Is Vivaldi now completely free from any contact with google when Third Party Services are disabled?



  • First of all, let me say that I was pleasantly surprised when I saw about a couple of months ago that Jon & friends were developing a new browser. After more than a decade of using Opera as my main browser, after 12.16 I switched to ff. I sent Mozilla a long list of user interface improvements that they could make to bring it up to the level of Opera. I did receive a thanks, but have not seen the improvements show up. Would you believe that I am still using Opera 12.17 to manage my bookmarks? This functionality is so unwieldy in other browsers. So when I come across something important that I want to add to my core bookmarks, I fire up Opera and put it in the right place in my bookmark hierarchy! Once in a while I export this bookmark file to my other browsers. Years ago, before google liberalized and cross-producted its spying policy, I used to have a gmail account. Some time after activating google talk to try it out, I found this thing called googleupdate which was installed on my machine, and silently updating itself in the background, previously unknown to me. Needless to say I pulled that weed out by the roots, and shortly afterwards shut down my gmail account. I am cautious about having any google related software on my machine (eg. no chrome), and would want to know 100% that there is not something inside vivaldi chromium which is contacting google, for anything. After seeing that Vivaldi is based on Chromium, I decided to install it first on an otherwise unused XP guinea pig machine. I considered whether this should be posted in Privacy and Security, but it affects all use of Vivaldi, not just those especially seeking privacy and security. There were some discussions about this in March 2015: https://vivaldi.net/en-US/forum/vivaldi-browser/2228-1-0-118-19-is-still-a-surveillance-tool and in May 2015: https://vivaldi.net/en-US/forum/vivaldi-browser/979-vivaldi-and-google-tracking?start=60#27299 but it was not clear if this has meanwhile been taken care of. When I open a tab and enter: vivaldi://net-internals/#dns after starting vivaldi with only one tab with the speed dial, I see the following hostnames: ajax.googleapis.com google-analytics.com googletagservices.com I do not want my browser to make any contact with google on its own, not for updates, not for search, not for dns, not for analytics,... ? If this has not been fixed yet, [when] will it be? Now if we can get this cleared up, I can install vivaldi and bring it into daily use. Thank you in advance.



  • yes, that's what I meant in the subject line "when third party services are disabled"



  • You may want to disable remote password management on the vivaldi://flags page so you don't wind up putting your passwords on Google:

    Enable remote password management link Mac, Windows, Linux, Chrome OS, Android
    Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link
    [ Default ]
    [ Enabled ]
    [ [b]Disabled ]



  • Thanks for pointing that out.
    I think that vivaldi should ship with that disabled.

    And how about this one:
    Use Chrome sync sandbox.
    Connects to the testing server for Chrome Sync.

    Could that be a google server?



  • It looks like the Chrome sync sandbox is Disabled by default so you can leave it alone but keep an eye on it.

    You should be aware that vivaldi://sync is a valid and working internal page and there are more flags/Experiments that may or may not be working – yet. :D

    Use Google Payments sandbox servers Mac, Windows, Linux, Chrome OS, Android
    For developers: use the sandbox service for Google Payments API calls for requestAutocomplete().
    #wallet-service-use-sandbox
    [ Default ]
    [ Enabled ]
    [ [b]Disabled ]

    Enable Google Payments card saving checkbox Mac, Windows, Linux, Chrome OS, Android
    Show the checkbox to offer local saving of a credit card downloaded from the server.
    #enable-offer-store-unmasked-wallet-cards
    [ Default ]
    [ Enabled ]
    [ [b]Disabled ]

    Drop sync credentials from password manager. Mac, Windows, Linux, Chrome OS, Android
    If enabled, the password manager will not offer to save the credential used to sync.
    #enable-drop-sync-credential
    [ Default ]
    [ [b]Enabled ]
    [ Disabled ]

    Autofill sync credential Mac, Windows, Linux, Chrome OS, Android
    How the password manager handles autofill for the sync credential.
    #autofill-sync-credential
    [ Default ]
    [ Allow ]
    [ Disallow for reauth ]
    [ [b]Disallow ]

    Enable Push API background mode Mac, Windows, Linux
    Enable background mode for the Push API. This allows Chrome to continue running after the last window is closed, and to launch at OS startup, if the Push API needs it.
    #enable-push-api-background-mode
    [ Default ]
    [ Enabled ]
    [ [b]Disabled ]

    Have fun looking through the list. If something breaks, use the "Reset all to default" button at the top of the page.



