- Investigation of Privacy Mode:
- Good:
- Cookies Cleared+memory only
- Cache cleared and memory-only
- History not available via javascript or CSS
- Safe because currently unsupported:
- Geolocation not supported in browser
- DOM Storage not supported
- HTML5 Storage not supported
- Http auth is cleared
- Do they have a session store?
- Yes. It is disabled.
- Form history disabled
- But non-private entries still available
- Malware and phishing protection
- Per-url check?
- Doesn't seem like it..
- Bad:
- RLZ Identifier sent with all queries even in Incognito mode
- http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=107684
- Flash cookies not cleared
- Google gears are still available
- Do they have their own storage?
- Yes. Completely ignores private mode.
- Safebrowsing API key not cleared?
- but updates may not happen "under" the incognito window
- Desktop resolution available
- Browser resolution is available
- SSL session keys
- Not cleared!
- They clear trusted certs tho
- Timezone not spoofed
- Misc Features we definitely need:
- Incognito-specific proxy settings
- Browser proxy settings currently do not apply immediately
- Plugin enable/disable controls
- Spoof user agent
- Referer alteration API
- Autolaunching of remote apps needs to be disabled
- API to opt-out of all the opt-in tracking for incognito mode
- Cookie API would be nice
- Need network.security.ports.banned
- http://www.remote.org/jochen/sec/hfpa/hfpa.pdf
- Resize windows (content-window side possibly ok)
- Future investigation
- Non-private form history still available
- Forms seem to not be auto-filled, but this may be different
for some fields?
- How evil is google update? will it happen over incognito?
- http://en.wikipedia.org/wiki/Google_Updater#Google_Updater
- http://en.wikipedia.org/wiki/SRWare_Iron#Differences_from_Chrome
- http://foliovision.com/2008/12/09/adwords-ppc-organic-rlz/
- Test in more detail with sysinternals for disk writes
- What about safebrowsing requests? Can they bypass proxy?
- Video tag supports H264 and ogg via ffmpeg
- Hrmm.. proxy bypass ability?
- Test results. Used Incognito Mode with the test suites from:
https://www.torproject.org/torbutton/design/#SingleStateTesting
- Decloak.net:
- Recovers IP and DNS via Java
- Recovers IP via flash
- Deanonymizer.com
- Failed NNTP and FTP quicktime
- JohnDo's hated some headers
- Mr. T got a lot of shit wrong...
- http://labs.isecpartners.com/breadcrumbs/breadcrumbs.html
- Comparison with Torora
- http://github.com/mwenge/torora/tree/master/doc/DESIGN.torora
- Good ideas for both chrome and torbutton:
- Cache/Cookie expiry every 24hrs
- Random preturbation on Date() object..
- No longer possible without js hooks :/
- Possible if Chrome allows non-delatable shadowing of window.Date()
from user scripts. ECMA says it should
==========================================
- Incognito Issues:
- SSL session keys
- Not cleared!
- Flash cookies not cleared
- Better Privacy? Permissions?
- Google gears are still available
- Do they have their own storage?
- Yes. Completely ignores private mode.
- RLZ override/disable for incognito
- Opt out of opt-in tracking?
- Source code:
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/profile.cc
- Privacy Enhancing API Wishlist (remove existing items):
- http://code.google.com/chrome/extensions/devguide.html
- Prefs (copy-on-write for incognito mode)
- Incognito-specific proxy settings
- Should not be used for safebrowsing or app/addon update
- pref to disable autolaunch of apps/warn user
- network.security.ports.banned
- User agent (that also govern navigator.*)
- could be done (better) via http headers and good hook support
- Core APIs:
- Per-Plugin enable/disable controls
- Cookie API
- Cache control
- HTTP header alteration ("on-modify-request")
- Referrer, accept, user agent
- Javascript hooks:
- http://code.google.com/chrome/extensions/content_scripts.html
- Bleh, these suck... Too limited.
- ECMA compliance
- desktop+screen resolution
- Date hooking
- navigator.* hooking
- Posted at:
- http://groups.google.com/group/chromium-extensions/t/ceba26ca9e2f6a78