.  Torbutton, for instance, has proven to
> take some pretty extreme hackery to try to shut down all of Firefox's
> interesting leaks.  If it turned out to be (say) an order of magnitude
> easier to extend Chrome to be anonymity-friendly, that would be pretty
> awesome.  We'll see, I guess.
>
> Has anybody looked into Chrome's extension mechanisms?  It would be
> neat to know how hard it would be to address the information leaks
> addressed in, say, https://www.torproject.org/torbutton/design/ .

Is there a particular reason Torbutton or the like isn't just hard
coded into Firefox? Or any reason not to for Chrome?

> yrs,
> --
> Nick
>
>



--
[EMAIL PROTECTED]

Calendar (usually up to date):
http://www.google.com/calendar/embed?src=madjon%40gmail.com&ctz=America/Chicago&pvttk=715ccc706e1e426d956ad8d6f7f9b16a

Re: Google's Chrome Web Browser and Tor

[Nick Mathewson]

On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
> Hi all,
> 
> I've been playing around with Google's new web browser and Tor.  I thought
> it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to use
> this on a regular basis, if at all.
> 
> The first bug I tried was an old one I found with Firefox; the NEWS:// URI
> type.
> Any link that has a NEWS:// URI will launch Outlook Express and attempt to
> contact the server in the URL...without using Tor.
> 
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
> 
> The third bug I found was with MIME-TYPEs, specifically Windows Media Player
> supported formats.
> The BANNER tag can also leak your IP address when the playlist is loaded
> *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy
> support...no Tor.
> 
>
> On the flip-side, it is very cool how each browser tab is it's own process,
> making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and local
> files/folders able to be read from your hard drive, I've decided not to use
> this browser.
> 
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?

I dig what I've heard of the Chrome architecture, but it seems clear
that, like every other consumer browser, it's not suitable for
anonymous browsing out-of-the-box.  The real question will be how easy
it is to adapt it to be safe.  Torbutton, for instance, has proven to
take some pretty extreme hackery to try to shut down all of Firefox's
interesting leaks.  If it turned out to be (say) an order of magnitude
easier to extend Chrome to be anonymity-friendly, that would be pretty
awesome.  We'll see, I guess.

Has anybody looked into Chrome's extension mechanisms?  It would be
neat to know how hard it would be to address the information leaks
addressed in, say, https://www.torproject.org/torbutton/design/ .

yrs,
-- 
Nick

Re: Tor on Nokia Internet Tablet?

[Stephen Hildrey]

Clemens Eisserer wrote:

Hi,

I've about ~768kbit/s upstream and an un-used Nokia770 internet
tablet, with an ARM9 clocked at 250mhz.
Do you think it would make sence running a TOR relay on it, and do you
think the ARM would be able to keep up even with this low bandwith.
Some performance tests suggested its about as fast as a Pentium-90.


It's worth a try, though I was unable to get Tor working in server mode 
on a similarly spec'd (CPU-wise) Linksys NSLU2.


Let us know how it works out...

Thanks,
Steve

Tor on Nokia Internet Tablet?

[Clemens Eisserer]

Hi,

I've about ~768kbit/s upstream and an un-used Nokia770 internet
tablet, with an ARM9 clocked at 250mhz.
Do you think it would make sence running a TOR relay on it, and do you
think the ARM would be able to keep up even with this low bandwith.
Some performance tests suggested its about as fast as a Pentium-90.

Thank you in advance, lg Clemens