Learning to follow the Vivaldi browser





Once a Vivaldi user thinks about what services his browser contacts.



He launches a network activity scanner and looks with horror at the many automatic browser connections to Vivaldi or even Google servers.



Having regained consciousness a little, such a user starts sending us error messages describing how personal user data flows like a river to third-party servers.



However, most of these curious users will not write anything to us, but will simply conclude for themselves that Vivaldi corny spies on their activity and even “merges” details with Google from time to time. Well, why be surprised - after all, other browsers do not hesitate to monitor the activity of their users and send details to the developers of the browser.



Most likely, such inquisitive users get incorrect browser activity monitoring results (at the end of the article you will find instructions on how to get the most reliable results).



In fact, despite the fact that the Vivaldi browser uses the same engine as Chrome , and also uses some functions and security components from Google, all the details of your work in the browser remain private - hidden both from Vivaldi developers and from owners of third-party services. Vivaldi does not collect detailed statistics on your online activity, and, unlike some other browsers, it does not even have information about which browser features you prefer to use in your daily work.



In this article, we will consider each case of Vivaldi accessing external services and explain why this is necessary. We will tell you what information and what service is required for full work so that you can work on the network comfortably and safely.



Content



  1. Google Server Requests

    but. Downloadable Components

    b. Data for SafeBrowsing

    in. Download Protection

    d. Spell Check

    Other activity
  2. Vivaldi Server Requests

    but. User Statistics

    b. Accessing the unwanted ad database

    in. Check for auto updates
  3. User Generated Queries

    but. Synchronization

    b. Website Notifications

    in. Installed Extensions
  4. Why network activity scanners do not show a full picture


Google Server Requests



Downloadable Components



Some features of Vivaldi depend on independently developed and updated components provided by Chromium / Google developers. These components can be viewed on the special Vivaldi browser internal page:



vivaldi: // components



These components are the building blocks of the browser . They allow Chromium-based browsers to expand their functionality by adding new functions from the code base.



The most important of these are Certificate Assistant and CRLset, which increase network security, as well as the Widevine module, which is responsible for playing DRM-protected online video (for example, with Netflix).



These components are downloaded and installed in the browser immediately after the first launch of Vivaldi on your computer. The browser will check the relevance of the versions and install the latest ones at the moment.



The initial download request is sent to the servers update.googleapis.com and clients2.google.com, but in the future data can come through or from servers like redirector.gvt1.com or even r3---sn-8xouxav-vnas.gvt1.com .



Cookies: No

Control: ComponentUpdatesEnabled policy in vivaldi: // policy

Online description: cs.chromium.org/chromium/src/components/update_client/net/network_impl.cc?l=24&rcl=17b2adf184fb218b6096a359b8a06a92be6d22d7



Data for SafeBrowsing



The SafeBrowsing component is used to protect users from malicious sites that offer, for example, downloading certain software with viruses and other infections. The component works with a blacklist created and maintained by Google, and Vivaldi accesses this list several times a day on the safebrowsing.google.com server.



Previously, SafeBrowsing worked with the so-called Bloom filter, but now a simpler system is used.



Now the system works by creating a hash (cryptographic checksum) of the website URL (as well as parts of the URL) that you are going to visit. This hash is very difficult to decrypt to determine the actual code used for encryption, it is also possible that several different codes were used to create this hash (but it is also very difficult to find them, this is the meaning of the checksum). The system uses a small hash to search the main list to find out if there can be a blacklist entry for at least one part of the URL. In case of a positive response, a request is sent for each of the matches and the server responds with a list of all full-size hashes that match any of the prefixes.



If any of these full hashes matches any of the generated hashes, this URL is blocked due to the fact that it most likely belongs to a malicious website.



Since only the honor of the hash of the URL (or part of it) is sent to the SafeBrowsing server, the service will not see the full address of the website you are visiting or what full hash matches with it.



Cookies: Some modes require cookies, but from an isolated cookie store that is not shared with other websites.

Control: chrome: // settings / syncSetup

Online description: cs.chromium.org/chromium/src/chrome/browser/safe_browsing/client_side_model_loader.cc?l=125&rcl=2b5ee7a019262c57d80b2740925a5226abe97bb4

cs.chromium.org/chromium/src/components/safe_browsing/db/v4_get_hash_protocol_manager.cc?l=305&rcl=17b2adf184fb218b6096a359b8a06a92be6d22d7

cs.chromium.org/chromium/src/components/safe_browsing/db/v4_update_protocol_manager.cc?l=312&rcl=17b2adf184fb218b6096a359b8a06a92be6d22d7



Disabled by default: only suspicious URLs are loaded

Control: "Help improve page browsing and search" option in chrome: // settings / syncSetup

Online description: cs.chromium.org/chromium/src/components/safe_browsing/realtime/url_lookup_service.cc?l=54



Download Protection



When you download, for example, the installer for Windows, it may be a program that is dangerous for your computer, a trojan, or other malicious software . In order to protect users from such “gifts”, the SafeBrowsing code in Chromium and the Vivaldi browser itself check URLs for their absence in the black list or the presence of white lists of downloads. If it is not possible to locally verify the security of the downloaded file, more detailed information is sent to the SafeBrowsing server - the URL of the downloaded file, a referral link, the hash of the downloaded file, any certification information that is available, and a response comes from the server whether the file is safe or not.



