A Chromium session started in incognito mode, with the malware protection
turned off, still is calling home sending unknown data. I think this is a
unacceptable threat to personal privacy. I don't know what's being sent, but I
am highly suspicious of this behaviour.

Note that when I captured this, I haven't even pressed a single key on the
Chromium window.

$ ps ax|grep chrom|awk '{print $1}'|xargs -l1 lsof -n -p|grep TCP
chromium 17401 tincho   71u     IPv6             588111       0t0     TCP
[<redacted>]:53203->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho   74u     IPv6             587287       0t0     TCP
[<redacted>]:44801->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho   88u     IPv6             589310       0t0     TCP
[<redacted>]:53199->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho   95u     IPv6             588078       0t0     TCP
[<redacted>]:44796->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho   96u     IPv6             588079       0t0     TCP
[<redacted>]:44797->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho  118u     IPv6             589334       0t0     TCP
[<redacted>]:57744->[2a00:1450:400c:c07::bc]:5228 (ESTABLISHED)
chromium 17401 tincho  123u     IPv6             590134       0t0     TCP
[<redacted>]:59367->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho  153u     IPv6             589362       0t0     TCP
[<redacted>]:59370->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho  154u     IPv6             588128       0t0     TCP
[<redacted>]:47996->[2a00:1450:4007:80d::2004]:https (ESTABLISHED)
chromium 17401 tincho  156u     IPv6             588139       0t0     TCP
[<redacted>]:59372->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)

control: tag -1 confirmed, help, upstream

chrome://net-internals may be useful to figure more about what is
going on, particularly chrome://net-internals/#sockets.

It will probably be a lot of work to figure out where in the code this
is happening, and I don't have a lot of time right now for chromium,
so I'm looking for help.

Best wishes,
Mike

control: tag -1 confirmed, help, upstream

chrome://net-internals may be useful to figure more about what is
going on, particularly chrome://net-internals/#sockets.

It will probably be a lot of work to figure out where in the code this
is happening, and I don't have a lot of time right now for chromium,
so I'm looking for help.

Best wishes,
Mike

If you set the SSLKEYLOG environment variable to a file, then point
Wireshark at it, you should be able to decode the unknown traffic.

See https://www.imperialviolet.org/2012/06/25/wireshark.html for some
more details.

FYI, see https://code.google.com/p/chromium/issues/detail?id=498272

Here what i see is no mere "phone home" checkin to see if extensions
are up to date or anything. It's nothing less than a freaking phone
home on Google Analytics (GA), nothing less.

I have a bunch of tabs opened here, when i start chromium,
granted. But all are "asleep" behind the "great suspender" so they
should not generate traffic (and especially not to GA).

Here's what i see in chrome://net-internals/#sockets:

transport_socket_pool
Name	Pending	Top Priority	Active	Idle	Connect Jobs	Backup Timer	Stalled
www.google-analytics.com:80	0	-	0	1	0	stopped	false

Wireshark sees this as:

127	21.559852	192.168.1.227	207.219.213.57	HTTP	928	GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1

this can show up as "clients.l.google.com" as well:

GET /__utm.gif?utmwv=5.6.7&utms=8&utmn=42047337&utmhn=nebplchpdbfejpjpffmngpaboaidelmk&utme=8(version*image_preview*suspend_time*no_nag)9(6.21*false%3A%20false*60*false)11(1*1*1*1)&utmcs=UTF-8&utmsr=1366x768&utmsc=24-bit&utmul=fr&utmje=0&utmfl=-&utmhid=1926769012&utmr=-&utmp=%2F_generated_background_page.html&utmht=1452388370461&utmac=UA-52338347-1&utmcc=__utma%3D138943276.1857984708.1450798966.1451743272.1452387429.4%3B%2B__utmz%3D138943276.1450798966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
Accept: image/webp,image/*,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Wed, 16 Dec 2015 07:48:49 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Age: 2136248
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive

GIF89a.............,...........D..;

admire how chromium dutifully sends the futile and pathetic DNT
header. I'm sure that does great for google's analytics. i am probably
in the special "Do Really Track Those" bucket now.

wtf. seriously.

oh, and SSLKEYLOG was mentionned before, it's actually SSLKEYLOGFILE,
and i can't make wireshark load it: even after pointing to it in the
SSL preferences, SSL traffic is not decrypted - the above is only what
i found on port 80.

Heck, i even see traffic to stats.l.doubleclick.net, satan in person!
oh the memories and joy... should i bring back the /etc/hosts file?

note that i have both uBlock and uMatrix enabled here, none of which
catch the snitch.

shouldn't this be treated as a security issue?

pretty amazing.

Can we talk?

Reply if you can assist receive $12.7M for our mutual benefit. This
transaction is completely risk free and it is a life changing opportunity.
Thank you, Peter.

