ungoogled-chromium/patches/core/iridium-browser/all-add-trk-prefixes-to-possibly-evil-connections.patch

From 06f6141610cb2aa562c94dbb9f1f4355e4b34c5d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 30 Sep 2019 09:37:51 +0200
Subject: [PATCH 75/76] all: add trk: prefixes to possibly evil connections

Prefix URLs to Google services with trk: so that whenever something
tries to load them, the developer will be informed via printf and
dialog (extra info bar between URLbar and content window) about this.

If you see such dialog, we know that (a) either the URL needs to be
whitelisted, or (b) the feature that triggered it needs to be disabled
by default.
---
 build/mac/tweak_info_plist.py                 |  2 +-
 .../customization/customization_document.cc   |  2 +-
 .../file_manager/private_api_drive.cc         |  2 +-
 .../file_manager/private_api_misc.cc          |  2 +-
 .../remote_commands/crd_host_delegate.cc      |  6 +++---
 .../cryptotoken_private_api.cc                |  4 ++--
 chrome/browser/extensions/install_signer.cc   |  2 +-
 .../media/webrtc/webrtc_event_log_uploader.cc |  2 +-
 .../media/webrtc/webrtc_log_uploader.cc       |  2 +-
 .../nacl_host/nacl_infobar_delegate.cc        |  2 +-
 .../profiles/profile_avatar_downloader.cc     |  2 +-
 .../default_apps/external_extensions.json     |  6 +++---
 .../client_side_detection_service.cc          |  2 +-
 .../download_protection/download_feedback.cc  |  2 +-
 .../spellcheck_hunspell_dictionary.cc         |  2 +-
 .../supervised_user_service.cc                |  2 +-
 .../browser/tracing/crash_service_uploader.cc |  2 +-
 .../ui/views/outdated_upgrade_bubble_view.cc  |  2 +-
 .../ui/webui/ntp/ntp_resource_cache.cc        |  8 ++++----
 .../components/recovery_component.cc          |  2 +-
 .../crash/crashpad_crash_reporter.cc          |  2 +-
 .../extensions/chrome_extensions_client.cc    |  4 ++--
 .../setup/google_chrome_behaviors.cc          |  2 +-
 .../browser/service/cast_service_simple.cc    |  2 +-
 chromecast/crash/linux/minidump_uploader.cc   |  2 +-
 .../simple_geolocation_provider.cc            |  2 +-
 .../common/cloud_devices_urls.cc              |  8 ++++----
 components/drive/service/drive_api_service.cc |  4 ++--
 components/feedback/feedback_uploader.cc      |  2 +-
 components/gcm_driver/gcm_account_tracker.cc  |  4 ++--
 components/google/core/common/google_util.cc  |  2 +-
 .../core/browser/web_history_service.cc       |  6 +++---
 components/metrics/url_constants.cc           |  2 +-
 .../core/browser/password_store.cc            |  8 ++++----
 components/rappor/rappor_service_impl.cc      |  2 +-
 .../safe_search_url_checker_client.cc         |  2 +-
 .../safe_search_api/stub_url_checker.cc       |  2 +-
 .../core/browser/translate_url_fetcher.cc     |  1 +
 .../translate/core/common/translate_util.cc   |  2 +-
 .../variations/variations_url_constants.cc    |  2 +-
 .../speech/speech_recognition_engine.cc       |  2 +-
 .../browser/webauth/authenticator_common.cc   |  4 ++--
 .../shell/browser/shell_browser_main_parts.cc |  2 +-
 google_apis/gaia/gaia_constants.cc            | 20 +++++++++----------
 google_apis/gaia/gaia_urls.cc                 |  1 +
 google_apis/gcm/engine/gservices_settings.cc  |  6 +++---
 .../notifier/base/gaia_token_pre_xmpp_auth.cc |  2 +-
 remoting/base/breakpad_mac.mm                 |  2 +-
 remoting/protocol/jingle_messages.cc          |  2 +-
 rlz/lib/lib_values.cc                         |  2 +-
 third_party/libjingle_xmpp/xmpp/constants.cc  |  6 +++---
 .../chromevox/background/prefs.js             |  4 ++--
 .../chromevoxclassic/host/chrome/host.js      |  4 ++--
 ui/views/examples/webview_example.cc          |  2 +-
 54 files changed, 89 insertions(+), 87 deletions(-)

