all-add-trk-prefixes-to-possibly-evil-connections.patch

From 06f6141610cb2aa562c94dbb9f1f4355e4b34c5d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 30 Sep 2019 09:37:51 +0200
Subject: [PATCH 75/76] all: add trk: prefixes to possibly evil connections

Prefix URLs to Google services with trk: so that whenever something
tries to load them, the developer will be informed via printf and
dialog (extra info bar between URLbar and content window) about this.

If you see such dialog, we know that (a) either the URL needs to be
whitelisted, or (b) the feature that triggered it needs to be disabled
by default.
---
 build/mac/tweak_info_plist.py                 |  2 +-
 .../customization/customization_document.cc   |  2 +-
 .../file_manager/private_api_drive.cc         |  2 +-
 .../file_manager/private_api_misc.cc          |  2 +-
 .../remote_commands/crd_host_delegate.cc      |  6 +++---
 .../cryptotoken_private_api.cc                |  4 ++--
 chrome/browser/extensions/install_signer.cc   |  2 +-
 .../media/webrtc/webrtc_event_log_uploader.cc |  2 +-
 .../media/webrtc/webrtc_log_uploader.cc       |  2 +-
 .../nacl_host/nacl_infobar_delegate.cc        |  2 +-
 .../profiles/profile_avatar_downloader.cc     |  2 +-
 .../default_apps/external_extensions.json     |  6 +++---
 .../client_side_detection_service.cc          |  2 +-
 .../download_protection/download_feedback.cc  |  2 +-
 .../spellcheck_hunspell_dictionary.cc         |  2 +-
 .../supervised_user_service.cc                |  2 +-
 .../browser/tracing/crash_service_uploader.cc |  2 +-
 .../ui/views/outdated_upgrade_bubble_view.cc  |  2 +-
 .../ui/webui/ntp/ntp_resource_cache.cc        |  8 ++++----
 .../components/recovery_component.cc          |  2 +-
 .../crash/crashpad_crash_reporter.cc          |  2 +-
 .../extensions/chrome_extensions_client.cc    |  4 ++--
 .../setup/google_chrome_behaviors.cc          |  2 +-
 .../browser/service/cast_service_simple.cc    |  2 +-
 chromecast/crash/linux/minidump_uploader.cc   |  2 +-
 .../simple_geolocation_provider.cc            |  2 +-
 .../common/cloud_devices_urls.cc              |  8 ++++----
 components/drive/service/drive_api_service.cc |  4 ++--
 components/feedback/feedback_uploader.cc      |  2 +-
 components/gcm_driver/gcm_account_tracker.cc  |  4 ++--
 components/google/core/common/google_util.cc  |  2 +-
 .../core/browser/web_history_service.cc       |  6 +++---
 components/metrics/url_constants.cc           |  2 +-
 .../core/browser/password_store.cc            |  8 ++++----
 .../safe_search_url_checker_client.cc         |  2 +-
 .../safe_search_api/stub_url_checker.cc       |  2 +-
 .../core/browser/translate_url_fetcher.cc     |  1 +
 .../translate/core/common/translate_util.cc   |  2 +-
 .../variations/variations_url_constants.cc    |  2 +-
 .../speech/speech_recognition_engine.cc       |  2 +-
 .../browser/webauth/authenticator_common.cc   |  4 ++--
 .../shell/browser/shell_browser_main_parts.cc |  2 +-
 google_apis/gaia/gaia_constants.cc            | 20 +++++++++----------
 google_apis/gaia/gaia_urls.cc                 |  1 +
 google_apis/gcm/engine/gservices_settings.cc  |  6 +++---
 .../notifier/base/gaia_token_pre_xmpp_auth.cc |  2 +-
 remoting/base/breakpad_mac.mm                 |  2 +-
 remoting/protocol/jingle_messages.cc          |  2 +-
 rlz/lib/lib_values.cc                         |  2 +-
 third_party/libjingle_xmpp/xmpp/constants.cc  |  6 +++---
 .../chromevox/background/prefs.js             |  4 ++--
 .../chromevoxclassic/host/chrome/host.js      |  4 ++--
 ui/views/examples/webview_example.cc          |  2 +-
 54 files changed, 89 insertions(+), 87 deletions(-)

--- a/ash/components/geolocation/simple_geolocation_provider.cc
+++ b/ash/components/geolocation/simple_geolocation_provider.cc
@@ -20,7 +20,7 @@ namespace ash {
 namespace {
 
 const char kDefaultGeolocationProviderUrl[] =
-    "https://www.googleapis.com/geolocation/v1/geolocate?";
+    "trk:215:https://www.googleapis.com/geolocation/v1/geolocate?";
 
 }  // namespace
 
--- a/build/apple/tweak_info_plist.py
+++ b/build/apple/tweak_info_plist.py
@@ -195,7 +195,7 @@ def _AddKeystoneKeys(plist, bundle_ident
   also requires the |bundle_identifier| argument (com.example.product)."""
   plist['KSVersion'] = plist['CFBundleShortVersionString']
   plist['KSProductID'] = bundle_identifier
-  plist['KSUpdateURL'] = 'https://tools.google.com/service/update2'
+  plist['KSUpdateURL'] = 'trk:132:https://tools.google.com/service/update2'
 
