Decoding network activity in Vivaldi


  • Community Manager

    In this article, Vivaldi security expert Yngve Pettersen takes a deep dive into network activity in Vivaldi.

    Click here to see the full blog post


  • Moderator

    @OlgaA Very useful article. 👍

    That will reduce the concerns and fear that Vivaldi may be some so called "phone-home" browser.


  • Moderator

    Kudos to you @yngve, your x-ray goggles 🕶 and your tech wizdom gives us insight on such network traffic 😉



  • Thanks for this very informative article! I love in-depth information like this, especially what hosts we can expect to see traffic to, and you even link to the relevant code parts for users to check themselves 👍

    Very useful having it here in the blog for referring users who wonder about the outgoing connections to Google.

    @yngve I'd love to get some recommendation for basic troubleshooting/network tools to help me find out stuff like this. I have Wireshark installed (obviously...), but since it's big and complex, I instead tend to use small tools, like TCP View, Current Ports and NetworkTrafficView for basic network troubleshooting on my local machine.

    For instance here are the connections Vivaldi makes on startup for me:

    login.vivaldi.net		443	https
    accounts.google.com		443	https
    www.gstatic.com			443	https
    clients.l.google.com		443
    bifrost.vivaldi.com		443	https
    bifrost.vivaldi.com		15674
    mobile-gtalk.l.google.com	5228
    

    The two at the bottom are interesting because they're using non-standard ports. Also I wonder a bit about the connection to accounts.google.com?



  • Thanks for the detailed articles.
    Consider doing something about vivaldi://media-engagement. It's still a privacy bomb.


  • Vivaldi Team

    @Pathduck Sorry, I haven't investigated such tools; I use Wireshark when I need to look at network traffic.

    Regarding the second bifrost connection, that is the notification connection, which pushes information to all your clients about new sync updates. (Google Chrome uses GCM for that). Sync also needs to refresh login tokens occasionally, which means connecting to our login server.

    The mobile-gtalk is probably one of the GCM servers used by a website's push notifications. The server name itself is not in our codebase. It is possible that the accounts.google connection is related to that, it could also be triggered by an open web page or extension, but it is difficult to say what is triggering it.

    gstatic is one of the servers Chromium uses to check for captive portals IIRC.

    Effectively, once you start actually using the browser things get messy as the configuration gets updated. The log option I mention could give more information, but even that is limited.



  • @axk said:

    vivaldi://media-engagement

    It gets deleted if you delete your browsing data.



  • @quhno: It doesn't.



  • @yngve Thanks for the explanation. Like you said, these Google connections are all served by their CDN 1e100.net and I get different results on the lookup depending on the tool. For instance TCPView just shows the same connection as lq-in-f188.1e100.net.

    From the host, I'm thinking it's related to Hangouts which is a hidden extension (nkeimhogjdpnpccoofpliimaahmaaome). Should that extension even be there by default?



  • @AXK said in Decoding network activity in Vivaldi:

    @quhno: It doesn't.

    It does here. Make sure you delete all data for all times.

    You can use private windows if you only want "some" sites not to be logged there.


  • Vivaldi Translator

    I don't see any info about form autofill (VB-50410)
    How does it work ? Is a DB downloaded, or a request is made to Google each time a page has a form ?



  • :knight:
    Great details on the network activity


  • Vivaldi Team

    @Pathduck That extension ID isn't mentioned in the 2.8 source code, at least (another media related one that I do see in my installation, is mentioned). So I have no idea where that extension came from.


  • Vivaldi Team

    @Cqoicebordel AFAIK Form autofill would require enabling an API, and likely also Google Account integration, we have neither.


  • Vivaldi Translator

    @yngve: Then, why is it in Vivaldi settings ? (In privacy)
    It looks like the feature is enabled, from the user POV.



  • @yngve said in Decoding network activity in Vivaldi:

    @Pathduck That extension ID isn't mentioned in the 2.8 source code, at least (another media related one that I do see in my installation, is mentioned). So I have no idea where that extension came from.

    Thanks for looking it up. It's probably something that snuck in a while back, even though I've never used Hangouts (but I've opened the page at times). The connections to accounts.google.com and mobile-gtalk.l.google.com are not there when using a clean profile.

    It's referenced in the "Secure Preferences" file, and refers to an invalid location:

    	"from_bookmark" : false,
    	"from_webstore" : false,
    	"install_time" : "13203613200388586",
    		"name" : "Google Hangouts",
    	"never_activated_since_loaded" : true,
    	"path" : "D:\\bin\\Vivaldi\\Application\\2.6.1560.4\\resources\\hangout_services",
    	"was_installed_by_default" : false,
    	"was_installed_by_oem" : false
    

    I suspect I'll need to do a profile reset to get rid of it, as it can't be "uninstalled". But I'm not paranoid about it, it's mostly driven by a healthy curiosity 😉


  • Vivaldi Team

    @Cqoicebordel Hmmm, Have asked a couple of colleagues to do some testing. The setting was added to let users disable it easily, however given that the feature appears to need the Google Services API key, and we haven't enabled anything related to Google Sync (which does not work), the Account Login (which is not working either), or this feature (which likely require you to be logged into the Google Account via the Sync type login), I doubt it would work even if you are logged into a Google Account via their web page. It might be that this should be auto disabled.



  • @axk: try vivaldi://settings/clearBrowserData "all time" it works
    if you try cleaning from ctrl+shift+del doesnt work. today i learned 🙂



  • @axk: try vivaldi://settings/clearBrowserData "all time" it works
    if you try cleaning from ctrl+shift+del doesnt work. today i learned 🙂


  • Vivaldi Translator

    @yngve: Just to be clear, this feature doesn't fill the forms for you, but identify each input, to help you fill it (is it a name, an address, a phone number etc.)
    So I don't think this feature needs you to be logged to a Google account.

    For the rest, a definite answer would be good, as well as why this is on by default 🙂


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.