Debian Bug report logs - #792580
chromium: Chromium calls home even in incognito mode with safe browsing turned off

version graph

Package: chromium; Maintainer for chromium is Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>; Source for chromium is src:chromium-browser.

Reported by: Martín Ferrari <tincho@debian.org>

Date: Thu, 16 Jul 2015 13:03:02 UTC

Severity: important

Tags: confirmed, help, upstream

Found in versions chromium-browser/43.0.2357.130-1, chromium-browser/47.0.2526.80-1~deb8u1

Forwarded to http://crbug.com/498272

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, tincho@debian.org, agi@inittab.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package chromium. (Thu, 16 Jul 2015 13:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martín Ferrari <tincho@debian.org>:
New Bug report received and forwarded. Copy sent to tincho@debian.org, agi@inittab.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>. (Thu, 16 Jul 2015 13:03:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martín Ferrari <tincho@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: chromium: Chromium calls home even in incognito mode with safe browsing turned off
Date: Thu, 16 Jul 2015 15:00:49 +0200
Package: chromium
Version: 43.0.2357.130-1
Severity: important

A Chromium session started in incognito mode, with the malware protection
turned off, still is calling home sending unknown data. I think this is a
unacceptable threat to personal privacy. I don't know what's being sent, but I
am highly suspicious of this behaviour.

Note that when I captured this, I haven't even pressed a single key on the
Chromium window.

$ ps ax|grep chrom|awk '{print $1}'|xargs -l1 lsof -n -p|grep TCP
chromium 17401 tincho   71u     IPv6             588111       0t0     TCP
[<redacted>]:53203->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho   74u     IPv6             587287       0t0     TCP
[<redacted>]:44801->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho   88u     IPv6             589310       0t0     TCP
[<redacted>]:53199->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho   95u     IPv6             588078       0t0     TCP
[<redacted>]:44796->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho   96u     IPv6             588079       0t0     TCP
[<redacted>]:44797->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho  118u     IPv6             589334       0t0     TCP
[<redacted>]:57744->[2a00:1450:400c:c07::bc]:5228 (ESTABLISHED)
chromium 17401 tincho  123u     IPv6             590134       0t0     TCP
[<redacted>]:59367->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho  153u     IPv6             589362       0t0     TCP
[<redacted>]:59370->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho  154u     IPv6             588128       0t0     TCP
[<redacted>]:47996->[2a00:1450:4007:80d::2004]:https (ESTABLISHED)
chromium 17401 tincho  156u     IPv6             588139       0t0     TCP
[<redacted>]:59372->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages chromium depends on:
ii  libasound2           1.0.29-1
ii  libatk1.0-0          2.16.0-2
ii  libc6                2.19-18
ii  libcairo2            1.14.2-2
ii  libcups2             2.0.3-6
ii  libdbus-1-3          1.8.18-1
ii  libexpat1            2.1.0-6+b3
ii  libfontconfig1       2.11.0-6.3
ii  libfreetype6         2.5.2-4
ii  libgdk-pixbuf2.0-0   2.31.4-2
ii  libglib2.0-0         2.44.1-1.1
ii  libgnome-keyring0    3.12.0-1+b1
ii  libgtk2.0-0          2.24.28-1
ii  libharfbuzz0b        0.9.41-1
ii  libjpeg62-turbo      1:1.4.0-7
ii  libnspr4             2:4.10.8-2
ii  libnss3              2:3.19.2-1
ii  libpango-1.0-0       1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpci3              1:3.2.1-3
ii  libsnappy1           1.1.2-4
ii  libspeechd2          0.8-7
ii  libspeex1            1.2~rc1.2-1
ii  libsrtp0             1.4.5~20130609~dfsg-1.1
ii  libstdc++6           5.1.1-12
ii  libx11-6             2:1.6.3-1
ii  libxcomposite1       1:0.4.4-1
ii  libxcursor1          1:1.1.14-1+b1
ii  libxdamage1          1:1.1.4-2+b1
ii  libxext6             2:1.3.3-1
ii  libxfixes3           1:5.0.1-2+b2
ii  libxi6               2:1.7.4-1+b2
ii  libxml2              2.9.1+dfsg1-5
ii  libxrandr2           2:1.4.2-1+b1
ii  libxrender1          1:0.9.8-1+b1
ii  libxslt1.1           1.1.28-2+b2
ii  libxss1              1:1.2.2-1
ii  libxtst6             2:1.2.2-1+b1
ii  x11-utils            7.7+3
ii  xdg-utils            1.1.0~rc1+git20111210-7.4

chromium recommends no packages.

