Debian Bug report logs -
#792580
chromium: Chromium calls home even in incognito mode with safe browsing turned off
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to
debian-bugs-dist@lists.debian.org, tincho@debian.org, agi@inittab.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package
chromium.
(Thu, 16 Jul 2015 13:03:05 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Martín Ferrari <tincho@debian.org>:
New Bug report received and forwarded. Copy sent to
tincho@debian.org, agi@inittab.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Thu, 16 Jul 2015 13:03:05 GMT)
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: chromium
Version: 43.0.2357.130-1
Severity: important
A Chromium session started in incognito mode, with the malware protection
turned off, still is calling home sending unknown data. I think this is a
unacceptable threat to personal privacy. I don't know what's being sent, but I
am highly suspicious of this behaviour.
Note that when I captured this, I haven't even pressed a single key on the
Chromium window.
$ ps ax|grep chrom|awk '{print $1}'|xargs -l1 lsof -n -p|grep TCP
chromium 17401 tincho 71u IPv6 588111 0t0 TCP
[<redacted>]:53203->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho 74u IPv6 587287 0t0 TCP
[<redacted>]:44801->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 88u IPv6 589310 0t0 TCP
[<redacted>]:53199->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho 95u IPv6 588078 0t0 TCP
[<redacted>]:44796->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 96u IPv6 588079 0t0 TCP
[<redacted>]:44797->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 118u IPv6 589334 0t0 TCP
[<redacted>]:57744->[2a00:1450:400c:c07::bc]:5228 (ESTABLISHED)
chromium 17401 tincho 123u IPv6 590134 0t0 TCP
[<redacted>]:59367->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho 153u IPv6 589362 0t0 TCP
[<redacted>]:59370->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho 154u IPv6 588128 0t0 TCP
[<redacted>]:47996->[2a00:1450:4007:80d::2004]:https (ESTABLISHED)
chromium 17401 tincho 156u IPv6 588139 0t0 TCP
[<redacted>]:59372->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages chromium depends on:
ii libasound2 1.0.29-1
ii libatk1.0-0 2.16.0-2
ii libc6 2.19-18
ii libcairo2 1.14.2-2
ii libcups2 2.0.3-6
ii libdbus-1-3 1.8.18-1
ii libexpat1 2.1.0-6+b3
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-4
ii libgdk-pixbuf2.0-0 2.31.4-2
ii libglib2.0-0 2.44.1-1.1
ii libgnome-keyring0 3.12.0-1+b1
ii libgtk2.0-0 2.24.28-1
ii libharfbuzz0b 0.9.41-1
ii libjpeg62-turbo 1:1.4.0-7
ii libnspr4 2:4.10.8-2
ii libnss3 2:3.19.2-1
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpci3 1:3.2.1-3
ii libsnappy1 1.1.2-4
ii libspeechd2 0.8-7
ii libspeex1 1.2~rc1.2-1
ii libsrtp0 1.4.5~20130609~dfsg-1.1
ii libstdc++6 5.1.1-12
ii libx11-6 2:1.6.3-1
ii libxcomposite1 1:0.4.4-1
ii libxcursor1 1:1.1.14-1+b1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxi6 2:1.7.4-1+b2
ii libxml2 2.9.1+dfsg1-5
ii libxrandr2 2:1.4.2-1+b1
ii libxrender1 1:0.9.8-1+b1
ii libxslt1.1 1.1.28-2+b2
ii libxss1 1:1.2.2-1
ii libxtst6 2:1.2.2-1+b1
ii x11-utils 7.7+3
ii xdg-utils 1.1.0~rc1+git20111210-7.4
chromium recommends no packages.
Versions of packages chromium suggests:
pn chromium-l10n <none>
-- Configuration Files:
/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc [Errno 2] No such file or directory: u'/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc'
/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932 [Errno 2] No such file or directory: u'/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932'
/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833 [Errno 2] No such file or directory: u'/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833'
-- no debconf information
Information forwarded
to
debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package
chromium.
(Sun, 26 Jul 2015 03:51:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to
Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Sun, 26 Jul 2015 03:51:03 GMT)
Full text and
rfc822 format available.
Message #10 received at 792580@bugs.debian.org (full text, mbox, reply):
control: tag -1 confirmed, help, upstream
chrome://net-internals may be useful to figure more about what is
going on, particularly chrome://net-internals/#sockets.
It will probably be a lot of work to figure out where in the code this
is happening, and I don't have a lot of time right now for chromium,
so I'm looking for help.
Best wishes,
Mike
Added tag(s) help, confirmed, and upstream.
Request was from
Michael Gilbert <mgilbert@debian.org>
to
792580-submit@bugs.debian.org.
(Sun, 26 Jul 2015 03:51:03 GMT)
Full text and
rfc822 format available.
Message sent on
to
Martín Ferrari <tincho@debian.org>:
Bug#792580.
(Sun, 26 Jul 2015 03:51:06 GMT)
Full text and
rfc822 format available.
