Chrome started to phone home?

Discussion in 'other security issues & news' started by Yuki2718, Feb 27, 2015.

  1. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I found in my Norton's firewall log there's many blocked entries of Chrome trying to connect to www.google.com, id.google.com, ssl.gstatic.com, apis.google.com etc. via UDP443, and ajax.googleapis.com etc. via UDP80.
    I haven't seen such activity except occasional access attempt to google-analytics when I update Chrome, and I disabled most of Chrome's privacy invasive features.
    Does anyone have some idea about this?
     
  2. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,633
    Location:
    Toronto, Canada
    Just a guess that could be somewhat unrelated, but I know that Chrome has updated policies to allow more checking of "unwanted" programs that have the potential to affect Chrome. Even going as far as silently and without prompt, installing their Software Removal Tool within Chrome's user profile folder. Here is a link that Chrome's management people pointed me toward: https://www.google.com/chrome/browser/privacy/whitepaper.html

    But on a technical level of why Chrome is phoning home for you, I don't have a software firewall with decent logging capabilities to confirm right now. Although maybe this is something that we all need to look into further.
     
  3. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Thanks for your reply, I read that article too.
    Currently I'm not sure about this.:(
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Also, Chrome MAY Be connecting to STUN servers for WEBRTC, we're still investigating, but Chrome is certainly firing off quite a lot of activity lately.

    I'm not happy about it, to say the least. I am exploring alternatives now, but they would also require me switching out my desktop AV, and frankly the alternatives right now are terrible.. (firefox is.. ugh)
     
  6. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I've found all of the forked Chromium's to largely be inflated claims with little substance. Unfortunately. Also they ALL contain STUN/WebRTC, I just tested 4 different forks. Although even 'small' improvements in SRWARE Iron may be worth it.. I just need to investigate.

    Also, Iron doesn't seem to be as supported anymore.. News hasn't been updated in 3 years on the website, and the latest version is almost a month old.
     
  8. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    271
    Location:
    USA
    I would never use SWRare Iron it is not trustworthy at all: http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-real-private-alternative-to-chrome-21/
     
  9. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
    Thanks.
    What fork do you suggest?
     
  10. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Update checks for the browser, Safe Browsing and/or extensions? Maybe this would help:

    http://thesimplecomputer.info/the-private-life-of-chromium-browsers

    None? Most forks are slow to update (lame!) and who knows what kind of alterations they make that might introduce bugs or weaken the browser sandbox...

    Just use Chrome and with privacy settings changed if you are concerned...

    https://support.google.com/chrome/answer/114836?p=settings_privacy&rd=1
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I'm looking WebRTC thread too, but it appears it's another issue.
    I never trust Iron. They mislead user to believe as if they are using latest Chromium by showing false version number. And tho I used Dragon in past, this and its successer Chromodo are no more secure browser, they lag behind latest Chromium in update, and also see recent MITM issue on Privdog and new discovery that the Privdog have been sent URL you visitted in plain text!

    I don't have any recommendation on alternative Chromium-based browser, as I don't like even Blink Opera.
    Thanks, but I've been disabled automatic update and all other privacy invasive function which I'm aware of. So it must be another issue and somehow I haven't noticed such connection attempt until now, and strangely now I don't see that connection attempt again.
     
Loading...