Feeds

back to article Google Chrome bug outs users seeking anonymity

A bug in the latest version of the Google Chrome browser could leak the identity of users trying to surf anonymously, developers warn. The flaw means that domain-name queries are made by a user's local network even when Chrome is configured to used a third-party proxy. Users typically use proxies to conceal their local IP …

COMMENTS

This topic is closed for new posts.
Thumb Down

Privacy & rlz.dll

I hope all you guys using chrome have deleted it long ago.

1
0
Bronze badge
WTF?

Wait, what?

"...users trying to surf anonymously..."

...while using Google Chrome?

...

/icon

1
0

Tor

There are probably dozens if not hundreds of applications which don't perform DNS lookups over the proxy they're configured to use. Usually because of an oversight by the developer of the app. This is why you can't just blindly install random apps like Google Chrome and expect them to work with Tor. The only browser recommended by the Tor project is Firefox, and even then you have to install a special plugin called TorButton and you probably want to stick Privoxy in the middle.

I expect there are *many* other flaws in the way Chrome would work with Tor, regarding plugins like Flash and Java and anything else which can create Internet traffic.

If you want all apps to be anonymised, then you need to configure the OS to route all outgoing traffic through Tor. Configuring individual apps to do it can lead to leaks. There is plenty of documentation and discussion on how to do this.

If you read the Tor documentation and understand it, and are careful about how you configure and use it, then you can get a decent level of anonymity. Anything less than that, and all bets are off.

2
0
Big Brother

Only bad people need privacy

If you have something that you don't want anybody to know, maybe you shouldn't be doing it in the first place, says Eric Schmidt, CEO of Google.

Bug or Feature?.......

5
1
Pint

Took the words right out of my mouth.

Beer for you AC.

1
0
Thumb Down

"little anonymity"?

As I understand it Tor offers very robust anonymity, the encryption of each layer coupled with the random routing mean it's extremely hard to determine who someone is and what traffic belongs to them. Short of knowing a specific user is running Tor and managing to get their node to route only through nodes you control it's probably impossible to trace someone's activities back to them.

0
2
Thumb Down

Exit routers in Tor

Tor's primary weakness lies in the exit routers. Think about all the implications of the traffic going through the exist router and the idiotic browser weaknesses. It's not as strong as you think it is.

0
0
Silver badge

Well surprise surprise!

Given Google CEO Eric Schmidt's well-known attitude towards privacy I'd say this is not a bug, it's a feature. After all, wouldn't he just say that if you're browsing anonymously you're probably browsing something you shouldn't be?

We need Eric is angel/evil icons to go with Bill and Steve down there. Though I can't see the angel one getting used much...

5
0
Silver badge

Bug?

With Google I think it's a feature.

3
0
Pirate

"Google Chrome bug outs users seeking anonymity"

That's not a bug.. IT'S A FEATURE! ;p

According to Google's CEO, All of these innocent, law-abiding people must have something illegal to hide. RIGHT? It's GOOOOOOOGLE! Your supposed to have your email scanned and your privacy out in the open. That way it's EASIER for Big Brother, Secret Police, Geheime Staatspolizei(Gestapo), DHS, HQ to zero in on you at their leisure.

It's what google is there for. It's the least they could do for all of their unsuspecting valued customers. " }:> "

4
0
Badgers

Indeed

All you naughty Tor users must have something to hide and we now know that doesn't tie-in well with Googles ethos, you might get non-targetted ads which will simply not do.

1
0
Big Brother

Shallow-minded

I (to some extent) agree with all of you who say "you must have something to hide" when it comes to denouncing TOTAL privacy.

However, TOR is used in China to circumvent the Great (fire)Wall of China so that free-thinking citizens can have free speech and access to sites which apparently are "violating public morality and harming the physical and mental health of youth". (http://www.theregister.co.uk/2009/03/24/tibet_china_youtube_ban/)

IMO, all of you who discourage this kind of activity and the development of systems such as TOR are no better than the commie dictating tosspots over in China.

Anyone who thinks that privacy is not inherent as a basic human right should walk around wearing cling-film, have no password on your email and leave your front doors unlocked with an "Open All Hours" sign hanging on it.

1
0
Anonymous Coward

should walk around wearing cling-film

A guy walks into the doctors office wearing nothing but cling film, and says - "Doctor, I have a problem!"

The doctor says "Well, for a start I can clearly see your nuts."

0
0
WTF?

Just out of interest...

What do you lot all get up to on the internet that you need all that anonymous browsing for?

Paranoid, much?

0
1
Gold badge
Coat

@Obvious

Oh come on! Any fule kno that the readership of El Reg is overwhelmingly made up of Chinese dissidents and Jihadi terrorists.

Well, it's either that or the dirty mac brigade hold sway round here.

The slightly shabby raincoat with the loli manga in the pocket please..

0
1
Happy

@ Obvious

"What do you lot all get up to on the internet that you need all that anonymous browsing for?"

Since the issue is DNS lookups being made locally I'd suggest "getting away with looking at porn during working hours" is high up there.

These idiots should WFH like me :)

0
0
Grenade

We could tell you.

But then we'd have to kill you.

This comment will self-destruct in five seconds.

1
0

Chrome or Chrome?

Can El Reg, (since Google failed to do so) create an alternative way to describe the browser and the OS.

0
0
Bronze badge

Whereas Chrome's privacy mode

...is just about no logs, correct?

Well, that and not saving temporary files that can be undeleted, either, one would like to be told. That is, if one wanted it in the first place.

0
0
Anonymous Coward

Which browser does do this?

I don't think this is a Chrome issue. All the browsers use the local DNS stuff so they can take advantage of caching.

0
0
Anonymous Coward

Why? Very good reason to be anonymous

Look at the way photographers are being treated by the police in this country.

Think yourself lucky that you are not in a country that would shoot you for disagreeing with their law officials online or otherwise.

Now remember why anonymity is so important.

Not everyone in the world is as lucky as us.

2
0
Bronze badge

Doesn't the proxy server...

Surely when you use a Web proxy server, it looks after that stuff for you? You tell the.browser where the proxy is and it does everything including name resolution, your PC doesn't need to +now addresses?

Workaround therefore: don't assign a domain name server on your PC, or disable it, or set it to 127.0.0.1.

I think.

0
2
FAIL

If security is at all important to you, folks, ...

... don't take advice from confused people who haven't got any idea what they're talking about.

Signs of this include when the entire first half of the advice consists of questions like "Surely ....?" followed by something that either isn't the case or doesn't make any sense.

0
0
Joke

Google=TheMatrix

Does it really matter when Google already knows everything. EVER?

0
2
wfl

Not something unique to Chrome.

I wrote an article on setting up your own SSH tunnel as a SOCKS proxy, and Firefox used to do the same thing. I'm not entirely sure if it still does, however.

http://www.classicwfl.com/blog/2008/01/from-productiv-secure-surfing-e-mail.html

0
0
Troll

Google DNS coinkydink?

Anybody else noticed the coincidence that Google are providing DNS services nowadays..?

All in a plot to keep tracking you even when you try to avoid getting tracked IMO..

/me fastens his tin foil hat a little tighter

*AC for obvious anti-tracking reasons of course =P

1
0
This topic is closed for new posts.