Disable gaia in brave-core

[jumde]

On startup, Brave gets a list of the google accounts from gaia, which connects to accounts.google.com. Disable gaia to avoid these connections.

[diracdeltas]

could you list which domains are from gaia? i'm seeing some which might not be

[jumde]

On v 0.53.0. Here is the list of domains that I see on connect:

- accounts.google.com
- clients2.google.com
- ssl.gstatic.com
- update.googleapis.com
- googleapis.com
- clients2.googleusercontent.com

Here is a set of domains from gaia: https://cs.chromium.org/chromium/src/google_apis/gaia/gaia_urls.cc?q=gaia&dr=CSs

Issue to prevent connection to other google domains is tracked here - #663

[diracdeltas]

can this issue be fixed by setting the gaia URL constants to about:blank?

[jumde]

That might be a good solution, there may be side effects though. I can take a shot at this.

[jumde]

No connections are made to the gaia domains on browser-laptop on startup

[notDavid]

fyi, on 0.55.2 i see (after installing, on first startup, without any browsing):

www.gstatic.com
ssl.gstatic.com
www.googleapis.com
updates.googleapis.com
clients2.google.com
accounts.google.com
clients2.googleusercontent.com

(See screenshot here)

[bbondy]

New change landing in
brave/brave-core#512

Gaia URL will effectively always go to no-thanks.invalid which is a non resolve-able invalid host.
I'll keep this issue open for now though so we can work on seeing if we can not even compile the gaia code.

[LaurenWags]

Using

Brave	0.55.14 Chromium: 70.0.3538.54 (Official Build) beta(64-bit)
Revision	4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS	Mac OS X

This is what I see with LittleSnitch (first run, no browsing, using steps found here: #514 (comment))

[diracdeltas]

@LaurenWags i think those are all for extension updates (PDFJS), not Gaia related.

cc @tomlowenthal

[tildelowengrimm]

Per discussion in slack, we're planning to serve PDFJS from the go-updater server rather than letting the browser connect to Google.

[tildelowengrimm]

Moved this PDFJS sitch to its own issue: #1669 (nice).

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

Sorry if not posting in the right issue, but i saw this old one still open so I thought it would be good to share my findings from 2020. Brave still opens connections even with addons disabled and safebrowsing disabled, as follows:

upon startup:
+p.ssl.fastly.net / 199.232.197.7 / 199.232.193.7(on startup + 1 minute after + on quit)
+update.googleapis.com / 172.217.18.67, 216.58.214.227
+dualstack.f4.shared.global.fastly.net / 151.101.2.110 / 151.101.194.110 (on startup + on quit?)

seen rarely at random times:
+play.google.com
+www.gstatic.com / 172.217.18.67
+ssl.gstatic.com
+googlehosted.l.googleusercontent.com
+gstaticadssl.l.google.com

[bsclifton]

cc: @jumde on above comments (RE: specific domains)

We should be blocking GAIA, unless you have the Allow Google login for extensions option enabled. When it is used, it will be proxied. DICE (browser login) should be disabled

Should this be closed?

[jumde]

This is controlled by the flag Allow Google login for extensions, which is disabled by default.