   _RemoveKeys(plist, 'KSChannelID')
   if base_tag != '':
--- a/chrome/browser/ash/customization/customization_document.cc
+++ b/chrome/browser/ash/customization/customization_document.cc
@@ -198,7 +198,7 @@ std::string ReadFileInBackground(const b
 
 // Template URL where to fetch OEM services customization manifest from.
 const char ServicesCustomizationDocument::kManifestUrl[] =
-    "https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
+    "trk:151:https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
 
 // A custom extensions::ExternalLoader that the ServicesCustomizationDocument
 // creates and uses to publish OEM default apps to the extensions system.
--- a/chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc
+++ b/chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc
@@ -93,7 +93,7 @@ namespace {
 
 using api::file_manager_private::ProfileInfo;
 
-const char kCWSScope[] = "https://www.googleapis.com/auth/chromewebstore";
+const char kCWSScope[] = "trk:209:https://www.googleapis.com/auth/chromewebstore";
 
 // Thresholds for mountCrostini() API.
 constexpr base::TimeDelta kMountCrostiniSlowOperationThreshold =
--- a/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
+++ b/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
@@ -52,8 +52,8 @@ namespace {
 
 const char kGoogleDotCom[] = "google.com";
 constexpr const char* kGoogleGstaticAppIds[] = {
-    "https://www.gstatic.com/securitykey/origins.json",
-    "https://www.gstatic.com/securitykey/a/google.com/origins.json"};
+    "trk:273:https://www.gstatic.com/securitykey/origins.json",
+    "trk:274:https://www.gstatic.com/securitykey/a/google.com/origins.json"};
 
 // ContainsAppIdByHash returns true iff the SHA-256 hash of one of the
 // elements of |list| equals |hash|.
--- a/chrome/browser/extensions/install_signer.cc
+++ b/chrome/browser/extensions/install_signer.cc
@@ -66,7 +66,7 @@ const int kSignatureFormatVersion = 2;
 const size_t kSaltBytes = 32;
 
 const char kBackendUrl[] =
-    "https://www.googleapis.com/chromewebstore/v1.1/items/verify";
+    "trk:222:https://www.googleapis.com/chromewebstore/v1.1/items/verify";
 
 const char kPublicKeyPEM[] =                                            \
     "-----BEGIN PUBLIC KEY-----"                                        \
--- a/chrome/browser/media/webrtc/webrtc_event_log_uploader.cc
+++ b/chrome/browser/media/webrtc/webrtc_event_log_uploader.cc
@@ -125,7 +125,7 @@ void OnURLLoadUploadProgress(uint64_t cu
 }  // namespace
 
 const char WebRtcEventLogUploaderImpl::kUploadURL[] =
-    "https://clients2.google.com/cr/report";
+    "trk:300:https://clients2.google.com/cr/report";
 
 WebRtcEventLogUploaderImpl::Factory::Factory(
     scoped_refptr<base::SequencedTaskRunner> task_runner)
--- a/chrome/browser/media/webrtc/webrtc_log_uploader.cc
+++ b/chrome/browser/media/webrtc/webrtc_log_uploader.cc
@@ -484,7 +484,7 @@ void WebRtcLogUploader::UploadCompressed
             "Not implemented, it would be good to do so."
         })");
 
-  constexpr char kUploadURL[] = "https://clients2.google.com/cr/report";
+  constexpr char kUploadURL[] = "trk:301:https://clients2.google.com/cr/report";
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = !upload_url_for_testing_.is_empty()
                               ? upload_url_for_testing_
--- a/chrome/browser/nacl_host/nacl_infobar_delegate.cc
+++ b/chrome/browser/nacl_host/nacl_infobar_delegate.cc
@@ -33,7 +33,7 @@ std::u16string NaClInfoBarDelegate::GetL
 }
 
 GURL NaClInfoBarDelegate::GetLinkURL() const {
-  return GURL("https://support.google.com/chrome/?p=ib_nacl");
+  return GURL("trk:143:https://support.google.com/chrome/?p=ib_nacl");
 }
 
 std::u16string NaClInfoBarDelegate::GetMessageText() const {
--- a/chrome/browser/profiles/profile_avatar_downloader.cc
+++ b/chrome/browser/profiles/profile_avatar_downloader.cc
@@ -20,7 +20,7 @@
 
 namespace {
 const char kHighResAvatarDownloadUrlPrefix[] =
-    "https://www.gstatic.com/chrome/profile_avatars/";
+    "trk:271:https://www.gstatic.com/chrome/profile_avatars/";
 }
 
 ProfileAvatarDownloader::ProfileAvatarDownloader(size_t icon_index,
--- a/chrome/browser/resources/default_apps/external_extensions.json
+++ b/chrome/browser/resources/default_apps/external_extensions.json
@@ -3,7 +3,7 @@
 {
   // Drive extension
   "ghbmnnjooekpmoecnnnilnnbdlolhkhi" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx"
   }
 }
 
