• Browser
  • Mail
  • News
  • Community
  • About
Register Login
HomeBlogsForumThemesSocial

Vivaldi

  • Browser
  • Mail
  • News
  • Community
  • About

Navigation

    • Home
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Desktop
    3. Vivaldi for Windows
    4. Vivaldi downloads hidden "FLoC" data-gathering component, possibly new in 3.5 snapshot?

    Vivaldi downloads hidden "FLoC" data-gathering component, possibly new in 3.5 snapshot?

    Vivaldi for Windows
    6
    6
    334
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PathduckP
      Pathduck Moderator
      last edited by Pathduck

      While investigating some other network issue I noticed the Windows BITS service making connections to Google servers on port 80.

      svchost.exe	2116	TCP	crapstation	50052	arn09s11-in-f174.1e100.net	http	ESTABLISHED	11	3 222	13	10 913						
      svchost.exe	2116	TCP	crapstation	50053	cache.google.com		http	ESTABLISHED	11	4 710	13	9 794						
      
      

      Since it was plain http I had a look at what it was actually getting, and downloaded it. Turns out it was a small crx/extension component. Mostly empty but containing a manifest of:
      "name": "Federated Learning of Cohorts"

      I've included the full download headers on the bottom of this post.

      Some articles on FLoC I found, they are not very comforting reading:
      https://github.com/jkarlin/floc
      https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
      https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1
      https://www.cnet.com/news/google-chrome-proposes-privacy-sandbox-to-reform-advertising-evils/
      https://digiday.com/media/very-pleasantly-surprised-google-shares-results-of-privacy-sandbox-experiments/

      Given Vivaldi's view on Google monitoring of users I'm surprised they've let this pass.

      I've been unable to reproduce this in a clean profile, but I don't think this is an extension, and I've tried disabling them all but the download still triggers. Maybe a setting, and I've tried to play around with the settings to reproduce in the clean but no luck so far. I suspect my install was "selected" for this data gathering experiment. So it might not even apply to every Vivaldi install.

      Would very much like to get some insight from the team what this component is, and how to completely stop it from ever loading again.

      If anyone's interested in examining the downloaded file, it's here:
      https://uplovd.com/L4Q8bal5pb/AN3Jv7sK1aiaWtgNQAuBT8Y_crx
      It can be installed as an extension in Dev. mode.

      Download headers log:

      [30.10.2020 12:41:34:224]
      HEAD /edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: redirector.gvt1.com
      
      [30.10.2020 12:41:34:239]
      HTTP/1.1 302 Found
      Date: Fri, 30 Oct 2020 11:41:33 GMT
      Pragma: no-cache
      Expires: Fri, 01 Jan 1990 00:00:00 GMT
      Cache-Control: no-cache, must-revalidate
      Location: http://r6---sn-uxaxovg-vnar.gvt1.com/edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y?cms_redirect=yes&mh=Ly&mip=88.90.124.241&mm=28&mn=sn-uxaxovg-vnar&ms=nvh&mt=1604057967&mv=m&mvi=6&pcm2cms=yes&pl=16&shardbypass=yes
      Content-Type: text/html; charset=UTF-8
      Server: ClientMapServer
      Content-Length: 496
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
      
      [30.10.2020 12:41:34:239]
      HEAD /edgedl/release2/chrome_component/ANbJyUvW8hIrXyVkxTt8TzA_1.0.4/AN3Jv7sK1aiaWtgNQAuBT8Y?cms_redirect=yes&mh=Ly&mip=88.90.124.241&mm=28&mn=sn-uxaxovg-vnar&ms=nvh&mt=1604057967&mv=m&mvi=6&pcm2cms=yes&pl=16&shardbypass=yes HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: r6---sn-uxaxovg-vnar.gvt1.com
      