Unfortunately, it’s very difficult to determine the file’s reputation without this additional information, as malware vendors can change both the actual signatures of download URLs and the actual download data, but as a rule, some other parts should remain the same. There were real attacks that circumvented the protection before the URL and referral links were added to the list of verified data.



The same system is used in Mozilla Firefox .



Cookies: Allowed from SafeBrowsing isolated storage (for counting unique users)

Control: SafeBrowsing settings in chrome: // settings / syncSetup

Online Description: cs.chromium.org/chromium/src/chrome/browser/safe_browsing/download_protection/check_client_download_request_base.cc?l=568&rcl=17b2adf184fb218b6096a359b8a06a92be6d22d7



Spellchecking



Vivaldi uses a spelling system inherited from Chromium. When you enter text, this function helps you avoid typos. This system downloads dictionaries from the network from Google’s servers for local verification of input text using redirector.gvt1.com servers.



Cookies: No

Control: chrome: // settings / languages

Online description: cs.chromium.org/chromium/src/chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc?rcl=95bfa1651b4e2e843fa06ead8506e22f178c00f8&l=282



Other activity



Chromium code can, under certain conditions, test the network to see if it is in a “hijacked portal”, such as a public WiFi network portal, which requires a login or click to accept EULA.



Cookies: No

Control: chrome: // settings / languages

Online description: cs.chromium.org/chromium/src/chrome/browser/captive_portal/captive_portal_service.cc?rcl=ee1c95127800309d94e5457d41983d326fda1fcf&l=252



Vivaldi Server Requests



User Statistics



Recently, we decided to change the way we count our users because some people perceive the use of unique identifiers as a form of tracking. We are currently introducing a new method of counting users that does not require unique identifiers.



Before we can completely remove the unique identifier, we will go through several steps to make sure that the new code works as intended, and that we can trust the numbers reported by this counter. For more information, check out this article explaining how we view our users .



Accessing the unwanted ad database



Earlier this year, we introduced our own ad blocking support on sites with unfair advertising practices, such as misleading ads or ads that prevent you from leaving the site. This functionality is implemented using a list provided by Google. This list is not directly downloaded from Google. Instead, it is hosted on our own servers after a simple preprocessing of the list uploaded by our internal server from Google. The list is updated daily from the server automatically by the browser and applied to intrusive websites without having to contact the server each time.



Check for auto updates



The Vivaldi versions for Windows and Mac constantly check our servers for browser updates. The option is disabled in the settings if desired.



User Generated Queries



Synchronization



When you activate the built-in synchronization in Vivaldi, you log in to your account on the Vivaldi community website using the login.vivaldi.net server, and the actual synchronization is carried out through the bifrost.vivaldi.com server.



Website Notifications



When you allow a site (such as a news site) to send you notifications, the site installs a small script in your browser that indicates where to receive notifications. There are several service providers for this, and the website decides which one to use. One of them is Google Cloud Messaging (GCM), located at mtalk.google.com. The corresponding internal URLs for this system are:



chrome: // settings / content / notifications

chrome: // settings / siteData

vivaldi: // gcm-internals



Installed Extensions



User-installed extensions can connect to their developer's own site to request updates or to report various usage data. This is definitely not where Vivaldi can control the situation. We always encourage our users to carefully choose their extensions and make sure that the suppliers of the extensions are reliable.



Why network activity scanners do not show a full picture



Users who run network activity scanners typically use only the network activity monitor. In this case, a reverse DNS lookup is performed, as a result of which an “arbitrary” host name is displayed.



Meanwhile, for example, the Google servers to which Vivaldi connects are located in large server parks on several servers, even at several geographical points, and each of these servers has a unique host name. It is this unique name that is registered in the reverse DNS index for its IP address.



It is highly unlikely that you will receive a complete list of servers hosted on this IP address of the main farms used by Google, Amazon or Microsoft, or that it will contain the name of the server to which the client is actually connected.



The best way to find out which servers the client is connecting to is to listen for DNS queries and responses. This will tell you exactly which servers your browser is connecting to.



An even better way to see what is happening is to use the information provided by Vivaldi. Launch Vivaldi with the argument --enable-logging = stderr --v = 1. As a result, a data packet will be created, saved in the chrome_debug.log file in the User Data installation directory, and among the presented data there will be lines with the following text: NetworkDelegate :: NotifyBeforeURLRequest :. This will indicate which URLs have been requested by the browser.



In conclusion, none of the automated services sends data or statistics about your online activity to Vivaldi or Google.



Photo by Luca Bravo on Unsplash.



Read more:



Vivaldi: Built using Chromium, but different from Chrome



Vivaldi's powerful privacy settings



How a browser protects your privacy



What's Vivaldi's business model?



Author of the original article : Ingve Pettersen, Security Expert, Vivaldi Software



All Articles