--- a/chrome/browser/safe_browsing/download_protection/download_feedback.cc
+++ b/chrome/browser/safe_browsing/download_protection/download_feedback.cc
@@ -192,7 +192,7 @@ const int64_t DownloadFeedback::kMaxUplo
 
 // static
 const char DownloadFeedback::kSbFeedbackURL[] =
-    "https://safebrowsing.google.com/safebrowsing/uploads/chrome";
+    "trk:164:https://safebrowsing.google.com/safebrowsing/uploads/chrome";
 
 // static
 DownloadFeedbackFactory* DownloadFeedback::factory_ = nullptr;
--- a/chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc
+++ b/chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc
@@ -279,7 +279,7 @@ GURL SpellcheckHunspellDictionary::GetDi
   DCHECK(!bdict_file.empty());
 
   static const char kDownloadServerUrl[] =
-      "https://redirector.gvt1.com/edgedl/chrome/dict/";
+      "trk:173:https://redirector.gvt1.com/edgedl/chrome/dict/";
 
   return GURL(std::string(kDownloadServerUrl) +
               base::ToLowerASCII(bdict_file));
--- a/chrome/browser/supervised_user/supervised_user_service.cc
+++ b/chrome/browser/supervised_user/supervised_user_service.cc
@@ -85,7 +85,7 @@ namespace {
 
 // The URL from which to download a host denylist if no local one exists yet.
 const char kDenylistURL[] =
-    "https://www.gstatic.com/chrome/supervised_user/denylist-20141001-1k.bin";
+    "trk:272:https://www.gstatic.com/chrome/supervised_user/denylist-20141001-1k.bin";
 // The filename under which we'll store the denylist (in the user data dir).
 const char kDenylistFilename[] = "su-denylist.bin";
 
--- a/chrome/browser/ui/dialogs/outdated_upgrade_bubble.cc
+++ b/chrome/browser/ui/dialogs/outdated_upgrade_bubble.cc
@@ -49,7 +49,7 @@ const char* kUpdateBrowserRedirectUrl =
 #else
     // The URL to be used to re-install Chrome when auto-update failed for
     // too long.
-    "https://www.google.com/chrome";
+    "trk:242:https://www.google.com/chrome";
 #endif
 
 bool g_upgrade_bubble_is_showing = false;
--- a/chrome/browser/ui/webui/ntp/ntp_resource_cache.cc
+++ b/chrome/browser/ui/webui/ntp/ntp_resource_cache.cc
@@ -71,17 +71,17 @@ namespace {
 // The URL for the the Learn More page shown on incognito new tab.
 const char kLearnMoreIncognitoUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=incognito";
+    "trk:246:https://support.google.com/chromebook/?p=incognito";
 #else
-    "https://support.google.com/chrome/?p=incognito";
+    "trk:247:https://support.google.com/chrome/?p=incognito";
 #endif
 
 // The URL for the Learn More page shown on guest session new tab.
 const char kLearnMoreGuestSessionUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=chromebook_guest";
+    "trk:248:https://support.google.com/chromebook/?p=chromebook_guest";
 #else
-    "https://support.google.com/chrome/?p=ui_guest";
+    "trk:261:https://support.google.com/chrome/?p=ui_guest";
 #endif
 
 std::string ReplaceTemplateExpressions(
--- a/chrome/chrome_cleaner/components/recovery_component.cc
+++ b/chrome/chrome_cleaner/components/recovery_component.cc
@@ -37,7 +37,7 @@ namespace chrome_cleaner {
 namespace {
 
 const char kComponentDownloadUrl[] =
-    "https://clients2.google.com/service/update2/crx?response=redirect&os=win"
+    "trk:108:https://clients2.google.com/service/update2/crx?response=redirect&os=win"
     "&installsource=swreporter&x=id%3Dnpdjjkjlcidkjlamlmmdelcjbcpdjocm"
     "%26v%3D0.0.0.0%26uc&acceptformat=crx3";
 
--- a/chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc
+++ b/chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc
@@ -28,7 +28,7 @@
 namespace {
 
 // The URL where crash reports are uploaded.
-const char kReportUploadURL[] = "https://clients2.google.com/cr/report";
+const char kReportUploadURL[] = "trk:302:https://clients2.google.com/cr/report";
 
 // Whether the current process is connected to a crash handler process.
 bool g_is_connected_to_crash_handler = false;
--- a/chrome/common/extensions/chrome_extensions_client.cc
+++ b/chrome/common/extensions/chrome_extensions_client.cc
@@ -45,9 +45,9 @@ namespace {
 
 // TODO(battre): Delete the HTTP URL once the blocklist is downloaded via HTTPS.
 const char kExtensionBlocklistUrlPrefix[] =
-    "http://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:269:http://www.gstatic.com/chrome/extensions/blocklist";
 const char kExtensionBlocklistHttpsUrlPrefix[] =
-    "https://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:270:https://www.gstatic.com/chrome/extensions/blocklist";
 
