back to article Google Chrome bug outs users seeking anonymity

A bug in the latest version of the Google Chrome browser could leak the identity of users trying to surf anonymously, developers warn. The flaw means that domain-name queries are made by a user's local network even when Chrome is configured to used a third-party proxy. Users typically use proxies to conceal their local IP …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Privacy & rlz.dll

    I hope all you guys using chrome have deleted it long ago.

  2. Havin_it
    WTF?

    Wait, what?

    "...users trying to surf anonymously..."

    ...while using Google Chrome?

    ...

    /icon

  3. Mike Cardwell

    Tor

    There are probably dozens if not hundreds of applications which don't perform DNS lookups over the proxy they're configured to use. Usually because of an oversight by the developer of the app. This is why you can't just blindly install random apps like Google Chrome and expect them to work with Tor. The only browser recommended by the Tor project is Firefox, and even then you have to install a special plugin called TorButton and you probably want to stick Privoxy in the middle.

    I expect there are *many* other flaws in the way Chrome would work with Tor, regarding plugins like Flash and Java and anything else which can create Internet traffic.

    If you want all apps to be anonymised, then you need to configure the OS to route all outgoing traffic through Tor. Configuring individual apps to do it can lead to leaks. There is plenty of documentation and discussion on how to do this.

    If you read the Tor documentation and understand it, and are careful about how you configure and use it, then you can get a decent level of anonymity. Anything less than that, and all bets are off.

  4. Anonymous Coward
    Big Brother

    Only bad people need privacy

    If you have something that you don't want anybody to know, maybe you shouldn't be doing it in the first place, says Eric Schmidt, CEO of Google.

    Bug or Feature?.......

    1. James O'Brien
      Pint

      Took the words right out of my mouth.

      Beer for you AC.

  5. Si 1
    Thumb Down

    "little anonymity"?

    As I understand it Tor offers very robust anonymity, the encryption of each layer coupled with the random routing mean it's extremely hard to determine who someone is and what traffic belongs to them. Short of knowing a specific user is running Tor and managing to get their node to route only through nodes you control it's probably impossible to trace someone's activities back to them.

    1. Anonymous Coward
      Thumb Down

      Exit routers in Tor

      Tor's primary weakness lies in the exit routers. Think about all the implications of the traffic going through the exist router and the idiotic browser weaknesses. It's not as strong as you think it is.

  6. Steve Roper

    Well surprise surprise!

    Given Google CEO Eric Schmidt's well-known attitude towards privacy I'd say this is not a bug, it's a feature. After all, wouldn't he just say that if you're browsing anonymously you're probably browsing something you shouldn't be?

    We need Eric is angel/evil icons to go with Bill and Steve down there. Though I can't see the angel one getting used much...

  7. Tom 35

    Bug?

    With Google I think it's a feature.

  8. Daemon ZOGG
    Pirate

    "Google Chrome bug outs users seeking anonymity"

    That's not a bug.. IT'S A FEATURE! ;p

    According to Google's CEO, All of these innocent, law-abiding people must have something illegal to hide. RIGHT? It's GOOOOOOOGLE! Your supposed to have your email scanned and your privacy out in the open. That way it's EASIER for Big Brother, Secret Police, Geheime Staatspolizei(Gestapo), DHS, HQ to zero in on you at their leisure.

    It's what google is there for. It's the least they could do for all of their unsuspecting valued customers. " }:> "

  9. lukewarmdog
    Badgers

    Indeed

    All you naughty Tor users must have something to hide and we now know that doesn't tie-in well with Googles ethos, you might get non-targetted ads which will simply not do.

    1. Petey
      Big Brother

      Shallow-minded

      I (to some extent) agree with all of you who say "you must have something to hide" when it comes to denouncing TOTAL privacy.