      [30.10.2020 12:41:34:239]
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Content-Disposition: attachment
      Content-Length: 3937
      Content-Security-Policy: default-src 'none'
      Content-Type: application/octet-stream
      Etag: "739219"
      Server: downloads
      Vary: *
      X-Content-Type-Options: nosniff
      X-Frame-Options: SAMEORIGIN
      X-Xss-Protection: 0
      Date: Fri, 30 Oct 2020 05:01:16 GMT
      Alt-Svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
      Last-Modified: Mon, 05 Oct 2020 22:28:29 GMT
      Connection: keep-alive
      

      > BTW, today I cannot connect to mozdev.org, would you know why?
      Maybe that big lizard escaped and ate the server admins? :-)
      -- Richard Grevers, on opera.beta

      Hadden89H 1 Reply Last reply Reply Quote 3
      • Hadden89H
        Hadden89 @Pathduck
        last edited by Hadden89

        @Pathduck Maybe there were risks to break the chromium sandbox or other functions. If is not useful maybe will be removed soon or un-googled at least.

        Patience is the key to get the Vivaldi Spree | Unsupported Extensions | Github

        1 Reply Last reply Reply Quote 0
        • PathduckP
          Pathduck Moderator
          last edited by

          For some reason the triggering of the BITS service also seems to start it sending hundreds of packets on port 4444 to my router (which for some reason listens on 4444). These are POST requests with an action of GetTotalBytesSent.

          According to IANA port 4444 is either KRB524 (Kerberos, tokens?) or "NV Video default" (No idea, can't be NVidia?).
          https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=4444

          However I suspect some uPNP thing from the router server header.

          These are most likely not Vivaldi's fault, but definitely seems related to the triggering of BITS downloads.

          [30.10.2020 14:40:49:897]
          POST /wcommifc HTTP/1.1
          Cache-Control: no-cache
          Connection: Close
          Pragma: no-cache
          Content-Type: text/xml; charset="utf-8"
          User-Agent: Microsoft-Windows/10.0 UPnP/1.0
          SOAPAction: "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent"
          Content-Length: 309
          Host: 192.168.0.1:4444
          
          <?xml version="1.0"?>
          <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetTotalBytesSent xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
          
          [30.10.2020 14:40:49:929]
          HTTP/1.1 200 OK
          SERVER: ipOS/7.6 UPnP/1.0 ipUPnP/1.0
          CONTENT-TYPE: text/xml
          EXT: 
          
          <?xml version="1.0" encoding="UTF-8" standalone="yes"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><u:GetTotalBytesSentResponse xmlns:u="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"><NewTotalBytesSent>1587503697</NewTotalBytesSent></u:GetTotalBytesSentResponse></soap:Body></soap:Envelope>
          

          > BTW, today I cannot connect to mozdev.org, would you know why?
          Maybe that big lizard escaped and ate the server admins? :-)
          -- Richard Grevers, on opera.beta

          1 Reply Last reply Reply Quote 3
          • Priest72P
            Priest72
            last edited by

            Is this present with linux also.?

            1 Reply Last reply Reply Quote 0
            • barbudo2005B
              barbudo2005
              last edited by

              FYI: gorhill 1 hour ago:

              "I suppose we could add it to the "uBlock filters -- Privacy" for now, that's the purpose of the list, to create privacy-related filters optimized for uBO."

              Block Floc checks in Chrome/uBO #1553
              https://github.com/uBlockOrigin/uBlock-issues/issues/1553

              Priest72P 1 Reply Last reply Reply Quote 1
              • Priest72P
                Priest72 @barbudo2005
                last edited by

                @barbudo2005 will the dawning of manifest v3 affect this as of course google will make it a priority for FLoC to be incorporated,
                Just a thought.

                1 Reply Last reply Reply Quote 1
                • 1 / 1
                • First post
                  Last post

                Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.

                Copyright © Vivaldi Technologies™ — All rights reserved. Privacy Policy | Code of conduct | Terms of use | Vivaldi Status