There's no reason for FUD. We've always listed all potential data transmission or collection in this regularly updated whitepaper: https://www.google.com/chrome/browser/privacy/whitepaper.htm...

That's an excellent resource but the poster you're replying to simply asked if he'd done a tcpdump, accusing them of spreading FUD isn't necessary.

What did I say that was FUD? I'm legitimately curious if he's checked and seen any data being sent to google

*edit: I'd genuinely be surprised if google made it that easy to not send anything back to them. Additionally, I'd be genuinely surprised if FF made it that simple to avoid sending things back to Mozilla.

Have you? So what does it send back?

For example, I noticed a while back that the Chrome/Chromium browsers send the dns lookup of every website you visit to Google's own dns servers - even though i have NOT configured them in my OS.

(You can easily check this with an app like Little Snitch, look for the browser connecting to IPs 8.8.8.8 and 8.8.4.4)

Are you certain that Chromium does this too? Because their documentation explicitly contradicts your statement: "This is done using the computer's normal DNS resolution mechanism; no connection to Google is used." Source - https://www.chromium.org/developers/design-documents/dns-pre...

Yes, see comment below... i just checked with Chromium 57.0.2983.0 (64-bit) and it's still doing it.

Interesting. I just ran a check on my own host, and chromium did not do that. Obviously there are a bunch of potential reasons why: Chromium may act differently than chrome, they may only send some dns queries instead of all of them, etc

i just checked with Chromium 57.0.2983.0 (64-bit) and it's still doing it.

I also just noticed that Little Snitch actually does NOT log the dns requests. Maybe this is caused by Chromium using ipv6 to access google-public-dns-a.google.com ?

Anyway, I then installed Vallum (1) and with this app, in the log i see many of these requests: https://i.imgur.com/lUR3Fd7.png

(1) https://vallumfirewall.com/

Interesting. I only checked for ipv4, so that may be it. I'll try again later if I remember. Thanks

Which is why I can't use chrome at work at all. Google's services and DNS are blocked by admins, so when you try to open any site you get DNS_LOOKUP_FAILED error.

i don't think that's correct, because if you block 8.8.8.8 and 8.8.4.4 with the OSX pf firewall, then Chromium will use your OS configured DNS servers and everything still works (i do this.)

I have not because I don't use chrome. Additionally, I have not done this with my browser (ff). I'm just genuinely curious if OP has done that.

I think GPs point was the uncertainty, which I think is a valid point either way.

Well, "I haven't bothered to check so for all I know it could be doing tons of bad things" isn't really a valid argument.

it is if your mistrust for google outweighs your time to check these things... maybe in that case you shouldn't say "for sure google is doing bad things" but you can mistrust and not use a product for fear of the company that produces it without current evidence

who is making that argument?

No. But I use Chromium so the source code is open.

I mean if we're going to go to this level of paranoid; then we might as well look at attacks on Firefox (which have been suspected to be used by the NSA against Tor Browser).

I'm curious as to why you think checking network connections is paranoia. As a sysadmin, I routinely log and check many of my network connections, though I have not done that for my browser.

No, I meant that suspecting Chrome of covertly sending data to Google (without telling us) is paranoia. Especially since the source code is open.

I would disagree. I'd genuinely be surprised if google made it that easy to not send anything back to them. Additionally, I'd be genuinely surprised if FF made it that simple to avoid sending things back to Mozilla.

It's less about being covert, and more about having multiple settings to send different types of data back.