Community

  • Community
  • Forum
  • Browser

Navigation

    Vivaldi
    • Community
    • Forum
    • Browser
    • Download
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users

    Vivaldi downloads hidden "FLoC" data-gathering component, possibly new in 3.5 snapshot?

    Vivaldi for Windows
    6
    7
    189
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Pathduck
      Pathduck last edited by Pathduck

      While investigating some other network issue I noticed the Windows BITS service making connections to Google servers on port 80.

      svchost.exe	2116	TCP	crapstation	50052	arn09s11-in-f174.1e100.net	http	ESTABLISHED	11	3 222	13	10 913						
svchost.exe	2116	TCP	crapstation	50053	cache.google.com		http	ESTABLISHED	11	4 710	13	9 794

      Since it was plain http I had a look at what it was actually getting, and downloaded it. Turns out it was a small crx/extension component. Mostly empty but containing a manifest of:
      "name": "Federated Learning of Cohorts"

      I've included the full download headers on the bottom of this post.

      Some articles on FLoC I found, they are not very comforting reading:
      https://github.com/jkarlin/floc
      https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
      https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1
      https://www.cnet.com/news/google-chrome-proposes-privacy-sandbox-to-reform-advertising-evils/
      https://digiday.com/media/very-pleasantly-surprised-google-shares-results-of-privacy-sandbox-experiments/

      Given Vivaldi's view on Google monitoring of users I'm surprised they've let this pass.

      I've been unable to reproduce this in a clean profile, but I don't think this is an extension, and I've tried disabling them all but the download still triggers. Maybe a setting, and I've tried to play around with the settings to reproduce in the clean but no luck so far. I suspect my install was "selected" for this data gathering experiment. So it might not even apply to every Vivaldi install.

      Would very much like to get some insight from the team what this component is, and how to completely stop it from ever loading again.

      If anyone's interested in examining the downloaded file, it's here:
      https://uplovd.com/L4Q8bal5pb/AN3Jv7sK1aiaWtgNQAuBT8Y_crx
      It can be installed as an extension in Dev. mode.

      Download headers log:

      [30.10.2020 12:41:34:224]
HEAD /edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: redirector.gvt1.com

[30.10.2020 12:41:34:239]
HTTP/1.1 302 Found
Date: Fri, 30 Oct 2020 11:41:33 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://r6---sn-uxaxovg-vnar.gvt1.com/edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y?cms_redirect=yes&mh=Ly&mip=88.90.124.241&mm=28&mn=sn-uxaxovg-vnar&ms=nvh&mt=1604057967&mv=m&mvi=6&pcm2cms=yes&pl=16&shardbypass=yes
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 496
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

[30.10.2020 12:41:34:239]
HEAD /edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y?cms_redirect=yes&mh=Ly&mip=88.90.124.241&mm=28&mn=sn-uxaxovg-vnar&ms=nvh&mt=1604057967&mv=m&mvi=6&pcm2cms=yes&pl=16&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: r6---sn-uxaxovg-vnar.gvt1.com

[30.10.2020 12:41:34:239]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment
Content-Length: 3937
Content-Security-Policy: default-src 'none'
Content-Type: application/octet-stream
Etag: "739219"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Fri, 30 Oct 2020 05:01:16 GMT
Alt-Svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Last-Modified: Mon, 05 Oct 2020 22:28:29 GMT
Connection: keep-alive

      > BTW, today I cannot connect to "mozdev.org", would you know why?
      Maybe that big lizard escaped and ate the server admins? :-)
      -- Richard Grevers, on opera.beta

      Hadden89 1 Reply Last reply Reply Quote 3
      • Hadden89
        Hadden89 @Pathduck last edited by Hadden89

        @Pathduck Maybe there were risks to break the chromium sandbox or other functions. If is not useful maybe will be removed soon or un-googled at least.

        w10 20H2; Android 10; Vivaldi [RC] Snapshot User | Blog | Broken-Ext | DarkChromeCSS | Github | ScrollsMod |

        1 Reply Last reply Reply Quote 0
        • Pathduck
          Pathduck last edited by

          For some reason the triggering of the BITS service also seems to start it sending hundreds of packets on port 4444 to my router (which for some reason listens on 4444). These are POST requests with an action of GetTotalBytesSent.

          According to IANA port 4444 is either KRB524 (Kerberos, tokens?) or "NV Video default" (No idea, can't be NVidia?).
          https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=4444

          However I suspect some uPNP thing from the router server header.

          These are most likely not Vivaldi's fault, but definitely seems related to the triggering of BITS downloads.

          [30.10.2020 14:40:49:897]
POST /wcommifc HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Content-Type: text/xml; charset="utf-8"
User-Agent: Microsoft-Windows/10.0 UPnP/1.0
SOAPAction: "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent"
Content-Length: 309
Host: 192.168.0.1:4444

<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetTotalBytesSent xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>

[30.10.2020 14:40:49:929]
HTTP/1.1 200 OK
SERVER: ipOS/7.6 UPnP/1.0 ipUPnP/1.0
CONTENT-TYPE: text/xml
EXT: 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><u:GetTotalBytesSentResponse xmlns:u="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"><NewTotalBytesSent>1587503697</NewTotalBytesSent></u:GetTotalBytesSentResponse></soap:Body></soap:Envelope>

          > BTW, today I cannot connect to "mozdev.org", would you know why?
          Maybe that big lizard escaped and ate the server admins? :-)
          -- Richard Grevers, on opera.beta

          1 Reply Last reply Reply Quote 3
          • Priest72
            Priest72 last edited by

            Is this present with linux also.?

            1 Reply Last reply Reply Quote 0
            • guigirl
              guigirl last edited by

              You might wish to try this test
              https://amifloced.org/

              [https://forum.vivaldi.net/post/465902]

              Snapshot | Nightly | ArchKDE | SparkyCinnamon
              Oh the edge, it bleeds, best be brave, not make an opera out of it.

              1 Reply Last reply Reply Quote 3
              • barbudo2005
                barbudo2005 last edited by

                FYI: gorhill 1 hour ago:

                "I suppose we could add it to the "uBlock filters -- Privacy" for now, that's the purpose of the list, to create privacy-related filters optimized for uBO."

                Block Floc checks in Chrome/uBO #1553
                https://github.com/uBlockOrigin/uBlock-issues/issues/1553

                Priest72 1 Reply Last reply Reply Quote 1
                • Priest72
                  Priest72 @barbudo2005 last edited by

                  @barbudo2005 will the dawning of manifest v3 affect this as of course google will make it a priority for FLoC to be incorporated,
                  Just a thought.

                  1 Reply Last reply Reply Quote 1
                  Loading More Posts
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes
                  • Reply as topic
                  Log in to reply
                  • 1 / 1
                  • First post
                    Last post

                  Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.

                  Copyright © Vivaldi Technologies™ — All rights reserved. Privacy Policy | Code of conduct | Terms of use