Google's Chrome Web Browser and Tor
Kyle Williams
kyle.kwilliams at gmail.com
Thu Sep 4 22:46:06 UTC 2008
I've also noticed that while using the "incognito" feature, I was able to
see my history from a regular browser window.
Example:
If I were to visit "www.microsoft.com" in a regular window, opened a new
"incognito" window, then type in "www" in the URL bar, it shows that I've
visited "www.microsoft.com" or any other site that was visited from a
regular browser window.
So it looks like the History in a regular browser window is accessible from
the "incognito" window, but not the other way around.
On Thu, Sep 4, 2008 at 3:27 PM, Hideki Saito <hidekis at gmail.com> wrote:
> Just curious to how private is their private browsing feature. Don't
> feel much secure to me for plugins (perhaps cookies are isolated though)
> as it is not really meant for use with Tor...
>
> > Hi all,
> >
> > I've been playing around with Google's new web browser and Tor. I
> > thought it might be good to share my findings with everyone.
> > After reading Google's privacy policy[1], I for one would not want to
> > use this on a regular basis, if at all.
> >
> > The first bug I tried was an old one I found with Firefox; the NEWS://
> > URI type.
> > Any link that has a NEWS:// URI will launch Outlook Express and
> > attempt to contact the server in the URL...without using Tor.
> >
> > The second bug I found resulted in local file/folder disclosure.
> > This is very similar to the one I found in Internet Explorer.
> >
> > The third bug I found was with MIME-TYPEs, specifically Windows Media
> > Player supported formats.
> > The BANNER tag can also leak your IP address when the playlist is
> > loaded *IF* WMP is not set to use a proxy.
> > Also, a playlist in WMP can specify protocols that use UDP, hence, no
> > proxy support...no Tor.
> >
> > On the flip-side, it is very cool how each browser tab is it's own
> > process, making several types of attacks much more difficult.
> > However, with an invasive privacy policy, local proxy bypassing, and
> > local files/folders able to be read from your hard drive, I've decided
> > not to use this browser.
> >
> > It just doesn't feel privacy/anonymity friendly to me.
> > Anyone else want to chime in on this?
> >
> >
> > - Kyle
> >
> > [1] http://www.google.com/chrome/intl/en/privacy.html
> > (Basically states you have no privacy when using Chrome)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080904/d2a26329/attachment-0001.htm>
More information about the tor-talk
mailing list