📜 ⬆️ ⬇️

Contrary to the claims of Google, the open Chromium is also watching you.

Google has a lot of great services, the quality of which is truly impressive. However, his mania of spying for everything often goes beyond the boundaries. Comfortably, but very lucidly, Google Toilet video tells about this, which, surely, many have already seen here. And everyone probably remembers the story of the collection of open Wi-Fi traffic. In this small article we will talk about the browser Chromium .

So many of us like the Chrome browser. But not everyone has his privacy policy, which allows you to use almost any information about the sites you are viewing "in order to improve the quality of Google services." But we have Chromium! It is open source, which means that spyware should not be there. This guess is confirmed by the English Wikipedia , which says that the difference between Chrome and Chromium in the absence of Google branding, auto-update and, hurray, the absence of sending “spy” data to Google!

Let's see if this is true!

So, we launch a sniffer, we launch the browser, and .... You guessed it, right? First of all, the browser climbs on Google to get an identification cookie (note, I do not perform any actions in the interface):
Host: www.google.com
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/534.6 (KHTML, like Gecko) Chrome/6.0.489.0 Safari/534.6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3

HTTP/1.1 302 Found
Location: www.google.ru
Cache-Control: private
Content-Type: text/html; charset=UTF-8
expires=Thu, 09-Aug-2012 06:09:51 GMT; path=/; domain=.google.com
Set-Cookie: NID=37=r81qA-
of4k10wGAw4LQYK5LTatCv3BOGwcmOc5V_1yhWjo9Hj6qbX2acc; expires=Wed, 09-
Feb-2011 06:09:51 GMT; path=/; domain=.google.com; HttpOnly

Date: Tue, 10 Aug 2010 06:09:51 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block

, :
GET /tools/pso/ping?
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; Win32)
Host: clients1.google.com

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Aug 2010 06:10:07 GMT
Expires: Tue, 10 Aug 2010 06:10:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked

rlzT4: 1T4GGLL_ru
rlzR7: 1R7GGLL_ru
rlzW1: 1W1GGLL_ru
rlzC1: 1C1_____enRU392RU392
rlzC2: 1C2_____enRU392
rlzI7: 1I7GGLL_ru
dcc: T
crc32: 7c33310f

, , - -- , RLZ, Google. :

// Ping information.

// rep=2: includes the new stateful events.
const char kProtocolCgiArgument[] = "rep=2";

const char kEventsCgiVariable[] = "events";
const char kStatefulEventsCgiVariable[] = "stateful-events";
const char kEventsCgiSeparator = ',';

const char kRlzCgiVariable[] = "rlz";
const char kRlzCgiSeparator[] = ",";
const char kRlzCgiIndicator[] = ":";

const char kProductSignatureCgiVariable[] = "as";
const char kProductBrandCgiVariable[] = "brand";
const char kProductLanguageCgiVariable[] = "hl";
const char kProductIdCgiVariable[] = "pid";

const char kDccCgiVariable[] = "dcc";
const char kRlsCgiVariable[] = "rls";
const char kMachineIdCgiVariable[] = "id";
const char kSetDccResponseVariable[] = "set_dcc";

// Financial server information.

const char kFinancialPingPath[] = "/tools/pso/ping";
const char kFinancialServer[] = "clients1.google.com";
const char kFinancialPingType[] = "GET";

const int kFinancialPort = 80;

// Ping times in 100-nanosecond intervals.
const int64 kEventsPingInterval = 24LL * 3600LL * 10000000LL; // 1 day
const int64 kNoEventsPingInterval = kEventsPingInterval * 7LL; // 1 week

const char kFinancialPingUserAgent[] = "Mozilla/4.0 (compatible; Win32)";
const char* kFinancialPingResponseObjects[] = { "text/*", NULL };

, , , Chrome, , « », Chromium.

Chromium-discuss, . , « » - ?


Source: https://habr.com/ru/post/101396/

All Articles