以下标题为：X-Chrome-Variations？ [英] What is following header for: X-Chrome-Variations?

问题描述

  X 
 
我在看Fiddler的chrome发送的http请求， -Chrome-Variations：CNa1yQEIjrbJAQiYtskBCKK2yQEIp7bJAQiptskBCLmDygE = 
  

这是一个base64编码的35字节数组：

  8,214,181,201,1，
 8,142,182,201,1，
 8,152,182,201,1，
 8,162,182,201,1，
 8,167,182,201,1，
 8,169,182,201,1，
 8,185,131,202,1 
  

我在网上看到了这个数字的几个例子。

任何人都可以向我解释这是什么，以及为什么chrome发送它（以及它是否可以使用Google Chrome开发人员通过启用一项功能，可以随机选择一些Chrome安装程序来测试实验性功能，以便识别/跟踪我）？

解决方案

并观察该功能的工作原理。这个通用术语是现场试验。当谷歌浏览器第一次运行时，它会生成一个介于1到8192之间的随机数字，然后用它来确定是否参与特定的现场试用。

谷歌浏览器和隐私权白皮书（PDF，2012年10月，当前截止至Chrome 22.0.1229.79）提供了这些细节。 $ b

为了帮助指导用户实际找到的功能的构建，一部分用户可能会在向全世界发布新功能之前偷偷摸摸地看看新功能。您安装的Chrome浏览器当前处于活动状态的现场测试将包含在发送给Google服务器的所有请求中，以便Google仅针对指定版本的Chrome生成的日志进行过滤。这个 Chrome-Variations 标题不会包含任何个人身份信息，并会严格描述Chrome本身的安装状态。

对于给定的安装，活动的变化由第一次运行时随机选择的1到8192（13位熵）的种子数决定。如果您想重置变体种子，请使用命令行标志--reset-variation-state运行Chrome。

Google Chrome会将有关哪些字段试用活动当前处于活动状态的信息发送到 *。google。< TLD> （其中。< TLD> ; 是一个顶级域名，如.com，.org，.co.uk，.cn，.biz等）。大部分但不是全部这些域名都归Google所有。现场试用标识符存储在协议缓冲区中，并使用base64编码并以 X-Chrome-Variations 标题。如果您选择将使用情况统计信息和崩溃报告发送给Google（可通过 chrome：// chrome / settings / search＃privacy 查看复选框），则可以使用启用X-Chrome-UMA：1 标题也被发送。处于隐身模式时，不会发送标头。

从修订版156914 （根据发布表），现场试用列表显示在 about：version 页面的变体标题下。

相关源代码位于 chromium / src / chrome / browser / renderer_host / chrome_resource_dispatcher_host_delegate.cc 文件。头文件在 ChromeResourceDispatcherHostDelegate :: AppendChromeMetricsHeaders 方法中发送。 X-Chrome-Variations 的值在 ChromeResourceDispatcherHostDelegate :: UpdateVariationIDsHeaderValue 方法中构造。现场试验使用 base :: FieldTrial 类定义/metrics/field_trial.h?view=markuprel =noreferrer> src / base / metrics / field_trial.h

至于使用这些标题跟踪您的能力，这取决于您的现场试验的实际组合的独特性，我不知道这些特性。但请记住，即使您剥离了 X-Chrome-Variations 标头，禁用了Cookie，本地存储和Flash本地存储，您的浏览器仍可以使用缓存指纹技术或使用它通常发送的请求标头的组合，可用于JavaScript或Flash的系统配置信息，可能是您倾向于使用的IP地址块，如EFF的 Panopticlick 所示。因此，隐私游戏基本上会丢失，除非您在Privoxy设置中使用精心配置的 Tor ，即使此时可能发生泄漏。

I was looking at http requests sent by chrome in Fiddler, and I noticed following http header which puzzles me:

 X-Chrome-Variations: CNa1yQEIjrbJAQiYtskBCKK2yQEIp7bJAQiptskBCLmDygE=

This is a base64 encoded 35-byte array:

8,214,181,201,1,
8,142,182,201,1,
8,152,182,201,1,
8,162,182,201,1,
8,167,182,201,1,
8,169,182,201,1,
8,185,131,202,1

I've seen several examples of this number on the web.

Can anyone explain to me what this is, and why chrome sends it out (and if it could be used to identify/track me)?

解决方案

Google Chrome developers test experimental features by enabling a feature for a small random selection of Chrome installs and watching how the feature works. The common term for this is field trials. When Google Chrome runs for the first time, it generates a random number between 1 and 8192 and later uses it to determine whether to participate in a particular field trial.

The "Google Chrome and Privacy" whitepaper (PDF, October 2012, current as of Chrome 22.0.1229.79) provides these details.

To help guide the construction of features that users actually find useful, a subset of users may get a sneak peek at new functionality before it’s launched to the world at large. The field trials that are currently active on your installation of Chrome will be included in all requests sent to Google servers to allow Google to filter logs for only those generated by a given variation of Chrome. This Chrome-Variations header will not contain any personally identifiable information, and will strictly describe the state of the installation of Chrome itself.

The variations active for a given installation are determined by a seed number between 1 and 8192 (13 bits of entropy) which is randomly selected on first run. If you would like to reset your variations seed, run Chrome with the command line flag "--reset-variation-state".

Google Chrome sends information about which field trials are currently active to all domains of the form *.google.<TLD> (where .<TLD> is a top-level domain, such as .com, .org, .co.uk, .cn, .biz and so on). Most but not all of those domains are owned by Google. The field trial identifiers are stored in a protocol buffer, encoded with base64 and sent in the X-Chrome-Variations header. If you have opted in to send usage statistics and crash reports to Google (a checkbox accessible at chrome://​chrome/​settings/​search#privacy), an X-Chrome-UMA-Enabled: 1 header is also sent. The headers are not sent when in Incognito mode.

Starting with revision 156914 (included in Chrome 23 and later versions according to the release table), the list of field trials is displayed under the Variations title on the about:version page.

The relevant source code is in the chromium/​src/​chrome/​browser/​renderer_host/​chrome_resource_dispatcher_host_delegate.cc file. The headers are sent in the ChromeResourceDispatcherHostDelegate::​AppendChromeMetricsHeaders method. The value of X-Chrome-Variations is constructed in the ChromeResourceDispatcherHostDelegate::​UpdateVariationIDsHeaderValue method. Field trials are defined using the base::FieldTrial class from file src/​base/​metrics/​field_trial.h

As for the ability to track you using those headers, that depends on the uniqueness properties of the actual combination of your field trials, which I'm not aware of. But keep in mind that even if you strip the X-Chrome-Variations headers, disable cookies, local storage and Flash local storage, your browser may still be identifiable using cache fingerprinting techniques or using the combination of the request headers it normally sends, your system configuration info available to JavaScript or Flash and possibly the IP address blocks you tend to use, as demonstrated by EFF's Panopticlick. So the privacy game is basically lost unless you use a carefully configured Tor with Privoxy setup, and even then leaks are possible.

这篇关于以下标题为：X-Chrome-Variations？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！