FYI, chromium will also make IPv6 DNS requests directly to Google's IPv6 DNS resolver and there's no way to change this (other than to write a firewall NAT rule to redirect these requests to a different resolver).
And it will probably freak out since the reply will come from a different IP than the one it is expecting.
]]>monojp wrote:I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"
Reading the web page of that AUR package, it seems that building it and making it work is not like a walk in the park.
I just had to to the renaming and permission fixing of the sandbox binary, but yeah, the PKGBUILD needs to be fixed..
]]>I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"
Reading the web page of that AUR package, it seems that building it and making it work is not like a walk in the park.
]]>If you're concerned about privacy, you might consider using a different browser. Brave might be the best option if you favor chrom* over firefox. It makes more sense than trying to plug leaks all day. Afterall, when google siphons off data about you, they do it over port 443.
]]>I have a very basic, but restrictive ufw config with an outgoing and incoming whitelist. Furthermore I use chromium without being signed in, without cloud printing, without any extensions and everything disabled that looks like it tries to talk to some external service. But still I get some ufw blocking messages in my journal from time to time:
[UFW BLOCK] IN= OUT=eth0 SRC=<my ip> DST=74.125.133.188 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23571 DF PROTO=TCP SPT=<source port> DPT=5228 WINDOW=29200 RES=0x00 SYN URGP=0
Looks like 74.125.133.188 is mtalk.google.com which could be part of their gcm/xmpp service I guess. Any idea how to disable this completely? I did not find any flags / config for it and find it rather scandalous for privacy reasons that something like this seems to be hardcoded in the browser.
Or could you help me out with networking skills to debug it further?
]]>