Hello,

My name is James, a Trader, Auditor, Mentor, Investment Manager, Logistics Expert and General Business Man, I stay in London, UK. I contact you in respect of establishing a business relationship with you.

There is a certain amount of money that belongs to me. I intend to take the money out of the Germany to another location and bring back the money on a later date for investment and my own personal use. I made this money in the course of auditing a big Investment Firm in Germany and discovered this money as some excesses.

When I discovered these funds, I discussed the issue with the Company's accountant General as well as their personal relationship banker/adviser. This company in question is a very huge company and has been doing business for a very long time, since 1950s.

In the course of genuine business over this period, the money described above has been floating in the banking system and was recently made known to the Company's Accountant General by me. The Company's Accountant General has been a close friend of mine over time. I've been one of this company's Official Auditor General for over 25 years.

You may now understand why we need to take the money safely out of Germany before spending it. Here's our plan, we intend to get a neutral individual who is willing and able to receive this money in form of investment funds to be used by the individual in infrastructural projects, real estate investment or trade etc.

This is just to get the funds out of The Bank where it is presently, to the receiver's bank only. However, the deal is that the funds would be shared into 4 equal places and each of us would be entitled to equal parts of the funds after you receive. I'm talking about Me, You, The Company's Accountant General and The Senior Officer at The Bank who is the company's personal relationship banker/adviser.

We do not require any complicated paperwork or lawyer agreements etc to get this work done. Our agreement would be between 4 of us only as we require utmost confidentiality in this matter. You do not have to tell your bank the details being given in respect of these funds. All we require from you is your willingness and ability to receive the funds in question.

With all these in place, The Bank will initiate wire transfer of the funds to your account. We expect that we act according to the agreement we shall get to in respect of this. This isn't a risky operation or money laundering. Its just a simple opportunity which we intend to exploit using an absolute stranger.

Let me know if this is something you would like to be a part of. If you have any questions, please ask. We would be very glad to move forward on this immediately but require utmost and absolute confidentiality. I'm very willing to furnish you every information you might require so long you promise not to betray privileged information getting to you as a result of this communication.

Thanks for your time. I await your response.

Regards,
James Heer.

Kindly View Attachment for Business Proposal 
  Show original message

Congratulations!
Publishers Clearing House

Kindly View attachment for your Winning Informations.

Dear Martín and others,

You don't want the official Debian version of Chromium.  Instead you
want "ungoogled-chromium".  See:

https://github.com/Eloston/ungoogled-chromium

Hello,
It is real and will be supported by legal documents. Kindly give me your
consent to present you as a beneficiary to receive $11.5M without
contravening the law. Reply and I will provide details.

Thank you,
Clifford.

Your mailbox storage has reached 95% on the email server.

95%

100%

 ​



At 100% limit, Certain email features like;

·         Sending messages
·         Receiving messages
·         Forwarding messages

will not be available for your utilization.



Visit the Outlook Storage Access<https://dadawebmaster.activehosted.com/f/1> and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.



Information Technology Service

Your mailbox storage has reached 95% on the email server.

95%

100%

 ​



At 100% limit, Certain email features like;

·         Sending messages
·         Receiving messages
·         Forwarding messages

will not be available for your utilization.



Visit the Outlook Storage Access<https://dadawebmaster.activehosted.com/f/1> and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.



Information Technology Service

Hi
I can confirm for chromium 80.0.3987.149-1~deb10u1
calling the fastlycloud in usa via IPv4

I blocked "151.101.0.0/16" in my router ,
https://api.fastly.com/public-ip-list
which also terminated gockel.com

Hi
I can confirm for chromium 80.0.3987.149-1~deb10u1
calling the 1e100.net

I blocked "1e100.net" in my router.

chrome becomes unusable

DO YOU RECEIVED MY LAST MAIL ?

-- 

Dear Customers!

We the Federal Reserve Bank officials were heading a meeting at the White House yesterday towards the situation of this funds delivery of a thing,when Mr. Williams from the Federal Reserve Bank of New York came out with his topic and opinions which later ended with a report on the cancellation of some of the beneficiaries whose according to him,did not make any attempt or show any interest in the funds assigned to them.

He added that , it isn't the fault of the beneficiaries and also not the fault of the deliverers which he considered poor working class and organizing mentality as the cause of it.

As an angry bird, he asked for the cancellation of any fund beneficiary who decided not to be replying his emails about this funds issue, he had it that, there seems to be no reason of keeping your emails on his phone since no other business that tied you both together except the funds from the UN and to be delivered by his bank.

A list he presented which shows the number of beneficiaries he is going to attend,how much they are to receive, how to get it delivered, how many people who had received theirs, the ones who is yet to receive theirs, number of unbelievers, and the ones who is yet to be informed about the funds.

Your information,phone number and email address was seen as #16 out of the #37 persons who suddenly stopped replying his emails.
His reports are too numerous to be written down here.
*************************************************
I looked at the report and decided to sleep over it before passing out my judgement.