--- a/build/apple/tweak_info_plist.py
+++ b/build/apple/tweak_info_plist.py
@@ -195,7 +195,7 @@ def _AddKeystoneKeys(plist, bundle_ident
   also requires the |bundle_identifier| argument (com.example.product)."""
   plist['KSVersion'] = plist['CFBundleShortVersionString']
   plist['KSProductID'] = bundle_identifier
-  plist['KSUpdateURL'] = 'https://tools.google.com/service/update2'
+  plist['KSUpdateURL'] = 'trk:132:https://tools.google.com/service/update2'
 
   _RemoveKeys(plist, 'KSChannelID')
   if base_tag != '':
--- a/chrome/browser/chromeos/customization/customization_document.cc
+++ b/chrome/browser/chromeos/customization/customization_document.cc
@@ -172,7 +172,7 @@ std::string ReadFileInBackground(const b
 
 // Template URL where to fetch OEM services customization manifest from.
 const char ServicesCustomizationDocument::kManifestUrl[] =
-    "https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
+    "trk:151:https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
 
 // A custom extensions::ExternalLoader that the ServicesCustomizationDocument
 // creates and uses to publish OEM default apps to the extensions system.
--- a/chrome/browser/chromeos/extensions/file_manager/private_api_drive.cc
+++ b/chrome/browser/chromeos/extensions/file_manager/private_api_drive.cc
@@ -860,7 +860,7 @@ void FileManagerPrivateInternalGetDownlo
   const CoreAccountId& account_id =
       identity_manager->GetPrimaryAccountId(signin::ConsentLevel::kNotRequired);
   std::vector<std::string> scopes;
-  scopes.emplace_back("https://www.googleapis.com/auth/drive.readonly");
+  scopes.emplace_back("trk:208:https://www.googleapis.com/auth/drive.readonly");
 
   scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory =
       content::BrowserContext::GetDefaultStoragePartition(
--- a/chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc
+++ b/chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc
@@ -82,7 +82,7 @@ namespace {
 
 using api::file_manager_private::ProfileInfo;
 
-const char kCWSScope[] = "https://www.googleapis.com/auth/chromewebstore";
+const char kCWSScope[] = "trk:209:https://www.googleapis.com/auth/chromewebstore";
 
 // Thresholds for mountCrostini() API.
 constexpr base::TimeDelta kMountCrostiniSlowOperationThreshold =
--- a/chrome/browser/chromeos/policy/remote_commands/crd_host_delegate.cc
+++ b/chrome/browser/chromeos/policy/remote_commands/crd_host_delegate.cc
@@ -78,11 +78,11 @@ constexpr char kCRDConnectClientKey[] =
 
 // OAuth2 Token scopes
 constexpr char kCloudDevicesOAuth2Scope[] =
-    "https://www.googleapis.com/auth/clouddevices";
+    "trk:233:https://www.googleapis.com/auth/clouddevices";
 constexpr char kChromotingRemoteSupportOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromoting.remote.support";
+    "trk:234:https://www.googleapis.com/auth/chromoting.remote.support";
 constexpr char kTachyonOAuth2Scope[] =
-    "https://www.googleapis.com/auth/tachyon";
+    "trk:235:https://www.googleapis.com/auth/tachyon";
 
