Security concerns and bug
-
SECURITY: when I open Vivaldi, no extension present, no landing page, all possible settings disabled, incognito mode and despite all of that it connects to several IPs in the background, for example
- 52.36.26.51
- 104.22.58.199
Why????
BUG: it seems that Vivaldi doesn't like IP6 i.e when I want to connect to localhost via IP6 like [::1] on doing that it opens the search bar. To make the address working I have to type http://[::1]/
-
-
@333814ca Installed Extensions?
Webpanels? -
@333814ca Not openg IPv6 without the scheme part (http or https) is a known and reported bug in address field.
http://[::1]
orhttps://[::1]
works. -
-
Thank you for your reply, sorry to contradict you and all the developers but Vivaldi does phone home and it keeps the connection alive for several seconds!
I believe it is telemetry, which is worse than spying
Some additional random IPs from SysInternals Tool console:
- 142.250.178.10
- 172.217.169.3
- 142.250.187.202
Steps to reproduce:
- Download TCP View fro www.sysinternals.com
- Install Vivaldi using local install binary
- Remove all the crapware from Vivaldi
- Run Vivaldi in Incognito mode
- Open TCP View
-
That a connection stays open for seconds, or minutes, even when no traffic is passing is not just normal, it is the rule. The reason for this delay is that it takes too long to set up a new connection, especially encrypted ones, so connections are usually reused whenever practical (and newer versions of HTTP are designed to not just reuse connections but parallelize requests and responses). The server will usually control how long it will allow an idle connection to remain open, since such connections do use scarce resources on the server; the client may also close them if it has too many open connections.
Vivaldi will, as documented in the article mentioned by Pathduck, immediately after first run, download a number of components from Google, such as the component needed to watch DRM protected videos at Netfix, Amazon Prime, Hulu, and so on, and some that are security information, such as SSL certificate revocation and trust information. Vivaldi will also regularly check for updates for these components, and download other security information, such as Safe Browsing information, if necessary, when you navigate. These requests generally do not enable cookies.
The Google telemetry uploads and trials checks are completely disabled in Vivaldi's code.
Vivaldi will also ping our stats counter once a day, which counts how many users we have; the information transmitted contain no identifying information. This is documented in another of our technical articles.
Please note that there are other background requests that may be sent, that are not Vivaldi-related. Extensions you have installed may request updates from their developer, notification scripts you have permitted from websites will regularly check for updates (either via Google or another service), RSS-feeds and email accounts will regularly do so, as will many panels. I suspect both of your first IP addresses fall into these categories, since one one them in an Amazon cloud IP (which neither we nor Google uses), the other is from an unknown domain. (the three later ones are Google servers, probably components and safe browsing mirrors).