Versions of packages chromium suggests:
pn  chromium-l10n  <none>

-- Configuration Files:
/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc [Errno 2] No such file or directory: u'/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc'
/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932 [Errno 2] No such file or directory: u'/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932'
/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833 [Errno 2] No such file or directory: u'/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833'

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package chromium. (Sun, 26 Jul 2015 03:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>. (Sun, 26 Jul 2015 03:51:03 GMT) Full text and rfc822 format available.

Message #10 received at 792580@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 792580@bugs.debian.org, 792580-submitter@bugs.debian.org
Subject: re: calls home
Date: Sat, 25 Jul 2015 23:47:12 -0400
control: tag -1 confirmed, help, upstream

chrome://net-internals may be useful to figure more about what is
going on, particularly chrome://net-internals/#sockets.

It will probably be a lot of work to figure out where in the code this
is happening, and I don't have a lot of time right now for chromium,
so I'm looking for help.

Best wishes,
Mike



Added tag(s) help, confirmed, and upstream. Request was from Michael Gilbert <mgilbert@debian.org> to 792580-submit@bugs.debian.org. (Sun, 26 Jul 2015 03:51:03 GMT) Full text and rfc822 format available.

Message sent on to Martín Ferrari <tincho@debian.org>:
Bug#792580. (Sun, 26 Jul 2015 03:51:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package chromium. (Thu, 22 Oct 2015 18:06:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Morris <sam@robots.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>. (Thu, 22 Oct 2015 18:06:15 GMT) Full text and rfc822 format available.

Message #20 received at 792580@bugs.debian.org (full text, mbox, reply):

From: Sam Morris <sam@robots.org.uk>
To: Martín Ferrari <tincho@debian.org>
Cc: 792580@bugs.debian.org
Subject: chromium: Chromium calls home even in incognito mode with safe browsing turned off
Date: Thu, 22 Oct 2015 18:33:37 +0100
[Message part 1 (text/plain, inline)]
If you set the SSLKEYLOG environment variable to a file, then point
Wireshark at it, you should be able to decode the unknown traffic.

See https://www.imperialviolet.org/2012/06/25/wireshark.html for some
more details.

-- 
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package chromium. (Sat, 24 Oct 2015 05:15:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Yuhong Bao <yuhongbao_386@hotmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>. (Sat, 24 Oct 2015 05:15:07 GMT) Full text and rfc822 format available.

Message #25 received at 792580@bugs.debian.org (full text, mbox, reply):

From: Yuhong Bao <yuhongbao_386@hotmail.com>
To: "792580@bugs.debian.org" <792580@bugs.debian.org>
Subject: chromium: Chromium calls home even in incognito mode with safe browsing turned off
Date: Fri, 23 Oct 2015 22:13:03 -0700
FYI, see https://code.google.com/p/chromium/issues/detail?id=498272 		 	   		  


Set Bug forwarded-to-address to 'http://crbug.com/498272'. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 25 Oct 2015 02:39:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#792580; Package chromium. (Sun, 10 Jan 2016 01:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antoine Beaupré <anarcat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>. (Sun, 10 Jan 2016 01:39:05 GMT) Full text and rfc822 format available.

Message #32 received at 792580@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@debian.org>
To: Debian Bug Tracking System <792580@bugs.debian.org>
Subject: Re: chromium: Chromium calls home even in incognito mode with safe browsing turned off
Date: Sat, 09 Jan 2016 20:35:48 -0500
Package: chromium
Version: 47.0.2526.80-1~deb8u1
Followup-For: Bug #792580

Here what i see is no mere "phone home" checkin to see if extensions
are up to date or anything. It's nothing less than a freaking phone
home on Google Analytics (GA), nothing less.