 }  // namespace
 
--- a/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
+++ b/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
@@ -42,8 +42,8 @@ namespace {
 
 const char kGoogleDotCom[] = "google.com";
 constexpr const char* kGoogleGstaticAppIds[] = {
-    "https://www.gstatic.com/securitykey/origins.json",
-    "https://www.gstatic.com/securitykey/a/google.com/origins.json"};
+    "trk:273:https://www.gstatic.com/securitykey/origins.json",
+    "trk:274:https://www.gstatic.com/securitykey/a/google.com/origins.json"};
 
 // ContainsAppIdByHash returns true iff the SHA-256 hash of one of the
 // elements of |list| equals |hash|.
--- a/chrome/browser/extensions/install_signer.cc
+++ b/chrome/browser/extensions/install_signer.cc
@@ -65,7 +65,7 @@ const int kSignatureFormatVersion = 2;
 const size_t kSaltBytes = 32;
 
 const char kBackendUrl[] =
-    "https://www.googleapis.com/chromewebstore/v1.1/items/verify";
+    "trk:222:https://www.googleapis.com/chromewebstore/v1.1/items/verify";
 
 const char kPublicKeyPEM[] =                                            \
     "-----BEGIN PUBLIC KEY-----"                                        \
--- a/chrome/browser/media/webrtc/webrtc_event_log_uploader.cc
+++ b/chrome/browser/media/webrtc/webrtc_event_log_uploader.cc
@@ -122,7 +122,7 @@ void OnURLLoadUploadProgress(uint64_t cu
 }  // namespace
 
 const char WebRtcEventLogUploaderImpl::kUploadURL[] =
-    "https://clients2.google.com/cr/report";
+    "trk:300:https://clients2.google.com/cr/report";
 
 WebRtcEventLogUploaderImpl::Factory::Factory(
     scoped_refptr<base::SequencedTaskRunner> task_runner)
--- a/chrome/browser/media/webrtc/webrtc_log_uploader.cc
+++ b/chrome/browser/media/webrtc/webrtc_log_uploader.cc
@@ -482,7 +482,7 @@ void WebRtcLogUploader::UploadCompressed
             "Not implemented, it would be good to do so."
         })");
 
-  constexpr char kUploadURL[] = "https://clients2.google.com/cr/report";
+  constexpr char kUploadURL[] = "trk:301:https://clients2.google.com/cr/report";
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = !upload_url_for_testing_.is_empty()
                               ? upload_url_for_testing_
--- a/chrome/browser/nacl_host/nacl_infobar_delegate.cc
+++ b/chrome/browser/nacl_host/nacl_infobar_delegate.cc
@@ -32,7 +32,7 @@ base::string16 NaClInfoBarDelegate::GetL
 }
 
 GURL NaClInfoBarDelegate::GetLinkURL() const {
-  return GURL("https://support.google.com/chrome/?p=ib_nacl");
+  return GURL("trk:143:https://support.google.com/chrome/?p=ib_nacl");
 }
 
 base::string16 NaClInfoBarDelegate::GetMessageText() const {
--- a/chrome/browser/profiles/profile_avatar_downloader.cc
+++ b/chrome/browser/profiles/profile_avatar_downloader.cc
@@ -19,7 +19,7 @@
 
 namespace {
 const char kHighResAvatarDownloadUrlPrefix[] =
-    "https://www.gstatic.com/chrome/profile_avatars/";
+    "trk:271:https://www.gstatic.com/chrome/profile_avatars/";
 }
 
 ProfileAvatarDownloader::ProfileAvatarDownloader(size_t icon_index,
--- a/chrome/browser/resources/default_apps/external_extensions.json
+++ b/chrome/browser/resources/default_apps/external_extensions.json
@@ -27,17 +27,17 @@
   },
   // Google Sheets
   "aapocclcgogkmnckokdopfmhonfmgoek" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx",
+    "external_update_url": "trk:03:https://clients2.google.com/service/update2/crx",
     "web_app_migration_flag": "MigrateDefaultChromeAppToWebAppsGSuite"
   },
   // Google Slides
   "felcaaldnbdncclmgdcncolpebgiejap" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx",
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx",
     "web_app_migration_flag": "MigrateDefaultChromeAppToWebAppsGSuite"
   },
   // Drive extension
   "ghbmnnjooekpmoecnnnilnnbdlolhkhi" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx"
   }
 }
 
