Prevent connections to google domains on start-up

[jumde]

Test Plan

Please follow the test plan outlined under #663 (comment).

Original Reported Issue

Disabling connections to domains from gaia is tracked here: #527

These are not gaia domains

- clients2.google.com
- ssl.gstatic.com

• accounts.google.com

[diracdeltas]

i also see it trying to connect to gstatic over HTTP, maybe because i denied the HTTPS connection

[jumde]

No connections are made to the google domains on browser-laptop on startup

[simonhong]

What is gstatic.com - https://superuser.com/a/64724

[jumde]

Is there a resource that we need from gstatic at brave-core startup?

[bbondy]

clients2.google.com is used for updates for extensions we don't support.
One extension is PDFJS which automatically gets installed.
So I think that one is expected.

@jumde could you update comment 0 if you agree that client2.google.com should be removed, and then also could you give the full URL for the request to ssl.gstatic.com?

[jumde]

@bbondy - Could we proxy requests to clients2.google.com?

Here are the details for the gstatic url:

[jumde]

On Brave-Browser-Beta I'm seeing additional requests to google domains, are these expected?

[bbondy]

@bbondy - Could we proxy requests to clients2.google.com?

If we have a proxy setup, you can give me the new urls and I can send requests there instead.

[NejcZdovc]

reopening, because probably it was closed by mistake with a commit, where PR is open

[kjozwiak]

@bbondy @jumde if there's something particular that QA should be verifying in this issue, can you please add some test cases and add the "QA/Yes" label. If there's nothing that needs checking/verifying, please label this as QA/No. Thanks!

[jumde]

@kjozwiak - Issue for proxying requests for clients2.google.com through a brave proxy is logged here: https://github.com/brave/devops/issues/320

Test Plan

1. Open Brave with a new profile.
2. Navigate to different settings page, tor-window, guest window
3. Using Little Snitch/Fiddler/netstat confirm that Brave is not connecting to any google domains except clients2.google.com

[kjozwiak]

Awesome, thanks @jumde! 👍

[jumde]

Charles proxy works well for Linux. Set up instructions - https://www.charlesproxy.com/documentation/installation/apt-repository/

[srirambv]

Verification Passed on

Brave	0.55.14 Chromium: 70.0.3538.54 (Official Build) beta(64-bit)
Revision	4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS	Linux

• Verified steps from Prevent connections to google domains on start-up #663 (comment) for Normal/Private/Guest/Tor windows
• 

Verified passed with:

Brave	0.55.14 Chromium: 70.0.3538.54 (Official Build) beta(64-bit)
Revision	4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS	Mac OS X

*Verified Normal, Private, Guest, and Tor windows

Verification passed on

Brave	0.55.14 Chromium: 70.0.3538.54 (Official Build) beta(64-bit)
Revision	4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS	Windows 7

*Verified Normal, Private, Guest, and Tor windows using Fiddler

[diracdeltas]

I verified this using net-internals on 0.55.16 and found some residual google connections on startup, so am reopening:

https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/translate_ranker_20180123.model, https://clients1.google.com/tbproxy/af/query?, https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_0.pb, https://www.gstatic.com/chrome/config/plugins_3/plugins_mac.json, and https://www.googleapis.com/chromewebstore/v1.1/items/verify

[diracdeltas]

So re-reading the history of this issue, I think what happened was PJ did verify there were still google domains unblocked (#663 (comment)), it was decided to address those in a follow-up issue using a proxy server (https://github.com/brave/devops/issues/320), but the proxy issue wasn't marked as release/blocking for 0.55 so it didn't get started in time. :(

[diracdeltas]

for future reference, chrome://net-internals is more useful than little snitch because it shows the request path and response code and works cross-platform

1. download brave
2. open it with these command line flags --log-net-log=/path/to/somefile.json --net-log-capture-mode=IncludeSocketBytes. for instance on my mac it's open /Applications/Brave\ Browser.app --args --log-net-log=/Users/yan/chromelog4.json --net-log-capture-mode=IncludeSocketBytes
3. close brave, open brave, go to chrome://net-internals and pick the option to import the JSON file from step 2
4. inspect requests that say URL_REQUEST and you can actually see what they are sent to

note requests that return 307 are not actually sent over the network

[diracdeltas]

follow up issues have been opened:
https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/translate_ranker_20180123.model is #1674,
https://clients1.google.com/tbproxy/af/query? is #1676,
https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_0.pb is #1673,
https://www.gstatic.com/chrome/config/plugins_3/plugins_mac.json is #1684, and
https://www.googleapis.com/chromewebstore/v1.1/items/verify is #1672

this can be closed once those are closed and someone (me?) does a final run through for any remaining goog requests

[diracdeltas]

verified except for #1715. tracking that in its own issue.