Contrary to Google claims, open Chromium is also following you
Google has a lot of great services, the quality of which is truly impressive. However, his mania of spying on everything and everything often crosses the border. Comic, but very intelligible about this tells the video Google Toilet , which, for sure, many have already seen here. And probably everyone remembers the story of collecting open Wi-Fi traffic. This short article will talk about the Chromium browser .
So, many of us like the Chrome browser. But not everyone has his privacy policy, which allows you to use almost any information about the sites you are viewing "in order to improve the quality of Google services." But we have a Chromium! It is Open Source, which means that there should not be spyware code there. This hunchconfirmed by the English Wikipedia , saying that the difference between Chrome and Chromium in the absence of Google-branding, auto-update and, cheers, the absence of sending "spy" data to Google!
Let's see if this is really so!
So, launch the sniffer, launch the browser, and ... You guessed it, right? First of all, the browser crawls on Google to get an identification cookie (note, I do not perform any actions in the interface):
HEAD / HTTP/1.1
Host: www.google.com
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 302 Found
Location: www.google.ru
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie:
PREF=ID=632128af861ebb83:TM=1281420591:LM=1281420591:S=ELyyEhjZ2JNSeGMV;
expires=Thu, 09-Aug-2012 06:09:51 GMT; path=/; domain=.google.com
Set-Cookie: NID=37=r81qA-
WGJc3SVSCovGM80YSzQb0LXRe39SHMzqClX_9reL_jYI7q3Y3UKfXAdVtkv8m5fZl1W6XR-
of4k10wGAw4LQYK5LTatCv3BOGwcmOc5V_1yhWjo9Hj6qbX2acc; expires=Wed, 09-
Feb-2011 06:09:51 GMT; path=/; domain=.google.com; HttpOnly
Date: Tue, 10 Aug 2010 06:09:51 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
And then Google pings financial analytics service:
GET /tools/pso/ping?
as=chrome&brand=&pid=&hl=en&rep=2&rlz=I7:1I7GGLL_ru,W1:1W1GGLL_ru,T4:1T4GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,R7:1R7GGLL_ru&dcc=T
HTTP/1.1
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; Win32)
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Aug 2010 06:10:07 GMT
Expires: Tue, 10 Aug 2010 06:10:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked
rlzT4: 1T4GGLL_ru
rlzR7: 1R7GGLL_ru
rlzW1: 1W1GGLL_ru
rlzC1: 1C1_____enRU392RU392
rlzC2: 1C2_____enRU392
rlzI7: 1I7GGLL_ru
dcc: T
set_dcc:
T4:1T4GGLL_ru,R7:1R7GGLL_ru,W1:1W1GGLL_ru,C1:1C1_____enRU392RU392,C2:1C2_____enRU392,I7:1I7GGLL_ru
events:
stateful-events:
crc32: 7c33310f
That this is a financial server, and not some super-mega-very coded useful service can be very easily verified by looking at the sources of the RLZ library , kindly published by Google itself. Below I give the most interesting piece of code to us:
//
// Ping information.
//
// rep=2: includes the new stateful events.
const char kProtocolCgiArgument[] = "rep=2";
const char kEventsCgiVariable[] = "events";
const char kStatefulEventsCgiVariable[] = "stateful-events";
const char kEventsCgiSeparator = ',';
const char kRlzCgiVariable[] = "rlz";
const char kRlzCgiSeparator[] = ",";
const char kRlzCgiIndicator[] = ":";
const char kProductSignatureCgiVariable[] = "as";
const char kProductBrandCgiVariable[] = "brand";
const char kProductLanguageCgiVariable[] = "hl";
const char kProductIdCgiVariable[] = "pid";
const char kDccCgiVariable[] = "dcc";
const char kRlsCgiVariable[] = "rls";
const char kMachineIdCgiVariable[] = "id";
const char kSetDccResponseVariable[] = "set_dcc";
//
// Financial server information.
//
const char kFinancialPingPath[] = "/tools/pso/ping";
const char kFinancialServer[] = "clients1.google.com";
const char kFinancialPingType[] = "GET";
const int kFinancialPort = 80;
// Ping times in 100-nanosecond intervals.
const int64 kEventsPingInterval = 24LL * 3600LL * 10000000LL; // 1 day
const int64 kNoEventsPingInterval = kEventsPingInterval * 7LL; // 1 week
const char kFinancialPingUserAgent[] = "Mozilla/4.0 (compatible; Win32)";
const char* kFinancialPingResponseObjects[] = { "text/*", NULL };
Moreover, I remind you that Google itself claims that this code is used ONLY for marking branded downloads and it is not even in Chrome downloaded from offsite, not to mention "take a free", white and fluffy Chromium.
I raised the discussion of this problem in the official Google group Chromium-discuss , where confirmation of the anomalous nature of this behavior was obtained. Interestingly, Google again “by mistake” decided to collect more data about users?