--- a/chrome/browser/safe_browsing/download_protection/download_feedback.cc
+++ b/chrome/browser/safe_browsing/download_protection/download_feedback.cc
@@ -200,7 +200,7 @@ const int64_t DownloadFeedback::kMaxUplo
 
 // static
 const char DownloadFeedback::kSbFeedbackURL[] =
-    "https://safebrowsing.google.com/safebrowsing/uploads/chrome";
+    "trk:164:https://safebrowsing.google.com/safebrowsing/uploads/chrome";
 
 // static
 DownloadFeedbackFactory* DownloadFeedback::factory_ = nullptr;
--- a/chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc
+++ b/chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc
@@ -278,7 +278,7 @@ GURL SpellcheckHunspellDictionary::GetDi
   DCHECK(!bdict_file.empty());
 
   static const char kDownloadServerUrl[] =
-      "https://redirector.gvt1.com/edgedl/chrome/dict/";
+      "trk:173:https://redirector.gvt1.com/edgedl/chrome/dict/";
 
   return GURL(std::string(kDownloadServerUrl) +
               base::ToLowerASCII(bdict_file));
--- a/chrome/browser/supervised_user/supervised_user_service.cc
+++ b/chrome/browser/supervised_user/supervised_user_service.cc
@@ -85,7 +85,7 @@ namespace {
 
 // The URL from which to download a host denylist if no local one exists yet.
 const char kDenylistURL[] =
-    "https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin";
+    "trk:272:https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin";
 // The filename under which we'll store the denylist (in the user data dir).
 const char kDenylistFilename[] = "su-blacklist.bin";
 
--- a/chrome/browser/tracing/crash_service_uploader.cc
+++ b/chrome/browser/tracing/crash_service_uploader.cc
@@ -41,7 +41,7 @@ using std::string;
 
 namespace {
 
-const char kUploadURL[] = "https://clients2.google.com/cr/report";
+const char kUploadURL[] = "trk:109:https://clients2.google.com/cr/report";
 const char kCrashUploadContentType[] = "multipart/form-data";
 const char kCrashMultipartBoundary[] =
     "----**--yradnuoBgoLtrapitluMklaTelgooG--**----";
--- a/chrome/browser/ui/views/outdated_upgrade_bubble_view.cc
+++ b/chrome/browser/ui/views/outdated_upgrade_bubble_view.cc
@@ -37,7 +37,7 @@ namespace {
 
 // The URL to be used to re-install Chrome when auto-update failed for too long.
 constexpr char kDownloadChromeUrl[] =
-    "https://www.google.com/chrome/?&brand=CHWL"
+    "trk:242:https://www.google.com/chrome/?&brand=CHWL"
     "&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_medium=et";
 
 // The maximum number of ignored bubble we track in the NumLaterPerReinstall
--- a/chrome/browser/ui/webui/ntp/ntp_resource_cache.cc
+++ b/chrome/browser/ui/webui/ntp/ntp_resource_cache.cc
@@ -81,22 +81,22 @@ namespace {
 // The URL for the the Learn More page shown on incognito new tab.
 const char kLearnMoreIncognitoUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=incognito";
+    "trk:246:https://support.google.com/chromebook/?p=incognito";
 #else
-    "https://support.google.com/chrome/?p=incognito";
+    "trk:247:https://support.google.com/chrome/?p=incognito";
 #endif
 
 // The URL for the Learn More page shown on guest session new tab.
 const char kLearnMoreGuestSessionUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=chromebook_guest";
+    "trk:248:https://support.google.com/chromebook/?p=chromebook_guest";
 #else
-    "https://support.google.com/chrome/?p=ui_guest";
+    "trk:261:https://support.google.com/chrome/?p=ui_guest";
 #endif
 
