Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2013-09-08 01:48:15

damacdonald
Guest

epic seems to "phone home" to Google as much as Chrome - Why?

Since I have "Little Snitch" installed on my Mac I can see every outbound communication attempt.

After using epic for a few hours it appears that epic tries to connect back to Google as much as Chrome does.

I'm curious as to why that's the case.

I've configured Little Snitch" to selectively block Chrome's constant chatter back to Google.  If I have to do the
the same thing with epic I see no reason to use it.

Offline

#2 2013-09-08 04:57:03

sai
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

Hi,

We've never encountered this. We are very concerned anything that hits Google. We've done lot of testing on this. Can you help us reproduce this by giving us steps.

Thanks

Offline

#3 2013-09-08 18:52:16

damacdonald
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

Sure, but there is really nothing to recreate:

1. You need an Apple Macintosh with "Little Snitch" installed:
         'http://www.obdev.at/products/littlesnitch/'

         I think they offer a limited time free trial.  Its cheap enough, so I just purchased it.
         It tracks and optionally blocks outbound network traffic.  Note the 'outbound'. It is NOT a firewall.
         I suggest checking that once installed LittleSnitch is set to "factory defaults" to get started.

2. Install epic bowser and fire it up.  LittleSnitch will soon become a "pain in the ass" as it blocks and pops up
         an alert on every outbound network connecton -- until you train it as to what to allow and what to block.

For example, using epic to just browse to this website to check this forum resulted in the following "epic wants to connect" alerts
that relate to google:

          1.  ssl.gstatic.com on TCP port 443 (https)
          2.  ssl.google.com on TCP port 443 (https)
          3.  safebrowsing.google.com on TCP port 443 (https)
          4.  alt1.safebrowsing,google.com on TCP port 443 (https)
          5.  sb1.google.com on TCP port 443 (https)
          6.  clients2.google.com on TCP port 80 (http)
                        <time spent typing this reply>
          7.  clients1.google2.com on TCP port 443 (https)


Some of these alerts are probably redundant, since I denied all these requests to connect.  Note that these are only the connection
attempts that relate to google -- the other outbound connections, of which there were many, were allowed (for now).

is this traffic innocuous?  I don't know.  Thats the problem.  I personally don't feel like running "Wireshark' to check every packet
of network traffic going out.

To be fair Chrome results in the same outbound traffic, so this is not a epic problem.  But I think it does illustrate how much
information Google tries to capture from our web browsing.

Last edited by damacdonald (2013-09-08 18:55:49)

Offline

#4 2013-09-08 21:55:49

Jeff
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

I'm witnessing the same events as damacdonald.

I'm also running on a Mac with Little Snitch monitoring all I/O, and EPIC is obviously dumping to google, along with another trackback that I've not gotten to the bottom of yet.

JUst to make it clear, I'm only monitoring the activity from EPIC in the area shown above SystemUIServer.

Here's a quickie screen shot of little snitch:

googlesnoop.jpg



Popups...
I tested out a few websites notorious for popups, and EPIC fails miserably, opening lots of new pages of spam.  Firefox 23 blocks everything.

I believe EPIC still needs a lot of work. Back to Firefox with donottrackme installed for now.

Good Luck.

Offline

#5 2013-09-09 03:52:40

damacdonald
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

Jeff, great idea using the screen shot!  Damn, which I had thought of that -- before I did all that typing.

Yup, LittleSnitch is a real eye-opener.  Everyone runs a firewall to block the bad guys from getting in but
never thinks to check to see what's going outbound.

Every popular website has a myriad of attempts to dump data from the visitor's browser.  Most people
don't realize how much data flows out since their not monitoring their outbound data.

Chrome (which includes epic for now) is the frackin' worst since it constantly tries to connect back to Google.
If you block one outbound connection attempt it just tries another path a few minutes later.  Chrome never
gives up until every single outbound path it knows is blocked -- and its invisible to most users

Last edited by damacdonald (2013-09-09 03:54:06)

Offline

#6 2013-09-09 23:49:53

alok
Administrator

Re: epic seems to "phone home" to Google as much as Chrome - Why?

Hi Damacdonald, Hi Jeff -- Thanks for the posts & details!! 

The pings are related to Google's Safebrowsing which is built into Chrome/Chromium.  Essentially Google SafeBrowsing is deactivated in Epic but in the released builds the code is there though deactivated, so these pings are still getting made to try to download the list from Google -- since we have not entered in any API details, they keep failing and you're right Google can be relentless.   

They will be removed in an imminent update. 

[google's safebrowsing is disabled in Epic because the v1 api is no longer supported and the v2 api requires communication between google servers & your browser which violates your privacy, google does not make the raw data available at present -- there are other lists of malicious sites which Epic will be using, though, which can be hosted locally, actually working with those is why this code inadvertently was left in the release build] 

I know it's a pain to use Little Snitch, but it's important to use it from time to time to make sure of Epic's integrity.  So you can ensure yourself that no calls are being made to Epic servers for example when auto-fill recommendations come up in the address bar, etc.  If you turn it on in Chrome, you'll see dozens of various calls to Google servers as you've rightfully pointed out and hence the need for a browser that's not "calling home".

@Jeff -- can you post the sites where you're having the popup issues?  Do the popups happen in Chrome as well?  Epic uses the unmodified Chromium popup blocker.

Offline

#7 2013-09-11 01:06:57

damacdonald
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

I want to clarify my past comment about LittleSnitch being a 'pain in the ass".

LittleSnitch is only a pain in the beginning -- until you 'train' it on what to allow and what to block.

As LittleSnitch builds-up its rule set it becomes less and less intrusive until it only alerts on "new"
outbound connect attempts.

At this point I will not use a Macintosh without LittleSnitch installed and I encourage all Mac users to
install it.

I do not want my previous comment to give anyone the impression that LittleSnitch is not a great
application.  Its use is vital to see exactly what information is flowing out.  But in the beginning, it
alerts a lot, which only illustrates how many browsers and websites are trying to take user information
in the background, without any notification.

Offline

#8 2013-09-16 18:16:12

sai
Guest

Re: epic seems to "phone home" to Google as much as Chrome - Why?

You can download the latest update for mac and windows....! This behavior is stopped now. Thank you for making Epic better....!

Offline

#9 2013-09-19 07:07:55

alok
Administrator

Re: epic seems to "phone home" to Google as much as Chrome - Why?

LittleSnitch is a super tool - second that!!

Offline

Board footer