Connections to Google
-
@kurikulu said in Connections to Google:
Is this like the Duckduckgo Scam or what? (For the clueless: DDG's owner is a known data miner
OT though curious to know source of your claim regarding DDG
-
Please read https://forum.vivaldi.net/post/177280
-
@ayespy That makes a lot of sense, and I guess it can be fairly easy to overlook (the settings page isn't necessarily the first place you to when testing for connections to Google's APIs). I agree that it shouldn't be triggered in the first place, especially since it serves no purpose in this browser.
Since pretty much all other connections to Google have been eliminated, I can't see why the Team wouldn't remove this one too.
-
@komposten I can't guarantee any time frame, but a bug has been generated, and there have been a few pages of discussions back and forth between three testers and a developer who has joined the conversation (and asked for the bug report), so there is awareness of this issue and attention on it. We are all in agreement that there is no reason these attempts to connect should occur.
-
Just to clarify this a bit, Vivaldi doesn't ship with Chrome's API keys, so it can't talk to back-end Google services. When you go into the Chromium site or settings UI, it looks like an error gets triggered (because the stuff to talk to Google is not set up) which, in turn, triggers a connection to googleapis.com presumably to try to recover. It doesn't look like any private data is actually transmitted upstream.
As @Ayespy said, a bug has been opened so that the developers can look into this further and stop these connections from happening.
-
Just to give you a quick update, the one brief connections that we're seeing consistently is the Language settings code in Chromium trying to fetch a list of languages. That's all.
As other deep dives into the code have shown, Vivaldi's Chromium browser engine will occasionally contact Google servers from time to time for routine and benign purposes, but doesn't send any private data upstream. As I also mentioned earlier, because Vivaldi is missing API keys, it can trigger certain errors under some circumstances. However, so far, it doesn't look like any of the connections that we're seeing are anything to be concerned about.
I'll update you with any new findings.
In the meantime, if you should ever see Vivaldi making any "suspicious" connections back to Google, please continue to report them here... and please don't assume that the worst is happening. (All reports are taken seriously and checked into fully.) Keep in mind that the goal of the Vivaldi team is to build a browser that, above all, respects its users.
Thanks!
-
It doesn't look like any private data is actually transmitted upstream.
It is not about me giving literal private data (as in my birthdate or name) but rather about the fact that Google gains additional information about me even if passive. Through that one single connection they know what OS I run and can guess the version and have the IP. And if you have visited any website that embedds Google code, regardless of Browser and OS Google will get free market info since your IP is known and can be correleted to the other data.
However, so far, it doesn't look like any of the connections that we're seeing are anything to be concerned about.
Vivaldi is connecting to an US server. A server that is hosted in the United States of America. Without my consent it is connecting to the most malicious of hosts possible on the entire planet. If the European dev/security team is not concerned about that then this Browser certainly is not for "power users". Even the passive fingerprinting (a simple ping is enough for that) gives them free market data.
So when Vivaldi is saying "Google does not benefit by us using their product" it is a utter and blatant lie. Or the devs/sec team is just incompetent. If there is an alternative please explain to me.
-
@kurikulu As a user, I appreciate your alerting us to these connections. As part of the test team, all I can do is to try to replicate your findings, figure out what's going on, and do my best to provide a transparent, informed response to explain why you're seeing what you're seeing.
From a technical perspective, I don't think that there is any way for any Chromium-based browser to avoid contacting Google servers. It has to, even for doing mundane (yet critical) things relating to certificate management and fetching certificate revocation lists.
-
I don't think that there is any way for any Chromium-based browser to avoid contacting Google servers.
There are patchsets that do exactly this, at least I never had them ever try to connect to anything except the webpage I was actually trying to reach, regardless of what I did, including opening the Chrom* internal config page. But all of them are Open source which make them unusable in Vivaldi.
things relating to certificate management and fetching certificate revocation lists.
I doubt that translate.google*.com and/or *.googleapis.com have anything to do with the certificate handling especially since the connection only trigger when you visit the Chrom* internal configuration url vivaldi://settings/content
-
@kurikulu I think we're all in agreement that the connections you reported should not be occurring. The bug pertaining to this is still open and I'm hopeful that this will get resolved.
-
So is there any bug tracker we can follow this?
Since Vivaldi isn't under an Open source license I can't just check the commits and compile it myself.. It is really daunting as I really want myself to migrate over to Vivaldi. -
@kurikulu The bug tracker is closed, but you may ask mods for details on the progress of any bug. The bug number for this one is VB-39696. Use that number when asking.
-
Ok then can any of the mods in this thread tell me the progress on VB-39696
-
@kurikulu It's confirmed and commented by more than one developer or tester, but not yet formally assigned to anyone.
-
*.googleapis.com
*.gvt1.comClean ~ folder, v2.2.1388.37** even forcefully rm'd .config to be sure still those connections are made after a while the browser is running/clicking around in (either) chrome://settings/ and/or chrome://flags/ (obviously no intentionally initiated outgoing connections here)
I am just pointing this out, I would have liked to use Vivaldi but attempting to connect to Google for whatever reason is unacceptable in any case always.
You can't even imagine how much disgusted I am feeling by having to let Cloudflare hijack my connection to post on this forum but that's another point of debate.
At least you aren't fabricating outright lies or trying to sell users browsing history like Brave does so congrats on that.
Mod Edit: Profanity removed.
Mod² Edit: Threads merged. -
@kurikulu Your previous thread had several replies.
-
@Pesala hat thread was 9 months old I assumed the issue to be fixed in a couple days. It really shouldn't take more than a couple of hours in reality; let's even say 3 months if we are having a 3 months long British holiday.
Does it really surprise you then that after 9 months I open another thread to evoke some kind of urgency for such an urgent task that can be fixed in 2 hours instead of 9 months?
Mod Edit: Insulting comment removed.
-
@kurikulu The bug tracker is closed, but you may ask for details on the progress of any bug. The bug number for this one is VB-39696. Use that number when asking.
The right place to ask is in the Bug Status Thread
Be polite. The mods are all volunteers helping you in their free time.
-
@kurikulu Actually, some of those nuisance connections were eliminated back in September and VB-39696 got closed at that time.
As I mentioned earlier in this thread, Vivaldi makes a number of legitimate connections back to Google, e.g. for certificate management. So, even if the Vivaldi team were to eliminate all of those nuisance connections, even though they don't trigger under normal operations and don't send data upstream, it still will not (and cannot) eliminate all connections back to Google.
Edit: The other problem with eliminating every possible connection to Google on every possible codepath is that it would require extensive changes to the Chromium code. This would make code rebases a nightmare (and a nightmare to test) with every Chromium uplift, all for little or no practical gain.
-
I am here to inform myself. I considered a European company to be the first to want to not to support big US-tech companies that circumvent taxes while civilians and small/medium EEA buisnesses pay more taxes than those billion dollar companies. Just imagine Google pays less tax than Vivaldi but still Vivaldi forwards the Vivaldi user as Chrome users. Maybe masochists at work?
possible codepath is that it would require extensive changes to the Chromium code.
extensiveSo what? The changes of code could be done in less than couple workdays if you put someone competent in front of it.
It is not like Chromium tries to hide the connections; I don't remember seeing a SHA encoded base64'd ipv6 address in Chromiums source (this is an obvious joke). And if it really is that hard for someone they can just look at the multiple availible FOSS patches made by private entities that succeed in killing of every single connection.But yea I will stay with Firefox anyway. This is ridicolous how less people actually care about remote connections. A browser that initiates connections on its own without explicit user consent is always bad. And if those connections go to US-Tech giants that browser is the exact definition of malware.