 // The URL for the Learn More page shown on ephermal guest session new tab.
 const char kLearnMoreEphemeralGuestSessionUrl[] =
-    "https://support.google.com/chrome/?p=ui_guest";
+    "trk:261:https://support.google.com/chrome/?p=ui_guest";
 
 SkColor GetThemeColor(const ui::ThemeProvider& tp, int id) {
   SkColor color = tp.GetColor(id);
--- a/chrome/chrome_cleaner/components/recovery_component.cc
+++ b/chrome/chrome_cleaner/components/recovery_component.cc
@@ -37,7 +37,7 @@ namespace chrome_cleaner {
 namespace {
 
 const char kComponentDownloadUrl[] =
-    "https://clients2.google.com/service/update2/crx?response=redirect&os=win"
+    "trk:108:https://clients2.google.com/service/update2/crx?response=redirect&os=win"
     "&installsource=swreporter&x=id%3Dnpdjjkjlcidkjlamlmmdelcjbcpdjocm"
     "%26v%3D0.0.0.0%26uc&acceptformat=crx3";
 
--- a/chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc
+++ b/chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc
@@ -28,7 +28,7 @@
 namespace {
 
 // The URL where crash reports are uploaded.
-const char kReportUploadURL[] = "https://clients2.google.com/cr/report";
+const char kReportUploadURL[] = "trk:302:https://clients2.google.com/cr/report";
 
 // Whether the current process is connected to a crash handler process.
 bool g_is_connected_to_crash_handler = false;
--- a/chrome/common/extensions/chrome_extensions_client.cc
+++ b/chrome/common/extensions/chrome_extensions_client.cc
@@ -44,9 +44,9 @@ namespace {
 
 // TODO(battre): Delete the HTTP URL once the blocklist is downloaded via HTTPS.
 const char kExtensionBlocklistUrlPrefix[] =
-    "http://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:269:http://www.gstatic.com/chrome/extensions/blocklist";
 const char kExtensionBlocklistHttpsUrlPrefix[] =
-    "https://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:270:https://www.gstatic.com/chrome/extensions/blocklist";
 
 const char kThumbsWhiteListedExtension[] = "khopmbdjffemhegeeobelklnbglcdgfh";
 
--- a/chrome/installer/setup/google_chrome_behaviors.cc
+++ b/chrome/installer/setup/google_chrome_behaviors.cc
@@ -37,7 +37,7 @@ namespace installer {
 namespace {
 
 constexpr base::StringPiece16 kUninstallSurveyUrl(
-    L"https://support.google.com/chrome?p=chrome_uninstall_survey");
+    L"trk:253:https://support.google.com/chrome?p=chrome_uninstall_survey");
 
 bool NavigateToUrlWithEdge(const base::string16& url) {
   base::string16 protocol_url = L"microsoft-edge:" + url;
--- a/chromecast/browser/service/cast_service_simple.cc
+++ b/chromecast/browser/service/cast_service_simple.cc
@@ -27,7 +27,7 @@ GURL GetStartupURL() {
   const base::CommandLine::StringVector& args = command_line->GetArgs();
 
   if (args.empty())
-    return GURL("http://www.google.com/");
+    return GURL("trk:255:http://www.google.com/");
 
   GURL url(args[0]);
   if (url.is_valid() && url.has_scheme())
--- a/chromecast/crash/linux/minidump_uploader.cc
+++ b/chromecast/crash/linux/minidump_uploader.cc
@@ -40,7 +40,7 @@ namespace {
 
 const char kProductName[] = "Eureka";
 
-const char kCrashServerProduction[] = "https://clients2.google.com/cr/report";
+const char kCrashServerProduction[] = "trk:305:https://clients2.google.com/cr/report";
 
 const char kVirtualChannel[] = "virtual-channel";
 