      However, TOR is used in China to circumvent the Great (fire)Wall of China so that free-thinking citizens can have free speech and access to sites which apparently are "violating public morality and harming the physical and mental health of youth". (http://www.theregister.co.uk/2009/03/24/tibet_china_youtube_ban/)

      IMO, all of you who discourage this kind of activity and the development of systems such as TOR are no better than the commie dictating tosspots over in China.

      Anyone who thinks that privacy is not inherent as a basic human right should walk around wearing cling-film, have no password on your email and leave your front doors unlocked with an "Open All Hours" sign hanging on it.

      1. Anonymous Coward
        Anonymous Coward

        should walk around wearing cling-film

        A guy walks into the doctors office wearing nothing but cling film, and says - "Doctor, I have a problem!"

        The doctor says "Well, for a start I can clearly see your nuts."

  10. Obvious Robert
    WTF?

    Just out of interest...

    What do you lot all get up to on the internet that you need all that anonymous browsing for?

    Paranoid, much?

    1. TeeCee Gold badge
      Coat

      @Obvious

      Oh come on! Any fule kno that the readership of El Reg is overwhelmingly made up of Chinese dissidents and Jihadi terrorists.

      Well, it's either that or the dirty mac brigade hold sway round here.

      The slightly shabby raincoat with the loli manga in the pocket please..

    2. Eddie Edwards
      Happy

      @ Obvious

      "What do you lot all get up to on the internet that you need all that anonymous browsing for?"

      Since the issue is DNS lookups being made locally I'd suggest "getting away with looking at porn during working hours" is high up there.

      These idiots should WFH like me :)

    3. Anonymous Coward
      Grenade

      We could tell you.

      But then we'd have to kill you.

      This comment will self-destruct in five seconds.

  11. Anonymous Coward
    Anonymous Coward

    Chrome or Chrome?

    Can El Reg, (since Google failed to do so) create an alternative way to describe the browser and the OS.

  12. Robert Carnegie Silver badge

    Whereas Chrome's privacy mode

    ...is just about no logs, correct?

    Well, that and not saving temporary files that can be undeleted, either, one would like to be told. That is, if one wanted it in the first place.

  13. Anonymous Coward
    Anonymous Coward

    Which browser does do this?

    I don't think this is a Chrome issue. All the browsers use the local DNS stuff so they can take advantage of caching.

  14. Anonymous Coward
    Anonymous Coward

    Why? Very good reason to be anonymous

    Look at the way photographers are being treated by the police in this country.

    Think yourself lucky that you are not in a country that would shoot you for disagreeing with their law officials online or otherwise.

    Now remember why anonymity is so important.

    Not everyone in the world is as lucky as us.

  15. Robert Carnegie Silver badge

    Doesn't the proxy server...

    Surely when you use a Web proxy server, it looks after that stuff for you? You tell the.browser where the proxy is and it does everything including name resolution, your PC doesn't need to +now addresses?

    Workaround therefore: don't assign a domain name server on your PC, or disable it, or set it to 127.0.0.1.

    I think.

    1. Anonymous Coward
      FAIL

      If security is at all important to you, folks, ...

      ... don't take advice from confused people who haven't got any idea what they're talking about.

      Signs of this include when the entire first half of the advice consists of questions like "Surely ....?" followed by something that either isn't the case or doesn't make any sense.

  16. ElNumbre
    Joke

    Google=TheMatrix

    Does it really matter when Google already knows everything. EVER?

  17. wfl

    Not something unique to Chrome.

    I wrote an article on setting up your own SSH tunnel as a SOCKS proxy, and Firefox used to do the same thing. I'm not entirely sure if it still does, however.

    http://www.classicwfl.com/blog/2008/01/from-productiv-secure-surfing-e-mail.html

  18. Anonymous Coward
    Troll

    Google DNS coinkydink?

    Anybody else noticed the coincidence that Google are providing DNS services nowadays..?

    All in a plot to keep tracking you even when you try to avoid getting tracked IMO..

    /me fastens his tin foil hat a little tighter

    *AC for obvious anti-tracking reasons of course =P

This topic is closed for new posts.