[artix-general] Zen Browser Secuity Test (FAIL)

Carlo den Otter artist at artixlinux.org
Sat Apr 12 19:11:36 CEST 2025 

Mails about zen should be sent to zen.

On 4/12/25 14:47, elektron wrote:
> Default Zen Browser Connections Test:
>
> Tests:
> 1. First icon click. Recording the network traffic without user input. 
> Zero user clicks test.
> 2. Closing the the program then clicking the icon again. Recording for 
> the second time the network traffic without user input. Zero user 
> clicks test.
>
> 1. First Zen Browser Opening Attempt (no user interaction, no home 
> website opened - empty one tab; after clicking browser icon and doing 
> nothing, "as is result"):
>
> fonts.gstatic.com <http://fonts.gstatic.com>
> ssl.google-analytics.com <http://ssl.google-analytics.com>
> www.youtube.com <http://www.youtube.com>
> discord.com <http://discord.com>
> id.rlcdn.com <http://id.rlcdn.com>
> o418887.ingest.sentry.io <http://o418887.ingest.sentry.io>
> www.youtube.com <http://www.youtube.com>
> v.redd.it <http://v.redd.it>
> www.reddit.com <http://www.reddit.com>
> ocsp.sectigo.com <http://ocsp.sectigo.com>
> r10.o.lencr.org <http://r10.o.lencr.org>
> cdn.prod.website-files.com <http://cdn.prod.website-files.com>
> ajax.googleapis.com <http://ajax.googleapis.com>
> lh3.googleusercontent.com <http://lh3.googleusercontent.com>
> alb.reddit.com <http://alb.reddit.com>
> fonts.gstatic.com <http://fonts.gstatic.com>
> calendar.google.com <http://calendar.google.com>
> aus5.mozilla.org <http://aus5.mozilla.org>
> www.googletagmanager.com <http://www.googletagmanager.com>
> fonts.googleapis.com <http://fonts.googleapis.com>
> ad-delivery.net <http://ad-delivery.net>
> calendar.google.com <http://calendar.google.com>
> web.whatsapp.com <http://web.whatsapp.com>
> o.pki.goog
> fonts.gstatic.com <http://fonts.gstatic.com>
> www.redditstatic.com <http://www.redditstatic.com>
> styles.redditmedia.com <http://styles.redditmedia.com>
> d3e54v103j8qbb.cloudfront.net <http://d3e54v103j8qbb.cloudfront.net>
> error-tracking.reddit.com <http://error-tracking.reddit.com>
> www.gstatic.com <http://www.gstatic.com>
> firefox-settings-attachments.cdn.mozilla.net 
> <http://firefox-settings-attachments.cdn.mozilla.net>
> www.google-analytics.com <http://www.google-analytics.com>
> www.notion.so <http://www.notion.so>
> abs-0.twimg.com <http://abs-0.twimg.com>
> www.youtube.com <http://www.youtube.com>
> www.gstatic.com <http://www.gstatic.com>
> fonts.googleapis.com <http://fonts.googleapis.com>
> www.gstatic.com <http://www.gstatic.com>
> www.google.com <http://www.google.com>
> x.com <http://x.com>
> api.x.com <http://api.x.com>
> t1.gstatic.com <http://t1.gstatic.com>
> accounts.google.com <http://accounts.google.com>
> www.googletagmanager.com <http://www.googletagmanager.com>
> calendar.google.com <http://calendar.google.com>
> c.adora-cdn.com <http://c.adora-cdn.com>
> www.googletagmanager.com <http://www.googletagmanager.com>
> t1.gstatic.com <http://t1.gstatic.com>
> ciscobinary.openh264.org <http://ciscobinary.openh264.org>
> services.addons.mozilla.org <http://services.addons.mozilla.org>
> x.com <http://x.com>
> video.twimg.com <http://video.twimg.com>
> a.slack-edge.com <http://a.slack-edge.com>
> t.co <http://t.co>
> firefox-settings-attachments.cdn.mozilla.net 
> <http://firefox-settings-attachments.cdn.mozilla.net>
> r11.o.lencr.org <http://r11.o.lencr.org>
> www.google.com <http://www.google.com>
> www.notion.so <http://www.notion.so>
> www.youtube.com <http://www.youtube.com>
> lh3.googleusercontent.com <http://lh3.googleusercontent.com>
> pbs.twimg.com <http://pbs.twimg.com>
> o418887.ingest.sentry.io <http://o418887.ingest.sentry.io>
> www.notion.so <http://www.notion.so>
> www.google.com <http://www.google.com>
> emoji.redditmedia.com <http://emoji.redditmedia.com>
> static.cloudflareinsights.com <http://static.cloudflareinsights.com>
> storage.googleapis.com <http://storage.googleapis.com>
> reddit.com <http://reddit.com>
> ssl.google-analytics.com <http://ssl.google-analytics.com>
> storage.googleapis.com <http://storage.googleapis.com>
> www.gstatic.com <http://www.gstatic.com>
> web.whatsapp.com <http://web.whatsapp.com>
> fonts.googleapis.com <http://fonts.googleapis.com>
> http-inputs-notion.splunkcloud.com 
> <http://http-inputs-notion.splunkcloud.com>
> accounts.google.com <http://accounts.google.com>
> adora-cdn.com <http://adora-cdn.com>
> firefox.settings.services.mozilla.com 
> <http://firefox.settings.services.mozilla.com>
> abs.twimg.com <http://abs.twimg.com>
> region1.google-analytics.com <http://region1.google-analytics.com>
> video.twimg.com <http://video.twimg.com>
> cdn.discordapp.com <http://cdn.discordapp.com>
> o324374.ingest.sentry.io <http://o324374.ingest.sentry.io>
> transcend-cdn.com <http://transcend-cdn.com>
> abs.twimg.com <http://abs.twimg.com>
> api.x.com <http://api.x.com>
> detectportal.firefox.com <http://detectportal.firefox.com>