 }  // namespace
 
--- a/chrome/installer/setup/google_chrome_behaviors.cc
+++ b/chrome/installer/setup/google_chrome_behaviors.cc
@@ -37,7 +37,7 @@ namespace installer {
 namespace {
 
 constexpr base::WStringPiece kUninstallSurveyUrl(
-    L"https://support.google.com/chrome?p=chrome_uninstall_survey");
+    L"trk:253:https://support.google.com/chrome?p=chrome_uninstall_survey");
 
 bool NavigateToUrlWithEdge(const std::wstring& url) {
   std::wstring protocol_url = L"microsoft-edge:" + url;
--- a/chromecast/crash/linux/minidump_uploader.cc
+++ b/chromecast/crash/linux/minidump_uploader.cc
@@ -41,7 +41,7 @@ namespace {
 
 const char kProductName[] = "Eureka";
 
-const char kCrashServerProduction[] = "https://clients2.google.com/cr/report";
+const char kCrashServerProduction[] = "trk:305:https://clients2.google.com/cr/report";
 
 const char kVirtualChannel[] = "virtual-channel";
 
--- a/components/drive/service/drive_api_service.cc
+++ b/components/drive/service/drive_api_service.cc
@@ -76,9 +76,9 @@ namespace drive {
 namespace {
 
 // OAuth2 scopes for Drive API.
-const char kDriveScope[] = "https://www.googleapis.com/auth/drive";
+const char kDriveScope[] = "trk:217:https://www.googleapis.com/auth/drive";
 const char kDriveAppsReadonlyScope[] =
-    "https://www.googleapis.com/auth/drive.apps.readonly";
+    "trk:218:https://www.googleapis.com/auth/drive.apps.readonly";
 const char kDriveAppsScope[] = "https://www.googleapis.com/auth/drive.apps";
 
 // Mime type to create a directory.
--- a/components/feedback/feedback_uploader.cc
+++ b/components/feedback/feedback_uploader.cc
@@ -37,7 +37,7 @@ constexpr base::FilePath::CharType kFeed
     FILE_PATH_LITERAL("Feedback Reports");
 
 constexpr char kFeedbackPostUrl[] =
-    "https://www.google.com/tools/feedback/chrome/__submit";
+    "trk:232:https://www.google.com/tools/feedback/chrome/__submit";
 
 constexpr char kProtoBufMimeType[] = "application/x-protobuf";
 
--- a/components/google/core/common/google_util.cc
+++ b/components/google/core/common/google_util.cc
@@ -141,7 +141,7 @@ bool IsGoogleSearchSubdomainUrl(const GU
 
 // Global functions -----------------------------------------------------------
 
-const char kGoogleHomepageURL[] = "https://www.google.com/";
+const char kGoogleHomepageURL[] = "trk:113:https://www.google.com/";
 
 bool HasGoogleSearchQueryParam(base::StringPiece str) {
   url::Component query(0, static_cast<int>(str.length())), key, value;
--- a/components/history/core/browser/web_history_service.cc
+++ b/components/history/core/browser/web_history_service.cc
@@ -45,13 +45,13 @@ namespace history {
 namespace {
 
 const char kHistoryOAuthScope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:138:https://www.googleapis.com/auth/chromesync";
 
 const char kHistoryQueryHistoryUrl[] =
-    "https://history.google.com/history/api/lookup?client=chrome";
+    "trk:139:https://history.google.com/history/api/lookup?client=chrome";
 
 const char kHistoryDeleteHistoryUrl[] =
-    "https://history.google.com/history/api/delete?client=chrome";
+    "trk:140:https://history.google.com/history/api/delete?client=chrome";
 
 const char kHistoryAudioHistoryUrl[] =
     "https://history.google.com/history/api/lookup?client=audio";
--- a/components/metrics/url_constants.cc
+++ b/components/metrics/url_constants.cc
@@ -7,7 +7,7 @@
 namespace metrics {
 
 const char kNewMetricsServerUrl[] =
-    "https://clientservices.googleapis.com/uma/v2";
+    "trk:265:https://clientservices.googleapis.com/uma/v2";
 
 const char kNewMetricsServerUrlInsecure[] =
     "http://clientservices.googleapis.com/uma/v2";
--- a/components/safe_browsing/content/browser/client_side_detection_service.cc
+++ b/components/safe_browsing/content/browser/client_side_detection_service.cc
@@ -63,7 +63,7 @@ const int ClientSideDetectionService::kN
 const int ClientSideDetectionService::kPositiveCacheIntervalMinutes = 30;
 
 const char ClientSideDetectionService::kClientReportPhishingUrl[] =
-    "https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
+    "trk:148:https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
 
 struct ClientSideDetectionService::ClientPhishingReportInfo {
   std::unique_ptr<network::SimpleURLLoader> loader;
--- a/components/safe_search_api/safe_search/safe_search_url_checker_client.cc
+++ b/components/safe_search_api/safe_search/safe_search_url_checker_client.cc
@@ -28,7 +28,7 @@ namespace safe_search_api {
 namespace {
 
 const char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 const char kDataContentType[] = "application/x-www-form-urlencoded";
 const char kDataFormat[] = "key=%s&urls=%s";
 
