Google's Chrome Web Browser and Tor

Geoff Down downie at castlecops.net
Thu Sep 4 23:01:56 UTC 2008


Is there an echo in here?
Is there an echo in here?
On 4 Sep 2008, at 23:46, Kyle Williams wrote:

> I've also noticed that while using the "incognito" feature, I was able 
> to see my history from a regular browser window.
>
> Example:
> If I were to visit "www.microsoft.com" in a regular window, opened a 
> new "incognito" window, then type in "www" in the URL bar, it shows 
> that I've visited "www.microsoft.com" or any other site that was 
> visited from a regular browser window. 
>
> So it looks like the History in a regular browser window is accessible 
> from the "incognito" window, but not the other way around.
>
>
> On Thu, Sep 4, 2008 at 3:27 PM, Hideki Saito <hidekis at gmail.com> wrote:
>> Just curious to how private is their private browsing feature. Don't
>>  feel much secure to me for plugins (perhaps cookies are isolated 
>> though)
>>  as it is not really meant for use with Tor...
>>
>>  > Hi all,
>>  >
>>  > I've been playing around with Google's new web browser and Tor.  I
>>  > thought it might be good to share my findings with everyone.
>>  > After reading Google's privacy policy[1], I for one would not want 
>> to
>>  > use this on a regular basis, if at all.
>>  >
>>  > The first bug I tried was an old one I found with Firefox; the 
>> NEWS://
>>  > URI type.
>>  > Any link that has a NEWS:// URI will launch Outlook Express and
>>  > attempt to contact the server in the URL...without using Tor.
>>  >
>>  > The second bug I found resulted in local file/folder disclosure.
>>  > This is very similar to the one I found in Internet Explorer.
>>  >
>>  > The third bug I found was with MIME-TYPEs, specifically Windows 
>> Media
>>  > Player supported formats.
>>  > The BANNER tag can also leak your IP address when the playlist is
>>  > loaded *IF* WMP is not set to use a proxy.
>>  > Also, a playlist in WMP can specify protocols that use UDP, hence, 
>> no
>>  > proxy support...no Tor.
>>  >
>>  > On the flip-side, it is very cool how each browser tab is it's own
>>  > process, making several types of attacks much more difficult.
>>  > However, with an invasive privacy policy, local proxy bypassing, 
>> and
>>  > local files/folders able to be read from your hard drive, I've 
>> decided
>>  > not to use this browser.
>>  >
>>  > It just doesn't feel privacy/anonymity friendly to me.
>>  > Anyone else want to chime in on this?
>>  >
>>  >
>>  > - Kyle
>>  >
>>  > [1] http://www.google.com/chrome/intl/en/privacy.html
>>  > (Basically states you have no privacy when using Chrome)
>>



More information about the tor-talk mailing list