Google's Chrome Web Browser and Tor
Geoff Down
downie at castlecops.net
Thu Sep 4 23:01:56 UTC 2008
Is there an echo in here?
Is there an echo in here?
On 4 Sep 2008, at 23:46, Kyle Williams wrote:
> I've also noticed that while using the "incognito" feature, I was able
> to see my history from a regular browser window.
>
> Example:
> If I were to visit "www.microsoft.com" in a regular window, opened a
> new "incognito" window, then type in "www" in the URL bar, it shows
> that I've visited "www.microsoft.com" or any other site that was
> visited from a regular browser window.
>
> So it looks like the History in a regular browser window is accessible
> from the "incognito" window, but not the other way around.
>
>
> On Thu, Sep 4, 2008 at 3:27 PM, Hideki Saito <hidekis at gmail.com> wrote:
>> Just curious to how private is their private browsing feature. Don't
>> feel much secure to me for plugins (perhaps cookies are isolated
>> though)
>> as it is not really meant for use with Tor...
>>
>> > Hi all,
>> >
>> > I've been playing around with Google's new web browser and Tor. I
>> > thought it might be good to share my findings with everyone.
>> > After reading Google's privacy policy[1], I for one would not want
>> to
>> > use this on a regular basis, if at all.
>> >
>> > The first bug I tried was an old one I found with Firefox; the
>> NEWS://
>> > URI type.
>> > Any link that has a NEWS:// URI will launch Outlook Express and
>> > attempt to contact the server in the URL...without using Tor.
>> >
>> > The second bug I found resulted in local file/folder disclosure.
>> > This is very similar to the one I found in Internet Explorer.
>> >
>> > The third bug I found was with MIME-TYPEs, specifically Windows
>> Media
>> > Player supported formats.
>> > The BANNER tag can also leak your IP address when the playlist is
>> > loaded *IF* WMP is not set to use a proxy.
>> > Also, a playlist in WMP can specify protocols that use UDP, hence,
>> no
>> > proxy support...no Tor.
>> >
>> > On the flip-side, it is very cool how each browser tab is it's own
>> > process, making several types of attacks much more difficult.
>> > However, with an invasive privacy policy, local proxy bypassing,
>> and
>> > local files/folders able to be read from your hard drive, I've
>> decided
>> > not to use this browser.
>> >
>> > It just doesn't feel privacy/anonymity friendly to me.
>> > Anyone else want to chime in on this?
>> >
>> >
>> > - Kyle
>> >
>> > [1] http://www.google.com/chrome/intl/en/privacy.html
>> > (Basically states you have no privacy when using Chrome)
>>
More information about the tor-talk
mailing list