--- a/components/safe_search_api/stub_url_checker.cc
+++ b/components/safe_search_api/stub_url_checker.cc
@@ -21,7 +21,7 @@ namespace safe_search_api {
 namespace {
 
 constexpr char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 
 std::string BuildResponse(bool is_porn) {
   base::Value::Dict dict;
--- a/components/translate/core/browser/translate_url_fetcher.cc
+++ b/components/translate/core/browser/translate_url_fetcher.cc
@@ -99,6 +99,7 @@ bool TranslateURLFetcher::Request(const
   if (!extra_request_header_.empty())
     resource_request->headers.AddHeaderFromString(extra_request_header_);
 
+  fprintf(stderr, "translator: fetching something from %s\n", url_.spec().c_str());
   simple_loader_ =
       variations::CreateSimpleURLLoaderWithVariationsHeaderUnknownSignedIn(
           std::move(resource_request),
--- a/components/translate/core/common/translate_util.cc
+++ b/components/translate/core/common/translate_util.cc
@@ -21,7 +21,7 @@ const char kDetectLanguageInSubFrames[]
 
 }  // namespace
 
-const char kSecurityOrigin[] = "https://translate.googleapis.com/";
+const char kSecurityOrigin[] = "trk:220:https://translate.googleapis.com/";
 
 const base::Feature kTranslateSubFrames{"TranslateSubFrames",
                                         base::FEATURE_DISABLED_BY_DEFAULT};
--- a/components/variations/variations_url_constants.cc
+++ b/components/variations/variations_url_constants.cc
@@ -8,7 +8,7 @@ namespace variations {
 
 // Default server of Variations seed info.
 const char kDefaultServerUrl[] =
-    "https://clientservices.googleapis.com/chrome-variations/seed";
+    "trk:142:https://clientservices.googleapis.com/chrome-variations/seed";
 
 const char kDefaultInsecureServerUrl[] =
     "http://clientservices.googleapis.com/chrome-variations/seed";
--- a/content/browser/speech/speech_recognition_engine.cc
+++ b/content/browser/speech/speech_recognition_engine.cc
@@ -33,7 +33,7 @@ namespace content {
 namespace {
 
 const char kWebServiceBaseUrl[] =
-    "https://www.google.com/speech-api/full-duplex/v1";
+    "trk:184:https://www.google.com/speech-api/full-duplex/v1";
 const char kDownstreamUrl[] = "/down?";
 const char kUpstreamUrl[] = "/up?";
 
--- a/content/browser/webauth/webauth_request_security_checker.h
+++ b/content/browser/webauth/webauth_request_security_checker.h
@@ -42,9 +42,9 @@ class CONTENT_EXPORT WebAuthRequestSecur
   // Legacy App IDs, which google.com origins are allowed to assert for
   // compatibility reasons.
   static constexpr char kGstaticAppId[] =
-      "https://www.gstatic.com/securitykey/origins.json";
+      "trk:276:https://www.gstatic.com/securitykey/origins.json";
   static constexpr char kGstaticCorpAppId[] =
-      "https://www.gstatic.com/securitykey/a/google.com/origins.json";
+      "trk:277:https://www.gstatic.com/securitykey/a/google.com/origins.json";
 
   explicit WebAuthRequestSecurityChecker(RenderFrameHost* host);
   WebAuthRequestSecurityChecker(const WebAuthRequestSecurityChecker&) = delete;
--- a/content/shell/browser/shell_browser_main_parts.cc
+++ b/content/shell/browser/shell_browser_main_parts.cc
@@ -85,7 +85,7 @@ GURL GetStartupURL() {
 #else
   const base::CommandLine::StringVector& args = command_line->GetArgs();
   if (args.empty())
-    return GURL("https://www.google.com/");
+    return GURL("trk:183:https://www.google.com/");
 
 #if BUILDFLAG(IS_WIN)
   GURL url(base::WideToUTF16(args[0]));
--- a/extensions/common/extension_urls.cc
+++ b/extensions/common/extension_urls.cc
@@ -26,9 +26,9 @@ bool IsSourceFromAnExtension(const std::
 
 namespace extension_urls {
 
-const char kChromeWebstoreBaseURL[] = "https://chrome.google.com/webstore";
+const char kChromeWebstoreBaseURL[] = "trk:09:https://chrome.google.com/webstore";
 const char kChromeWebstoreUpdateURL[] =
-    "https://clients2.google.com/service/update2/crx";
+    "trk:05:https://clients2.google.com/service/update2/crx";
 
 GURL GetWebstoreLaunchURL() {
   extensions::ExtensionsClient* client = extensions::ExtensionsClient::Get();
--- a/google_apis/gaia/gaia_constants.cc
+++ b/google_apis/gaia/gaia_constants.cc
@@ -17,149 +17,149 @@ const char kUnexpectedServiceResponse[]
 const char kGaiaService[] = "gaia";
 
 // OAuth scopes.
-const char kOAuth1LoginScope[] = "https://www.google.com/accounts/OAuthLogin";
+const char kOAuth1LoginScope[] = "trk:069:https://www.google.com/accounts/OAuthLogin";
 
 // Service/scope names for device management (cloud-based policy) server.
 const char kDeviceManagementServiceOAuth[] =
-    "https://www.googleapis.com/auth/chromeosdevicemanagement";
+    "trk:070:https://www.googleapis.com/auth/chromeosdevicemanagement";
 