The FBI got involved in the issues and according to what they said,most people lost confidence in the Federal Reserve Bank institution because:

1.They receives more emails about the funds more than expected.

2.They were made to believe that the yet to receive fund comes also from the other financial institution and not only the Federal Reserve Bank.( But this is a very big lie!).
*************************************************
To end the long messages, Mr. John C Williams wrote a letter to the authority , seeking for the cancellation of your fund which he stated that he reason is that you are no longer responding to his emails, and for him to avoid been charged for an unexpected fine,he has no right to leave a rejected funds in his bank.

So you have to get back to me as soon as you received this email.
*************************************************
Mr Jerome Powell
Director Federal Reserve Bank

Hello
Hope you and your family are safe !!

Myself Julia Stiles, Business Analyst of Inside data view.
We would like to follow-up with you for the below mentioned exhibition attendees' s database.


Expo details

Interpom Primeurs-2020
22 - 24 Nov 2020
Kortrijk Xpo, Kortrijk, Belgium
Count = 5128

Data base contains:

  *   Contact Name
  *   Email Address
  *   Phone No
  *   Title, Company Name
  *   URL/Website
  *   City
  *   Country



We await your interest to obtain the above-mentioned database. Please feel free to write us and we can come up with an attractive price for you.

Kindly let us know your thoughts, so we can send you more information on same.

Best Regards,
Julia Stiles
Business Analyst

Hello,

How are you, hope everything is ok with you, I’m Anila Hassan, do you have
little time
to discuss with me? I need your urgent reply, thanks.

Hello,

How are you, hope everything is ok with you, I’m Anila Hassan, do you have
little time
to discuss with me? I need your urgent reply, thanks.

Hello,

How are you, hope everything is ok with you, I’m Anila Hassan, do you have
little time
to discuss with me? I need your urgent reply, thanks.

Your mailbox storage has reached 95% on the email server.

95%

100%

 ​



At 100% limit, Certain email features like;

•         Sending messages
•         Receiving messages
•         Forwarding messages

will not be available for your utilization. Visit the Outlook Storage Access<https://atlookuskkdor.cabanova.com/> and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus vaccine team.



Information Technology Service​

Good morning, I am emailing to enquire about my previous email, did you receive it?

Hello how are you doing

Mr. Stefano Pessina picked you for the benefit.

AVISO LEGAL. Este mensaje puede contener información reservada y confidencial. Si usted no es el destinatario no está autorizado a copiar, reproducir o distribuir este mensaje ni su contenido. Si ha recibido este mensaje por error, le rogamos que lo notifique al remitente.
Le informamos de que sus datos personales, que puedan constar en este mensaje, serán tratados en calidad de responsable de tratamiento por la UNIVERSIDAD NACIONAL DE EDUCACIÓN A DISTANCIA (UNED) c/ Bravo Murillo, 38, 28015-MADRID-, con la finalidad de mantener el contacto con usted. La base jurídica que legitima este tratamiento, será su consentimiento, el interés legítimo o la necesidad para gestionar una relación contractual o similar. En cualquier momento podrá ejercer sus derechos de acceso, rectificación, supresión, oposición, limitación al tratamiento o portabilidad de los datos, ante la UNED, Departamento de Política Jurídica de Seguridad de la Información<https://www.uned.es/dpj>, o a través de la Sede electrónica<https://sede.uned.es/> de la Universidad.
Para más información visite nuestra Política de Privacidad<https://descargas.uned.es/publico/pdf/Politica_privacidad_UNED.pdf>.

Good morning, it was unfair to keep me waiting indefinitely without any response.

-- 
An email was sent to you sometime last week with the expectation of
receiving a return email from you, but to my surprise, you never
bothered to reply. Please reply for further explanation.

Best Regards

-- 
Hello Dear,
how are you today?hope you are fine
My name is Dr Ava Smith ,Am an English and French nationalities.
I will give you pictures and more details about me as soon as i hear from you
Thanks
Ava

-- 
Hello Dear,
how are you today?hope you are fine
My name is Dr Ava Smith ,Am an English and French nationalities.
I will give you pictures and more details about me as soon as i hear from you
Thanks
Ava

-- 
Hello Dear,
how are you today?hope you are fine
My name is Dr Ava Smith ,Am an English and French nationalities.
I will give you pictures and more details about me as soon as i hear from you
Thanks
Ava

As this bug is marked wontfix, closing and archiving this bug does no
harm; it only accumlates spam

(Can be reopene if needed any time)

-- 
Goodday,

We hope you're doing well!
We’re reaching out to share some exciting news that may be of great
interest to you.

You’ve been quietly selected for something truly special as part of a
global goodwill initiative.

Inquire for More details.

Warm regards,
Anna Ohli,
Transition Team,
The Gates Foundation.