I have a bunch of tabs opened here, when i start chromium,
granted. But all are "asleep" behind the "great suspender" so they
should not generate traffic (and especially not to GA).

Here's what i see in chrome://net-internals/#sockets:

transport_socket_pool
Name	Pending	Top Priority	Active	Idle	Connect Jobs	Backup Timer	Stalled
www.google-analytics.com:80	0	-	0	1	0	stopped	false

Wireshark sees this as:

127	21.559852	192.168.1.227	207.219.213.57	HTTP	928	GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 

this can show up as "clients.l.google.com" as well:

GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
Accept: image/webp,image/*,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Wed, 16 Dec 2015 07:48:49 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Age: 2136248
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive

GIF89a.............,...........D..;

admire how chromium dutifully sends the futile and pathetic DNT
header. I'm sure that does great for google's analytics. i am probably
in the special "Do Really Track Those" bucket now.

wtf. seriously.

oh, and SSLKEYLOG was mentionned before, it's actually SSLKEYLOGFILE,
and i can't make wireshark load it: even after pointing to it in the
SSL preferences, SSL traffic is not decrypted - the above is only what
i found on port 80.

Heck, i even see traffic to stats.l.doubleclick.net, satan in person!
oh the memories and joy... should i bring back the /etc/hosts file?

note that i have both uBlock and uMatrix enabled here, none of which
catch the snitch.

shouldn't this be treated as a security issue?

pretty amazing.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (500, 'oldstable'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  libasound2           1.0.28-1
ii  libatk1.0-0          2.14.0-1
ii  libc6                2.19-18+deb8u1
ii  libcairo2            1.14.0-2.1
ii  libcups2             1.7.5-11+deb8u1
ii  libdbus-1-3          1.8.20-0+deb8u1
ii  libexpat1            2.1.0-6+deb8u1
ii  libfontconfig1       2.11.0-6.3
ii  libfreetype6         2.5.2-3+deb8u1
ii  libgcc1              1:4.9.2-10
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u4
ii  libglib2.0-0         2.42.1-1
ii  libgnome-keyring0    3.12.0-1+b1
ii  libgtk2.0-0          2.24.25-3
ii  libjpeg62-turbo      1:1.3.1-12
ii  libnspr4             2:4.10.7-1+deb8u1
ii  libnspr4-0d          2:4.10.7-1+deb8u1
ii  libnss3              2:3.17.2-1.1+deb8u2
ii  libnss3-1d           2:3.17.2-1.1+deb8u2
ii  libpango-1.0-0       1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpci3              1:3.2.1-3
ii  libspeechd2          0.8-7
ii  libsrtp0             1.4.5~20130609~dfsg-1.1
ii  libstdc++6           4.9.2-10
ii  libx11-6             2:1.6.2-3
ii  libxcomposite1       1:0.4.4-1
ii  libxcursor1          1:1.1.14-1+b1
ii  libxdamage1          1:1.1.4-2+b1
ii  libxext6             2:1.3.3-1
ii  libxfixes3           1:5.0.1-2+b2
ii  libxi6               2:1.7.4-1+b2
ii  libxml2              2.9.1+dfsg1-5+deb8u1
ii  libxrandr2           2:1.4.2-1+b1
ii  libxrender1          1:0.9.8-1+b1
ii  libxslt1.1           1.1.28-2+b2
ii  libxss1              1:1.2.2-1
ii  libxtst6             2:1.2.2-1+b1
ii  x11-utils            7.7+2
ii  xdg-utils            1.1.0~rc1+git20111210-7.4

chromium recommends no packages.

Versions of packages chromium suggests:
ii  chromium-inspector  47.0.2526.80-1~deb8u1
ii  chromium-l10n       47.0.2526.80-1~deb8u1

-- no debconf information



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Mar 31 14:57:48 2016; Machine Name: buxtehude

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.