 // OAuth2 scope for access to all Google APIs.
-const char kAnyApiOAuth2Scope[] = "https://www.googleapis.com/auth/any-api";
+const char kAnyApiOAuth2Scope[] = "trk:071:https://www.googleapis.com/auth/any-api";
 
 // OAuth2 scope for access to Chrome sync APIs
 const char kChromeSyncOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:072:https://www.googleapis.com/auth/chromesync";
 // OAuth2 scope for access to the Chrome Sync APIs for managed profiles.
 const char kChromeSyncSupervisedOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromesync_playpen";
+    "trk:073:https://www.googleapis.com/auth/chromesync_playpen";
 
 // OAuth2 scope for parental consent logging for secondary account addition.
 const char kKidManagementPrivilegedOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kid.management.privileged";
+    "trk:075:https://www.googleapis.com/auth/kid.management.privileged";
 
 // OAuth2 scope for access to Google Family Link Supervision Setup.
 const char kKidsSupervisionSetupChildOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kids.supervision.setup.child";
+    "trk:076:https://www.googleapis.com/auth/kids.supervision.setup.child";
 
 // OAuth2 scope for access to Google Talk APIs (XMPP).
 const char kGoogleTalkOAuth2Scope[] =
-    "https://www.googleapis.com/auth/googletalk";
+    "trk:077:https://www.googleapis.com/auth/googletalk";
 
 // OAuth2 scope for access to Google account information.
 const char kGoogleUserInfoEmail[] =
-    "https://www.googleapis.com/auth/userinfo.email";
+    "trk:078:https://www.googleapis.com/auth/userinfo.email";
 const char kGoogleUserInfoProfile[] =
-    "https://www.googleapis.com/auth/userinfo.profile";
+    "trk:079:https://www.googleapis.com/auth/userinfo.profile";
 
 // OAuth2 scope for access to the parent approval widget.
 const char kParentApprovalOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kids.parentapproval";
+    "trk:080:https://www.googleapis.com/auth/kids.parentapproval";
 
 // OAuth2 scope for access to the people API (read-only).
 const char kPeopleApiReadOnlyOAuth2Scope[] =
-    "https://www.googleapis.com/auth/peopleapi.readonly";
+    "trk:081:https://www.googleapis.com/auth/peopleapi.readonly";
 
 // OAuth2 scope for access to the programmatic challenge API (read-only).
 const char kProgrammaticChallengeOAuth2Scope[] =
-    "https://www.googleapis.com/auth/accounts.programmaticchallenge";
+    "trk:082:https://www.googleapis.com/auth/accounts.programmaticchallenge";
 
 // OAuth2 scope for access to the Reauth flow.
 const char kAccountsReauthOAuth2Scope[] =
-    "https://www.googleapis.com/auth/accounts.reauth";
+    "trk:083:https://www.googleapis.com/auth/accounts.reauth";
 
 // OAuth2 scope for access to audit recording (ARI).
 const char kAuditRecordingOAuth2Scope[] =
-    "https://www.googleapis.com/auth/auditrecording-pa";
+    "trk:084:https://www.googleapis.com/auth/auditrecording-pa";
 
 // OAuth2 scope for access to clear cut logs.
-const char kClearCutOAuth2Scope[] = "https://www.googleapis.com/auth/cclog";
+const char kClearCutOAuth2Scope[] = "trk:085:https://www.googleapis.com/auth/cclog";
 
 // OAuth2 scope for FCM, the Firebase Cloud Messaging service.
 const char kFCMOAuthScope[] =
-    "https://www.googleapis.com/auth/firebase.messaging";
+    "trk:086:https://www.googleapis.com/auth/firebase.messaging";
 
 // OAuth2 scope for access to Tachyon api.
-const char kTachyonOAuthScope[] = "https://www.googleapis.com/auth/tachyon";
+const char kTachyonOAuthScope[] = "trk:087:https://www.googleapis.com/auth/tachyon";
 
 // OAuth2 scope for access to the Photos API.
-const char kPhotosOAuth2Scope[] = "https://www.googleapis.com/auth/photos";
+const char kPhotosOAuth2Scope[] = "trk:088:https://www.googleapis.com/auth/photos";
 
 // OAuth2 scope for access to the SecureConnect API.
 extern const char kSecureConnectOAuth2Scope[] =
-    "https://www.googleapis.com/auth/bce.secureconnect";
+    "trk:074:https://www.googleapis.com/auth/bce.secureconnect";
 
 // OAuth2 scope for access to Cast backdrop API.
 const char kCastBackdropOAuth2Scope[] =
-    "https://www.googleapis.com/auth/cast.backdrop";
+    "trk:089:https://www.googleapis.com/auth/cast.backdrop";
 
 // OAuth scope for access to Cloud Translation API.
 const char kCloudTranslationOAuth2Scope[] =
-    "https://www.googleapis.com/auth/cloud-translation";
+    "trk:090:https://www.googleapis.com/auth/cloud-translation";
 
 // OAuth2 scope for access to passwords leak checking API.
 const char kPasswordsLeakCheckOAuth2Scope[] =
-    "https://www.googleapis.com/auth/identity.passwords.leak.check";
+    "trk:091:https://www.googleapis.com/auth/identity.passwords.leak.check";
 