  • Ike! Yes, I would like to have all of that disabled by default.

    Just over the past few hours, having left my test setup of vivaldi open, and with no web pages open, only a few of these internal display pages, I see that vivaldi has contacted :
    clients2.google.com
    clients3.google.com

    as well as a few other addresses such as:
    mxr.mozilla.org
    publicsuffix.org

    and then a few seemingly random targets such as:
    drqtjxvrnvdzv
    zmfqgvv



  • @joss:

    … and then a few seemingly random targets such as:
    drqtjxvrnvdzv
    zmfqgvv

    Those are just the Trojan Horse, don't worry about them. :dry: :whistle:



  • Yes, those random trojans are peculiar, aren't they?
    They differ from session to session, and the present ones I am seeing today all give error 105, ERR_NAME_NOT_RESOLVED

    But the ones that I am still most concerned about look like clients2.google.com, which is 173.194.113.x where x ranges from 0 through 9 and also 14

    Vivaldi accesses this hostname even when no web page is open
    (even after all of the settings suggestions above have been implemented)

    Could one of the Vivaldi developers tell us how to stop this, or what/when the plan is to fix Vivaldi so that it does not access these servers, unauthorized by the user?



  • Joss,

    Do you have any Google items in your SpeedDial/Bookmarks? Vivaldi will update/replace old thumbnails with new ones.

    Are you sure it is Vivaldi making the connection and not one of the Google Update programs or the Service? Once Google Update gets into your system, getting rid of it is like trying to use a Nylon brush to clean Styrofoam beads off of a sheet of plastic.



  • No google items in speeddial nor bookmarks.

    No googleupdate. Used steel brush.

    ?



  • If you got rid of all of the Google programs and the Updater, something may have been left turned on in Vivaldi. Is there any data being transferred?

    I could be totally and disastrously wrong but Vivaldi is not likely to be configured correctly to use Google's servers/services so I can only imagine what the conversation would be like between Google and Vivaldi.

    Vivaldi: Hi there!
    Google: Who are you?
    Vivaldi: It is I, Vivaldi!
    Google: What can I do for you, Vivaldi?
    Vivaldi: I don't know, I'm just doing my job!
    Google:Thank you for calling!
    Vivaldi: Bye!
    (repeat)


  • Moderator

    @joss:

    after starting vivaldi with only one tab with the speed dial, I see the following hostnames:
    ajax.googleapis.com
    google-analytics.com
    googletagservices.com

    @joss:

    as well as a few other addresses such as:
    mxr.mozilla.org
    publicsuffix.org

    None of these connections show up here. Maybe coming from a web panel?
    https://vivaldi.net/en-US/forum/vivaldi-browser/2228-1-0-118-19-is-still-a-surveillance-tool#19162
    https://vivaldi.net/en-US/forum/vivaldi-browser/7193-why-does-vivaldi-connect-to-these-ips-on-startup?start=20#41398

    @joss:

    and then a few seemingly random targets such as:
    drqtjxvrnvdzv
    zmfqgvv

    Those were explained by Google itself, it checks if your internet provider changes 502s to websites.

    Flags
    All the flags you pointed are useless if you have not synced Vivaldi with Google:

    Enable remote password management link
    Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link

    • This flag just shows a link to click and manage you passwords online if you have synced Vivaldi with Google. Just a link, nothing more.

    Use Google Payments sandbox servers
    For developers: use the sandbox service for Google Payments API calls for requestAutocomplete().

    • For developers to use the sandbox service when calling requestAutocomplete() in their extensions, just for debugging extension creation.

    Enable Google Payments card saving checkbox
    Show the checkbox to offer local saving of a credit card downloaded from the server.