--- a/chromeos/geolocation/simple_geolocation_provider.cc
+++ b/chromeos/geolocation/simple_geolocation_provider.cc
@@ -20,7 +20,7 @@ namespace chromeos {
 namespace {
 
 const char kDefaultGeolocationProviderUrl[] =
-    "https://www.googleapis.com/geolocation/v1/geolocate?";
+    "trk:215:https://www.googleapis.com/geolocation/v1/geolocate?";
 
 }  // namespace
 
--- a/components/cloud_devices/common/cloud_devices_urls.cc
+++ b/components/cloud_devices/common/cloud_devices_urls.cc
@@ -14,14 +14,14 @@
 namespace cloud_devices {
 
 const char kCloudPrintAuthScope[] =
-    "https://www.googleapis.com/auth/cloudprint";
+    "trk:197:https://www.googleapis.com/auth/cloudprint";
 
 namespace {
 
 // Url must not be matched by "urls" section of
 // cloud_print_app/manifest.json. If it's matched, print driver dialog will
 // open sign-in page in separate window.
-const char kCloudPrintURL[] = "https://www.google.com/cloudprint";
+const char kCloudPrintURL[] = "trk:201:https://www.google.com/cloudprint";
 
 }
 
--- a/components/drive/service/drive_api_service.cc
+++ b/components/drive/service/drive_api_service.cc
@@ -75,9 +75,9 @@ namespace drive {
 namespace {
 
 // OAuth2 scopes for Drive API.
-const char kDriveScope[] = "https://www.googleapis.com/auth/drive";
+const char kDriveScope[] = "trk:217:https://www.googleapis.com/auth/drive";
 const char kDriveAppsReadonlyScope[] =
-    "https://www.googleapis.com/auth/drive.apps.readonly";
+    "trk:218:https://www.googleapis.com/auth/drive.apps.readonly";
 const char kDriveAppsScope[] = "https://www.googleapis.com/auth/drive.apps";
 
 // Mime type to create a directory.
--- a/components/feedback/feedback_uploader.cc
+++ b/components/feedback/feedback_uploader.cc
@@ -25,7 +25,7 @@ constexpr base::FilePath::CharType kFeed
     FILE_PATH_LITERAL("Feedback Reports");
 
 constexpr char kFeedbackPostUrl[] =
-    "https://www.google.com/tools/feedback/chrome/__submit";
+    "trk:232:https://www.google.com/tools/feedback/chrome/__submit";
 
 constexpr char kProtoBufMimeType[] = "application/x-protobuf";
 
--- a/components/gcm_driver/gcm_account_tracker.cc
+++ b/components/gcm_driver/gcm_account_tracker.cc
@@ -27,9 +27,9 @@ namespace gcm {
 namespace {
 
 // Scopes needed by the OAuth2 access tokens.
-const char kGCMGroupServerScope[] = "https://www.googleapis.com/auth/gcm";
+const char kGCMGroupServerScope[] = "trk:230:https://www.googleapis.com/auth/gcm";
 const char kGCMCheckinServerScope[] =
-    "https://www.googleapis.com/auth/android_checkin";
+    "trk:231:https://www.googleapis.com/auth/android_checkin";
 // Name of the GCM account tracker for fetching access tokens.
 const char kGCMAccountTrackerName[] = "gcm_account_tracker";
 // Minimum token validity when sending to GCM groups server.
--- a/components/google/core/common/google_util.cc
+++ b/components/google/core/common/google_util.cc
@@ -140,7 +140,7 @@ bool IsGoogleSearchSubdomainUrl(const GU
 