Information forwarded
to
debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package
chromium.
(Thu, 22 Oct 2015 18:06:15 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Sam Morris <sam@robots.org.uk>:
Extra info received and forwarded to list. Copy sent to
Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Thu, 22 Oct 2015 18:06:15 GMT)
Full text and
rfc822 format available.
Message #20 received at 792580@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
If you set the SSLKEYLOG environment variable to a file, then point
Wireshark at it, you should be able to decode the unknown traffic.
See https://www.imperialviolet.org/2012/06/25/wireshark.html for some
more details.
--
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package
chromium.
(Sat, 24 Oct 2015 05:15:07 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Yuhong Bao <yuhongbao_386@hotmail.com>:
Extra info received and forwarded to list. Copy sent to
Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Sat, 24 Oct 2015 05:15:07 GMT)
Full text and
rfc822 format available.
Message #25 received at 792580@bugs.debian.org (full text, mbox, reply):
FYI, see https://code.google.com/p/chromium/issues/detail?id=498272
Information forwarded
to
debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package
chromium.
(Sun, 10 Jan 2016 01:39:05 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Antoine Beaupré <anarcat@debian.org>:
Extra info received and forwarded to list. Copy sent to
Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Sun, 10 Jan 2016 01:39:05 GMT)
Full text and
rfc822 format available.
Message #32 received at 792580@bugs.debian.org (full text, mbox, reply):
Package: chromium
Version: 47.0.2526.80-1~deb8u1
Followup-For: Bug #792580
Here what i see is no mere "phone home" checkin to see if extensions
are up to date or anything. It's nothing less than a freaking phone
home on Google Analytics (GA), nothing less.
I have a bunch of tabs opened here, when i start chromium,
granted. But all are "asleep" behind the "great suspender" so they
should not generate traffic (and especially not to GA).
Here's what i see in chrome://net-internals/#sockets:
transport_socket_pool
Name Pending Top Priority Active Idle Connect Jobs Backup Timer Stalled
www.google-analytics.com:80 0 - 0 1 0 stopped false
Wireshark sees this as:
127 21.559852 192.168.1.227 207.219.213.57 HTTP 928 GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
this can show up as "clients.l.google.com" as well:
GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
Accept: image/webp,image/*,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Wed, 16 Dec 2015 07:48:49 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Age: 2136248
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
GIF89a.............,...........D..;
admire how chromium dutifully sends the futile and pathetic DNT
header. I'm sure that does great for google's analytics. i am probably
in the special "Do Really Track Those" bucket now.
wtf. seriously.
oh, and SSLKEYLOG was mentionned before, it's actually SSLKEYLOGFILE,
and i can't make wireshark load it: even after pointing to it in the
SSL preferences, SSL traffic is not decrypted - the above is only what
i found on port 80.
Heck, i even see traffic to stats.l.doubleclick.net, satan in person!
oh the memories and joy... should i bring back the /etc/hosts file?
note that i have both uBlock and uMatrix enabled here, none of which
catch the snitch.
shouldn't this be treated as a security issue?
pretty amazing.
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (500, 'oldstable'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chromium depends on:
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-18+deb8u1
ii libcairo2 1.14.0-2.1
ii libcups2 1.7.5-11+deb8u1
ii libdbus-1-3 1.8.20-0+deb8u1
ii libexpat1 2.1.0-6+deb8u1
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-3+deb8u1
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u4
ii libglib2.0-0 2.42.1-1
ii libgnome-keyring0 3.12.0-1+b1
ii libgtk2.0-0 2.24.25-3
ii libjpeg62-turbo 1:1.3.1-12
ii libnspr4 2:4.10.7-1+deb8u1
ii libnspr4-0d 2:4.10.7-1+deb8u1
ii libnss3 2:3.17.2-1.1+deb8u2
ii libnss3-1d 2:3.17.2-1.1+deb8u2
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpci3 1:3.2.1-3
ii libspeechd2 0.8-7
ii libsrtp0 1.4.5~20130609~dfsg-1.1
ii libstdc++6 4.9.2-10
ii libx11-6 2:1.6.2-3
ii libxcomposite1 1:0.4.4-1
ii libxcursor1 1:1.1.14-1+b1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxi6 2:1.7.4-1+b2
ii libxml2 2.9.1+dfsg1-5+deb8u1
ii libxrandr2 2:1.4.2-1+b1
ii libxrender1 1:0.9.8-1+b1
ii libxslt1.1 1.1.28-2+b2
ii libxss1 1:1.2.2-1
ii libxtst6 2:1.2.2-1+b1
ii x11-utils 7.7+2
ii xdg-utils 1.1.0~rc1+git20111210-7.4
chromium recommends no packages.
Versions of packages chromium suggests:
ii chromium-inspector 47.0.2526.80-1~deb8u1
ii chromium-l10n 47.0.2526.80-1~deb8u1
-- no debconf information
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Mar 31 14:57:48 2016;
Machine Name:
buxtehude
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.