 // OAuth2 scope for access to Chrome safe browsing API.
 const char kChromeSafeBrowsingOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chrome-safe-browsing";
+    "trk:092:https://www.googleapis.com/auth/chrome-safe-browsing";
 
 // OAuth2 scope for access to kid permissions by URL.
 const char kClassifyUrlKidPermissionOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kid.permission";
+    "trk:093:https://www.googleapis.com/auth/kid.permission";
 const char kKidFamilyReadonlyOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kid.family.readonly";
+    "trk:094:https://www.googleapis.com/auth/kid.family.readonly";
 
 // OAuth2 scope for access to payments.
 const char kPaymentsOAuth2Scope[] =
-    "https://www.googleapis.com/auth/wallet.chrome";
+    "trk:095:https://www.googleapis.com/auth/wallet.chrome";
 
 const char kCryptAuthOAuth2Scope[] =
-    "https://www.googleapis.com/auth/cryptauth";
+    "trk:096:https://www.googleapis.com/auth/cryptauth";
 
 // OAuth2 scope for access to Drive.
-const char kDriveOAuth2Scope[] = "https://www.googleapis.com/auth/drive";
+const char kDriveOAuth2Scope[] = "trk:097:https://www.googleapis.com/auth/drive";
 
 // The scope required for an access token in order to query ItemSuggest.
 const char kDriveReadOnlyOAuth2Scope[] =
-    "https://www.googleapis.com/auth/drive.readonly";
+    "trk:098:https://www.googleapis.com/auth/drive.readonly";
 
 // OAuth2 scope for access to Assistant SDK.
 const char kAssistantOAuth2Scope[] =
-    "https://www.googleapis.com/auth/assistant-sdk-prototype";
+    "trk:099:https://www.googleapis.com/auth/assistant-sdk-prototype";
 
 // OAuth2 scope for access to nearby devices (fast pair) APIs.
 const char kCloudPlatformProjectsOAuth2Scope[] =
-    "https://www.googleapis.com/auth/cloudplatformprojects";
+    "trk:100:https://www.googleapis.com/auth/cloudplatformprojects";
 
 // OAuth2 scope for access to nearby sharing.
 const char kNearbyShareOAuth2Scope[] =
-    "https://www.googleapis.com/auth/nearbysharing-pa";
+    "trk:101:https://www.googleapis.com/auth/nearbysharing-pa";
 
 // OAuth2 scopes for access to GCM account tracker.
-const char kGCMGroupServerOAuth2Scope[] = "https://www.googleapis.com/auth/gcm";
+const char kGCMGroupServerOAuth2Scope[] = "trk:102:https://www.googleapis.com/auth/gcm";
 const char kGCMCheckinServerOAuth2Scope[] =
-    "https://www.googleapis.com/auth/android_checkin";
+    "trk:103:https://www.googleapis.com/auth/android_checkin";
 
 // OAuth2 scope for access to readonly Chrome web store.
 const char kChromeWebstoreOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromewebstore.readonly";
+    "trk:104:https://www.googleapis.com/auth/chromewebstore.readonly";
 
 // OAuth2 scope for access to Account Capabilities API.
 const char kAccountCapabilitiesOAuth2Scope[] =
-    "https://www.googleapis.com/auth/account.capabilities";
+    "trk:105:https://www.googleapis.com/auth/account.capabilities";
 
 // OAuth2 scope for support content API.
 const char kSupportContentOAuth2Scope[] =
-    "https://www.googleapis.com/auth/supportcontent";
+    "trk:106:https://www.googleapis.com/auth/supportcontent";
 
 // OAuth 2 scope for NTP Photos module API.
 const char kPhotosModuleOAuth2Scope[] =
-    "https://www.googleapis.com/auth/photos.firstparty.readonly";
+    "trk:107:https://www.googleapis.com/auth/photos.firstparty.readonly";
 
 // OAuth 2 scope for NTP Photos module image API.
 const char kPhotosModuleImageOAuth2Scope[] =
-    "https://www.googleapis.com/auth/photos.image.readonly";
+    "trk:108:https://www.googleapis.com/auth/photos.image.readonly";
 
 // Used to mint uber auth tokens when needed.
 const char kGaiaSid[] = "sid";
--- a/google_apis/gaia/gaia_urls.cc
+++ b/google_apis/gaia/gaia_urls.cc
@@ -24,6 +24,7 @@
 namespace {
 
