Skip to content
This repository has been archived by the owner on Nov 15, 2017. It is now read-only.

Privacy matters: Hidden remote connections

Jump to bottom
Raymond Hill edited this page Apr 22, 2014 · 55 revisions

HTTP Switchboard uses the chrome.webRequest API to filter/report net requests. However, anything which is not passed to the above API by your Chromium-based browser can not be filtered/reported by HTTPSB.

These requests are not merely behind-the-scene (which are reported by HTTPSB), they are also unavailable to extensions, which means it is even more difficult for a user to be aware of these. So here are lists of all the connections which have been found to be hidden from user view, i.e. which can not be reported as behind-the-scene requests by HTTPSB, and therefore can not be filtered through HTTPSB.

The remote connections were collated after having disabled everything which can be reasonably disabled by a user in order to prevent as much those hidden remote connections. Only the about:blank page was opened after browser was launched, and only HTTPSB extension installed locally was present.

TODO Evaluate the use of the following command-line switches:

  • --host-rules desc
  • --disable-background-networking desc
    • "The following systems are disabled via this flag: IntranetRedirectDetector (requests randomURLs 2-5s after startup); GoogleUrlTracker (searchdomaincheck); SafeBrowsing updater; Extension updater" (ref) (thanks!)
  • --disable-component-extensions-with-background-pages desc (I still need to figure what this does exactly, but it seems this got rid of that Hangout Services thing sometimes showing up in the Task manager (need to confirm this though when time allows).

Chromium 31 + HTTPSB / Linux

At start, and then regularly:

[gibberish].1e100.net         # seems to correspond to "clients[?].google.com"

At start, if "Settings/Languages/Offer to translate pages that..." is enabled:

translate.googleapis.com

When visiting the "Settings" page, regardless of whether "Settings/Languages/Offer to translate pages that..." is enabled or disabled:

translate.googleapis.com

Chrome developer on reddit: "Chromium does extension updates, yes ... I see translate.googleapis.com in the code too. I'm not 100% sure so I filed a bug and assigned it to the right people."

Chrome 32 + HTTPSB / Windows

At start, and then regularly:

[gibberish].1e100.net         # seems to correspond to "clients[?].google.com"

At start, if "Settings/Languages/Offer to translate pages that aren't in a language that I read" is enabled:

translate.googleapis.com

When visiting the "Settings" page, regardless of whether "Settings/Languages/Offer to translate pages that..." is enabled or disabled:

translate.googleapis.com

Opera 19 + HTTPSB / Windows

At start:

autoupdate.geo.opera.com

Sometimes at start (might be related to above autoupdate.geo.opera.com):

[gibberish].cloudfront.net

Sometimes at start but less often, seemingly related to "Settings/Search/Manage search engines...":

[gibberish].1e100.net         # google.com
origin.any.bing.com
205.251.242.54                # amazon.com
[gibberish].yahoo.com

Firefox 26 + NoScript / Linux

For reference purpose.

At start:

ocsp.godaddy.com.akadns.net
secure.informaction.com
Clone this wiki locally