    • Just shows a checkbox to keep saved credit card info in the PC. Nothing more, just the display of the checkbox.

    Drop sync credentials from password manager.
    If enabled, the password manager will not offer to save the credential used to sync.

    • If you have Vivaldi synced with Google, this flag will show a dialogue offering to save the passwords in your Google account. Just the dialogue, nothing more.

    Autofill sync credential
    How the password manager handles autofill for the sync credential.

    • This one I don't know what it does, but clearly requires Vivaldi to be synced with Google.

    Enable Push API background mode
    Enable background mode for the Push API. This allows Chrome to continue running after the last window is closed, and to launch at OS startup, if the Push API needs it.

    • Read Vivaldi where it reads Chrome. The Push API will also work in the background. Vivaldi won't close completely and may run at OS startup. Not connection related.

    Use Chrome sync sandbox.
    Connects to the testing server for Chrome Sync

    • Internal flag for Chromium developers, when setting up a sync with the browser it will use their testing servers. But only if you are setting up sync.


  • @An_dz:

    @joss:

    and then a few seemingly random targets such as:
    drqtjxvrnvdzv
    zmfqgvv

    Those were explained by Google itself, it checks if your internet provider changes 502s to websites.

    That's some good information right there.
    B)

    @An_dz:

    Flags
    All the flags you pointed are useless if you have not synced Vivaldi with Google:

    Enable remote password management link
    Show a link in the password manager settings page to manage your synced passwords online. #enable-password-link

    • This flag just shows a link to click and manage you passwords online if you have synced Vivaldi with Google. Just a link, nothing more.

    (big snip)

    They're not useless and you don't need to sync with Google, although it works fairly smoothly if you have an account and you're logged on in Vivaldi.. If you click on the link, the remote password management Experiment wants to take you straight to a page with all of your passwords and offer to store them. It is not just a link, Disable it. And the same goes for the other flags/Experiments with just links that may or may not be working or even configured. :D



  • What is a web panel?



  • @joss:

    What is a web panel?

    Web Panels are web page s(usually designed for mobiles) that you can add to your side panels. Google Translate is handy, but almost any page can be added.


  • Moderator

    @joss:

    What is a web panel?

    If you click the "+" sign on the panels bar (the bar where you can access bookmarks, downloads or notes) if offers to save the page you are on as a persistent web panel, with which you can interact at the same time as you are browsing another regular page. Many of the panels are saved as the "mobile" version of the page, which is more compatible with the tall narrow format of a panel than a regular web page.



  • Thanks.
    In that case I can report that I have not added any web panels. The only things there are Bookmarks, Mail, downloads and notes.

    The only thing that I have added to Vivaldi thus far is disconnect. Disconnect is is supposed to prevent unintended data communication with, among others, google. And yes, disconnect.me and services.disconnect.me do show up on vivaldi://net-internals/#dns
    That is not what I posed the question about.

    clients2.google.com and clients3.google.com still also show up on that list.
    The only tabs that I have opened in this browsing session are vivaldi://net-internals/#dns, vivaldi://flags and vivaldi://sync
    and yet google servers are accessed twice.



  • I phished through the Vivaldi source the other day – all three billion bytes of it and phound a phone pholder:

    Okay, not really! :D But digging through 2.91GB of source to try and figure out the default states of Experiments is not just a casual exercise.



  • Perhaps you're not familiar with the code base (thanks for your efforts all the same), but maybe one of the developers of Vivaldi who is could chime in here and illuminate things further for us.

    I think it is quite likely that I am not the only one who would like to know more about this topic before deploying Vivaldi in daily use.


  • Moderator

    @joss
    Disable Disconnect and see if any connection is done to these:
    ajax.googleapis.com
    google-analytics.com
    googletagservices.com

    Because I've been logging Vivaldi connections for months and never saw those on start or on long time executing. The only ones I tracked were the ones I told on the threads I linked.

    And there's a bug report about those connections.

    @3Phase:

    If you click on the link

    You don't click -> Nothing happens

    Anyway, it doesn't matter, it's your choice. :)


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.