Block access to Google's servers

[amilopowers]

I saw in my log that CopperheadOS does connect to Google servers to check if it is behind a captive portal. I guess it does that at least every time it reconnects to a Wlan network.

02-12 15:09:54.588 4542 4919 D WifiCapabilities: Checking http://clients3.google.com/generate_204 to see if we're behind a captive portal

I propose to remove that (if possible) because it leaks information about me. Possibly there are other points where to OS connects to Google servers.

[amilopowers]

And I think you should stop using Google's captcha service for your website and if there are other services like fonts and so on.

[amilopowers]

And I think you should stop using Google's captcha service for your website and if there are other services like fonts and so on.

[thestinger]

The site isn't going to stop using CloudFlare. It greatly reduces the number of requests and bandwidth used by the server, and it speeds up the site quite a bit via their many data centers around the world. We can't afford to replace it.

[thestinger]

The site isn't going to stop using CloudFlare. It greatly reduces the number of requests and bandwidth used by the server, and it speeds up the site quite a bit via their many data centers around the world. We can't afford to replace it.

[thestinger]

Not going to be blocking connections to Google in CopperheadOS either. People (rightfully) expect that kind of thing to work. We're aware of the default URL used to trigger provisioning. It could be replaced with a copperhead.co URL but it's not doing any kind of tracking, it just needs something to provide a 204 status code. In this case it wouldn't be that much pain to replace, but that's not universally true. What about time servers, which currently uses a public pool of servers usable for tracking?

[thestinger]

Not going to be blocking connections to Google in CopperheadOS either. People (rightfully) expect that kind of thing to work. We're aware of the default URL used to trigger provisioning. It could be replaced with a copperhead.co URL but it's not doing any kind of tracking, it just needs something to provide a 204 status code. In this case it wouldn't be that much pain to replace, but that's not universally true. What about time servers, which currently uses a public pool of servers usable for tracking?

[lbdroid]

It might be a good idea to identify all of the points in the code where it is using various servers, and while leaving those as default values, provide an interface where they can all be changed from the defaults.

@amilopowers if you distrust google that much, consider a line in your hosts file redirecting google.com to 127.0.0.1.

[lbdroid]

It might be a good idea to identify all of the points in the code where it is using various servers, and while leaving those as default values, provide an interface where they can all be changed from the defaults.

@amilopowers if you distrust google that much, consider a line in your hosts file redirecting google.com to 127.0.0.1.

[thestinger]

I'm not aware of any connection to Google in the base OS beyond the internet access check. There would be very little return from investing a bunch of time in making it configurable, exposing an IPC API and then making a UX to change it... it's also the kind of additional attack surface that we're not planning on adding without very good reasons to do it.

[thestinger]

I'm not aware of any connection to Google in the base OS beyond the internet access check. There would be very little return from investing a bunch of time in making it configurable, exposing an IPC API and then making a UX to change it... it's also the kind of additional attack surface that we're not planning on adding without very good reasons to do it.

[thestinger]

Not going to be blocking connections to Google, so this can be closed. Changing the internet access check / provisioning trigger URL can be a separate issue. Feel free to file bugs about specific issues like this but I don't want any meta bugs and I'm not aware of any other cases. See #194 for that HTTP GET request to check for internet access.

[thestinger]

Not going to be blocking connections to Google, so this can be closed. Changing the internet access check / provisioning trigger URL can be a separate issue. Feel free to file bugs about specific issues like this but I don't want any meta bugs and I'm not aware of any other cases. See #194 for that HTTP GET request to check for internet access.