 // Global functions -----------------------------------------------------------
 
-const char kGoogleHomepageURL[] = "https://www.google.com/";
+const char kGoogleHomepageURL[] = "trk:113:https://www.google.com/";
 
 bool HasGoogleSearchQueryParam(base::StringPiece str) {
   url::Component query(0, static_cast<int>(str.length())), key, value;
--- a/components/history/core/browser/web_history_service.cc
+++ b/components/history/core/browser/web_history_service.cc
@@ -41,13 +41,13 @@ namespace history {
 namespace {
 
 const char kHistoryOAuthScope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:138:https://www.googleapis.com/auth/chromesync";
 
 const char kHistoryQueryHistoryUrl[] =
-    "https://history.google.com/history/api/lookup?client=chrome";
+    "trk:139:https://history.google.com/history/api/lookup?client=chrome";
 
 const char kHistoryDeleteHistoryUrl[] =
-    "https://history.google.com/history/api/delete?client=chrome";
+    "trk:140:https://history.google.com/history/api/delete?client=chrome";
 
 const char kHistoryAudioHistoryUrl[] =
     "https://history.google.com/history/api/lookup?client=audio";
--- a/components/metrics/url_constants.cc
+++ b/components/metrics/url_constants.cc
@@ -7,7 +7,7 @@
 namespace metrics {
 
 const char kNewMetricsServerUrl[] =
-    "https://clientservices.googleapis.com/uma/v2";
+    "trk:265:https://clientservices.googleapis.com/uma/v2";
 
 const char kNewMetricsServerUrlInsecure[] =
     "http://clientservices.googleapis.com/uma/v2";
--- a/components/password_manager/core/browser/password_store.cc
+++ b/components/password_manager/core/browser/password_store.cc
@@ -298,10 +298,10 @@ void PasswordStore::GetLogins(const Form
   // TODO(mdm): actually delete them at some point, say M24 or so.
   base::Time cutoff;  // the null time
   if (form.scheme == PasswordForm::Scheme::kHtml &&
-      (form.signon_realm == "http://www.google.com" ||
-       form.signon_realm == "http://www.google.com/" ||
-       form.signon_realm == "https://www.google.com" ||
-       form.signon_realm == "https://www.google.com/")) {
+      (form.signon_realm == "trk:187:http://www.google.com" ||
+       form.signon_realm == "trk:188:http://www.google.com/" ||
+       form.signon_realm == "trk:189:https://www.google.com" ||
+       form.signon_realm == "trk:190:https://www.google.com/")) {
     static const base::Time::Exploded exploded_cutoff = {
         2012, 1, 0, 1, 0, 0, 0, 0};  // 00:00 Jan 1 2012
     base::Time out_time;
--- a/components/rappor/rappor_service_impl.cc
+++ b/components/rappor/rappor_service_impl.cc
@@ -32,7 +32,7 @@ const char kMimeType[] = "application/vn
 const char kRapporDailyEventHistogram[] = "Rappor.DailyEvent.IntervalType";
 
 // The rappor server's URL.
-const char kDefaultServerUrl[] = "https://clients4.google.com/rappor";
+const char kDefaultServerUrl[] = "trk:266:https://clients4.google.com/rappor";
 
 }  // namespace
 
--- a/components/safe_browsing/content/browser/client_side_detection_service.cc
+++ b/components/safe_browsing/content/browser/client_side_detection_service.cc
@@ -53,7 +53,7 @@ const int ClientSideDetectionService::kN
 const int ClientSideDetectionService::kPositiveCacheIntervalMinutes = 30;
 
 const char ClientSideDetectionService::kClientReportPhishingUrl[] =
-    "https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
+    "trk:148:https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
 
 struct ClientSideDetectionService::ClientPhishingReportInfo {
   std::unique_ptr<network::SimpleURLLoader> loader;
--- a/components/safe_search_api/safe_search/safe_search_url_checker_client.cc
+++ b/components/safe_search_api/safe_search/safe_search_url_checker_client.cc
@@ -29,7 +29,7 @@ namespace safe_search_api {
 namespace {
 
 const char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 const char kDataContentType[] = "application/x-www-form-urlencoded";
 const char kDataFormat[] = "key=%s&urls=%s";
 