 // Gaia service constants
+//adding trk: here currently crashes the program
 const char kDefaultGoogleUrl[] = "http://google.com";
 const char kDefaultGaiaUrl[] = "https://accounts.google.com";
 const char kDefaultGoogleApisBaseUrl[] = "https://www.googleapis.com";
--- a/google_apis/gcm/engine/gservices_settings.cc
+++ b/google_apis/gcm/engine/gservices_settings.cc
@@ -29,18 +29,18 @@ const char kRegistrationURLKey[] = "gcm_
 
 const int64_t kDefaultCheckinInterval = 2 * 24 * 60 * 60;  // seconds = 2 days.
 const int64_t kMinimumCheckinInterval = 12 * 60 * 60;  // seconds = 12 hours.
-const char kDefaultCheckinURL[] = "https://android.clients.google.com/checkin";
+const char kDefaultCheckinURL[] = "trk:110:https://android.clients.google.com/checkin";
 const char kDefaultMCSHostname[] = "mtalk.google.com";
 const int kDefaultMCSMainSecurePort = 5228;
 const int kDefaultMCSFallbackSecurePort = 443;
 const char kDefaultRegistrationURL[] =
-    "https://android.clients.google.com/c2dm/register3";
+    "trk:111:https://android.clients.google.com/c2dm/register3";
 // Settings that are to be deleted are marked with this prefix in checkin
 // response.
 const char kDeleteSettingPrefix[] = "delete_";
 // Settings digest starts with verison number followed by '-'.
 const char kDigestVersionPrefix[] = "1-";
-const char kMCSEnpointTemplate[] = "https://%s:%d";
+const char kMCSEnpointTemplate[] = "trk:112:https://%s:%d";
 const int kMaxSecurePort = 65535;
 
 std::string MakeMCSEndpoint(const std::string& mcs_hostname, int port) {
--- a/remoting/base/breakpad_mac.mm
+++ b/remoting/base/breakpad_mac.mm
@@ -50,7 +50,7 @@ void InitializeCrashReporting() {
       breakpad_config[@BREAKPAD_REPORT_INTERVAL] = @"21600";
     }
     if (!breakpad_config[@BREAKPAD_URL]) {
-      breakpad_config[@BREAKPAD_URL] = @"https://clients2.google.com/cr/report";
+      breakpad_config[@BREAKPAD_URL] = @"trk:310:https://clients2.google.com/cr/report";
     }
 
     if (!BreakpadCreate(breakpad_config)) {
--- a/remoting/protocol/jingle_messages.cc
+++ b/remoting/protocol/jingle_messages.cc
@@ -27,7 +27,7 @@ const char kJabberNamespace[] = "jabber:
 const char kJingleNamespace[] = "urn:xmpp:jingle:1";
 
 // Namespace for transport messages when using standard ICE.
-const char kIceTransportNamespace[] = "google:remoting:ice";
+const char kIceTransportNamespace[] = "trk:100:google:remoting:ice";
 
 const char kWebrtcTransportNamespace[] = "google:remoting:webrtc";
 
--- a/rlz/lib/lib_values.cc
+++ b/rlz/lib/lib_values.cc
@@ -40,7 +40,7 @@ const char kSetDccResponseVariable[] = "
 //
 
 const char kFinancialPingPath[] = "/tools/pso/ping";
-const char kFinancialServer[]   = "clients1.google.com";
+const char kFinancialServer[]   = "trk:443:clients1.google.com"; /* not using URLRequest! catch with cache.ir */
 const int kFinancialPort = 443;
 
 // Ping times in 100-nanosecond intervals.
--- a/ui/accessibility/extensions/chromevoxclassic/chromevox/background/prefs.js
+++ b/ui/accessibility/extensions/chromevoxclassic/chromevox/background/prefs.js
@@ -72,9 +72,9 @@ cvox.ChromeVoxPrefs.DEFAULT_PREFS = {
   'outputContextFirst': false,
   'position': '{}',
   'siteSpecificScriptBase':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/',
+      'trk:242:https://ssl.gstatic.com/accessibility/javascript/ext/',
   'siteSpecificScriptLoader':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
+      'trk:243:https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
   'sticky': false,
   'typingEcho': 0,
   'useIBeamCursor': cvox.ChromeVox.isMac,
--- a/ui/accessibility/extensions/chromevoxclassic/host/chrome/host.js
+++ b/ui/accessibility/extensions/chromevoxclassic/host/chrome/host.js
@@ -96,9 +96,9 @@ cvox.ChromeHost.prototype.init = functio
           (!cvox.ApiImplementation.siteSpecificScriptLoader ||
            !cvox.ApiImplementation.siteSpecificScriptBase);
       cvox.ApiImplementation.siteSpecificScriptLoader =
-          'https://ssl.gstatic.com/accessibility/javascript/ext/loader.js';
+          'trk:244:https://ssl.gstatic.com/accessibility/javascript/ext/loader.js';
       cvox.ApiImplementation.siteSpecificScriptBase =
-          'https://ssl.gstatic.com/accessibility/javascript/ext/';
+          'trk:245:https://ssl.gstatic.com/accessibility/javascript/ext/';
       if (apiPrefsChanged) {
         var searchInit = prefs['siteSpecificEnhancements'] === 'true' ?
             cvox.SearchLoader.init :
--- a/ui/views/examples/webview_example.cc
+++ b/ui/views/examples/webview_example.cc
@@ -29,7 +29,7 @@ void WebViewExample::CreateExampleView(V
   webview_->GetWebContents()->SetDelegate(this);
   container->SetLayoutManager(std::make_unique<FillLayout>());
 
-  webview_->LoadInitialURL(GURL("http://www.google.com/"));
+  webview_->LoadInitialURL(GURL("trk:174:http://www.google.com/"));
   webview_->GetWebContents()->Focus();
 }