Author Topic: Chrome secretely stalking you all accross Google sites with X-Client-Data-header  (Read 1380 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Read here: https://www.theregister.co.uk/2020/02/05/google_chrome_id_numbers/

The code[1] shows the X-CLIENT-DATA is sent for any google.X domain where google owns the TLD
No-body can really be surprised as this is and always have been Google's core-business.
They make the tracking browser, so they will track the .... out of ye.

It has Google Analytics, DoubleClick, Adsense, reCaptcha and other code on pretty much every site that matters.
So back to some days of healthy competition.

Not surprised it does not make a difference to the masses, they will google on whatever it takes.
But there are some folks to use DDG, Quant etc.

Or an older tool like Telescope and a browser like Chameleon.

Interesting to go over a website with this - https://webcookies.org/cookies/re-va.fr/28852667?459481  (random example)

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
No surprise here, but they are all at it ;)

I have never used Chrome or any chromium based browsers (including ASB), to the best of my knowledge.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline xtranaut2

  • Newbie
  • *
  • Posts: 7
Google's business IS data mining

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
But in that case they also have to mind the bugs:
Google Cloud Messaging Notification Plugin stores an API key unencrypted in its global configuration file  -
https://www.cvedetails.com/cve/CVE-2019-10379/
This info blocked because of existing Trojan -> -https://www.openwall.com/lists/oss-security/2019/08/07/1
However not flagged here: https://sitecheck.sucuri.net/results/https/www.openwall.com/lists/oss-security/2019/08/07/1
Re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll1we253fGxsLl5dbWBsW3N0c2Bdc3Mtc3tedX1bdHlgMjAxOWAwOGAwN2Ax~enc

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!