File: CHROME_NOTES

package info (click to toggle)
torbutton 1.2.5-3
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 2,888 kB
  • ctags: 997
  • sloc: xml: 2,119; sh: 46; makefile: 11
file content (120 lines) | stat: -rw-r--r-- 4,534 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
- Investigation of Privacy Mode:
  - Good:
    - Cookies Cleared+memory only
    - Cache cleared and memory-only
    - History not available via javascript or CSS
    - Safe because currently unsupported:
      - Geolocation not supported in browser
      - DOM Storage not supported
      - HTML5 Storage not supported
    - Http auth is cleared
    - Do they have a session store?
      - Yes. It is disabled.
    - Form history disabled
      - But non-private entries still available
    - Malware and phishing protection
      - Per-url check?
        - Doesn't seem like it..
  - Bad:
    - RLZ Identifier sent with all queries even in Incognito mode
      - http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=107684
    - Flash cookies not cleared
    - Google gears are still available
      - Do they have their own storage?
        - Yes. Completely ignores private mode.
    - Safebrowsing API key not cleared?
      - but updates may not happen "under" the incognito window
    - Desktop resolution available
    - Browser resolution is available
    - SSL session keys
      - Not cleared!
      - They clear trusted certs tho
    - Timezone not spoofed

- Misc Features we definitely need:
  - Incognito-specific proxy settings
    - Browser proxy settings currently do not apply immediately
  - Plugin enable/disable controls
  - Spoof user agent
  - Referer alteration API
  - Autolaunching of remote apps needs to be disabled
  - API to opt-out of all the opt-in tracking for incognito mode
  - Cookie API would be nice
  - Need network.security.ports.banned
    - http://www.remote.org/jochen/sec/hfpa/hfpa.pdf
  - Resize windows (content-window side possibly ok)

- Future investigation
  - Non-private form history still available
    - Forms seem to not be auto-filled, but this may be different
      for some fields?
  - How evil is google update? will it happen over incognito?
    - http://en.wikipedia.org/wiki/Google_Updater#Google_Updater
    - http://en.wikipedia.org/wiki/SRWare_Iron#Differences_from_Chrome
    - http://foliovision.com/2008/12/09/adwords-ppc-organic-rlz/
  - Test in more detail with sysinternals for disk writes
  - What about safebrowsing requests? Can they bypass proxy?
  - Video tag supports H264 and ogg via ffmpeg
    - Hrmm.. proxy bypass ability?

- Test results. Used Incognito Mode with the test suites from:
  https://www.torproject.org/torbutton/design/#SingleStateTesting
  - Decloak.net:
    - Recovers IP and DNS via Java
    - Recovers IP via flash
  - Deanonymizer.com
    - Failed NNTP and FTP quicktime
  - JohnDo's hated some headers
  - Mr. T got a lot of shit wrong...
  - http://labs.isecpartners.com/breadcrumbs/breadcrumbs.html

- Comparison with Torora
  - http://github.com/mwenge/torora/tree/master/doc/DESIGN.torora
  - Good ideas for both chrome and torbutton:
    - Cache/Cookie expiry every 24hrs
    - Random preturbation on Date() object..
      - No longer possible without js hooks :/
      - Possible if Chrome allows non-delatable shadowing of window.Date()
        from user scripts. ECMA says it should

==========================================

- Incognito Issues:
  - SSL session keys
    - Not cleared!
  - Flash cookies not cleared
    - Better Privacy? Permissions?
  - Google gears are still available
    - Do they have their own storage?
      - Yes. Completely ignores private mode.
  - RLZ override/disable for incognito
  - Opt out of opt-in tracking?
  - Source code:
    http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/profile.cc

- Privacy Enhancing API Wishlist (remove existing items):
  - http://code.google.com/chrome/extensions/devguide.html
  - Prefs (copy-on-write for incognito mode)
    - Incognito-specific proxy settings
      - Should not be used for safebrowsing or app/addon update
    - pref to disable autolaunch of apps/warn user
    - network.security.ports.banned
    - User agent (that also govern navigator.*)
      - could be done (better) via http headers and good hook support
  - Core APIs:
    - Per-Plugin enable/disable controls
    - Cookie API
    - Cache control
    - HTTP header alteration ("on-modify-request")
      - Referrer, accept, user agent
  - Javascript hooks:
    - http://code.google.com/chrome/extensions/content_scripts.html
      - Bleh, these suck... Too limited.
    - ECMA compliance
    - desktop+screen resolution
    - Date hooking
    - navigator.* hooking

- Posted at:
  - http://groups.google.com/group/chromium-extensions/t/ceba26ca9e2f6a78