> detectportal.firefox.com <http://detectportal.firefox.com>
> ocsp.digicert.com <http://ocsp.digicert.com> 80HTTP
> cdn.localizeapi.com <http://cdn.localizeapi.com>
> fonts.bunny.net <http://fonts.bunny.net>
> o324374.ingest.sentry.io <http://o324374.ingest.sentry.io>
> merino.services.mozilla.com <http://merino.services.mozilla.com>
> api.twitter.com <http://api.twitter.com>
> www.notion.so <http://www.notion.so>
> notion.com <http://notion.com>
> w3-reporting.reddit.com <http://w3-reporting.reddit.com>
> accounts.google.com <http://accounts.google.com>
> appleid.cdn-apple.com <http://appleid.cdn-apple.com>
> www.gstatic.com <http://www.gstatic.com>
> calendar.google.com <http://calendar.google.com>
> location.services.mozilla.com <http://location.services.mozilla.com>
> content-signature-2.cdn.mozilla.net 
> <http://content-signature-2.cdn.mozilla.net>
> ajax.googleapis.com <http://ajax.googleapis.com>
> accounts.google.com <http://accounts.google.com>
> www.redditstatic.com <http://www.redditstatic.com>
> edgedl.me.gvt1.com <http://edgedl.me.gvt1.com>
> www.google-analytics.com <http://www.google-analytics.com>
> transcend-cdn.com <http://transcend-cdn.com>
> cdn.discordapp.com <http://cdn.discordapp.com>
> geolocation.onetrust.com <http://geolocation.onetrust.com>
> abs.twimg.com <http://abs.twimg.com>
> edgedl.me.gvt1.com <http://edgedl.me.gvt1.com>
> push.services.mozilla.com <http://push.services.mozilla.com>
> github.githubassets.com <http://github.githubassets.com>
> region1.google-analytics.com <http://region1.google-analytics.com>
> www.googletagmanager.com <http://www.googletagmanager.com>
> accounts.google.com <http://accounts.google.com>
> www.google.com <http://www.google.com>
> accounts.google.com <http://accounts.google.com>
> fonts.gstatic.com <http://fonts.gstatic.com>
> workspace.google.com <http://workspace.google.com>
> firefox.settings.services.mozilla.com 
> <http://firefox.settings.services.mozilla.com>
> ocsp.r2m03.amazontrust.com <http://ocsp.r2m03.amazontrust.com> 80HTTP
> accounts.google.com <http://accounts.google.com>
> trello.com <http://trello.com>
> id.rlcdn.com <http://id.rlcdn.com>
> accounts.google.com <http://accounts.google.com>
> external-preview.redd.it <http://external-preview.redd.it>
>
> ---
>
> 2. Second Zen Browser Opening Attempt (no user interaction, no home 
> website opened - empty one tab; after clicking browser icon and doing 
> nothing, "as is result"):
>
> merino.services.mozilla.com <http://merino.services.mozilla.com>
> r10.o.lencr.org <http://r10.o.lencr.org>
> detectportal.firefox.com <http://detectportal.firefox.com> 80HTTP
> detectportal.firefox.com <http://detectportal.firefox.com>
> r11.o.lencr.org <http://r11.o.lencr.org> 80HTTP
> firefox.settings.services.mozilla.com 
> <http://firefox.settings.services.mozilla.com>
> detectportal.firefox.com <http://detectportal.firefox.com>
> content-signature-2.cdn.mozilla.net 
> <http://content-signature-2.cdn.mozilla.net>
> merino.services.mozilla.com <http://merino.services.mozilla.com>
>
> None of these websites/connections were opened/initiated in any tab 
> whatsoever. Only one tab started and it was empty. All these 
> connections were done without any user interaction. All listed 
> connections were done behind the user's back, without any visual 
> clues. User was not informed that these unsanctioned connections were 
> made. The data sent with these connections to these servers needs to 
> be further and thoroughly investigated.
>
> P.S. 1: On first open, Zen Browser gives you some sort of "first time 
> wizard" (just click next, next, next). For the purpose of this test, 
> it's irrelevant, althought it's worth mentioning, that some 
> connections may happen before you finish the first time wizard. Wizard 
> does not indicate and does not say anything about any connections. 
> It's just launched before the main programme window appears.
>
> P.S. 2: Chain of command:
> 1. German govt sponsors Tuanota
> 2. Tutanota sponsors Zen Browser
> 3. Additional info: German gov't via Sony (german law) is the one that 
> filed* a lawsuit against Quad 9 to force it to be a forefront of 
> German govt censorship. Other ISPs (and their DNS-es) had bowed down 
> long time ago and have been secretly handing over DNS requests to 
> German govt. Germany is one of the worst place for Internet and 
> communication privacy.
>
>  * Indirectly, no doubt. With the purpose of plausible deniability 
> ("it wasn't us"). Clever tactic, but not so much. They know the 
> propaganda. Whoever knows the history, has no doubt, whoever doesn't 
> know the history is doomed to repeat it.
>
>
>
> Sent with Proton Mail <https://proton.me/mail/home> secure email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.artixlinux.org/archives/artix-general/attachments/20250412/178d5fa3/attachment-0001.htm>

More information about the artix-general mailing list