Phoning home?



  • While vivaldi is running, my dns server logs requests for clients1.google.com with one minute intervals. By just grepping the source tree I guess it originates from FinancialPing::PingServer(), but the code is just too huge for me to figure out what it's all about. So if someone from the vivaldi team could explain why google needs to be told that my browser is running once a minute, that would be appreciated.



  • Do you use extensions from google? Or the phishing/malware protection in settings? These two could be the cause for ping-to-google. And search suggestions too, like Gwen said below.





  • @Hadden89 I don't have any google extensions, and disabling all extensions doesn't stop the requests. Safe browsing, phishing protection and search suggestions are all turned off. I can't think of anything other than what's hardcoded into chromium, and remains in vivaldi.



  • You log the traffic? And which TCP or UDP data is sent to clients1.google.com? Please give us more information from your network sniffing.



  • @lars.l said in Phoning home?:

    FinancialPing::PingServer(),

    Yes, it seems to be a chromium library. Sadly, I don't know why (and if should) does that.



  • @lars.l said in Phoning home?:

    clients1.google.com

    Sorry, but a DNS request to your DNS server is not a phoning home process! You should tell us what has been sniffed in HTTP traffic.

    Perhaps certificates were checked for revocation.


  • Moderator

    @lars.l Unfortunately, it's really hard to nail down exactly what's going on with the clients[0-9]*.google.com connections. My understanding was that these connections were originally meant to serve "sensitive" internal requests (related to maintaining the safety, security and integrity or the browser itself) but they're now apparently being used more broadly. There's an interesting comment related to this here:

    https://cs.chromium.org/chromium/src/extensions/browser/api/web_request/web_request_permissions.cc

    These URLs are only protected for requests from the browser and webui renderers, not for requests from common renderers, because clients*.google.com are also used by websites.

    It looks like the Chrome/Chromium developers are starting to try to clean this messy situation up a bit and be more selective about the origins that actually need to be protected, presumably in response to misuse...

    https://bugs.chromium.org/p/chromium/issues/detail?id=715184

    ... but getting back to your original issue... it's still hard to say exactly what that lookup to clients1.google.com was for without getting either a sniffer trace (and be further stymied by encrypted traffic?) or employing internal tools such as vivaldi://net-internals (click on the DNS tab) to correlate requests with browsing activity.



  • Well, most (about 95%) of the traffic is encrypted. The only plaintext requests I can see are HTTP GET /ocsp/..., and OSCP responses from google.
    And I can't figure out what prompts the requests, they can start seemingly at random, without any particular user input, and go off once a minute for an hour or so. But restarting vivaldi, loading the same tabs and generally fiddling about with the browser doesn't start the requests.
    It might be initiated by some website, for whatever reason. But none that I've been able to pinpoint.



  • @lars.l OCSP is the acronym for Online Certificate Status Protocol, which is a protocol used to obtain digital cert revocation status data. Google routes a number of things for chromium through the clients1 server, possibly including autofill queries, search suggestions, OCSP requests, etc., depending on the particular sub-domains listed in the specific URL.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.