--- a/components/safe_search_api/stub_url_checker.cc
+++ b/components/safe_search_api/stub_url_checker.cc
@@ -20,7 +20,7 @@ namespace safe_search_api {
 namespace {
 
 constexpr char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 
 std::string BuildResponse(bool is_porn) {
   base::DictionaryValue dict;
--- a/components/translate/core/browser/translate_url_fetcher.cc
+++ b/components/translate/core/browser/translate_url_fetcher.cc
@@ -99,6 +99,7 @@ bool TranslateURLFetcher::Request(const
   if (!extra_request_header_.empty())
     resource_request->headers.AddHeaderFromString(extra_request_header_);
 
+  fprintf(stderr, "translator: fetching something from %s\n", url_.spec().c_str());
   simple_loader_ =
       variations::CreateSimpleURLLoaderWithVariationsHeaderUnknownSignedIn(
           std::move(resource_request),
--- a/components/translate/core/common/translate_util.cc
+++ b/components/translate/core/common/translate_util.cc
@@ -20,7 +20,7 @@ const char kDetectLanguageInSubFrames[]
 
 }  // namespace
 
-const char kSecurityOrigin[] = "https://translate.googleapis.com/";
+const char kSecurityOrigin[] = "trk:220:https://translate.googleapis.com/";
 
 const base::Feature kTranslateSubFrames{"TranslateSubFrames",
                                         base::FEATURE_DISABLED_BY_DEFAULT};
--- a/components/variations/variations_url_constants.cc
+++ b/components/variations/variations_url_constants.cc
@@ -8,7 +8,7 @@ namespace variations {
 
 // Default server of Variations seed info.
 const char kDefaultServerUrl[] =
-    "https://clientservices.googleapis.com/chrome-variations/seed";
+    "trk:142:https://clientservices.googleapis.com/chrome-variations/seed";
 
 const char kDefaultInsecureServerUrl[] =
     "http://clientservices.googleapis.com/chrome-variations/seed";
--- a/content/browser/speech/speech_recognition_engine.cc
+++ b/content/browser/speech/speech_recognition_engine.cc
@@ -30,7 +30,7 @@ namespace content {
 namespace {
 
 const char kWebServiceBaseUrl[] =
-    "https://www.google.com/speech-api/full-duplex/v1";
+    "trk:184:https://www.google.com/speech-api/full-duplex/v1";
 const char kDownstreamUrl[] = "/down?";
 const char kUpstreamUrl[] = "/up?";
 
--- a/content/browser/webauth/authenticator_common.cc
+++ b/content/browser/webauth/authenticator_common.cc
@@ -167,9 +167,9 @@ base::Optional<std::string> ProcessAppId
   // special-case AppIDs. Firefox also does this:
   // https://groups.google.com/forum/#!msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ
   const GURL kGstatic1 =
-      GURL("https://www.gstatic.com/securitykey/origins.json");
+      GURL("trk:276:https://www.gstatic.com/securitykey/origins.json");
   const GURL kGstatic2 =
-      GURL("https://www.gstatic.com/securitykey/a/google.com/origins.json");
+      GURL("trk:277:https://www.gstatic.com/securitykey/a/google.com/origins.json");
   DCHECK(kGstatic1.is_valid() && kGstatic2.is_valid());
 
   if (origin.DomainIs("google.com") && !appid_url.has_ref() &&
--- a/content/shell/browser/shell_browser_main_parts.cc
+++ b/content/shell/browser/shell_browser_main_parts.cc
@@ -88,7 +88,7 @@ GURL GetStartupURL() {
 #else
   const base::CommandLine::StringVector& args = command_line->GetArgs();
   if (args.empty())
-    return GURL("https://www.google.com/");
+    return GURL("trk:183:https://www.google.com/");
 
   GURL url(args[0]);
   if (url.is_valid() && url.has_scheme())
--- a/extensions/common/extension_urls.cc
+++ b/extensions/common/extension_urls.cc
@@ -26,9 +26,9 @@ bool IsSourceFromAnExtension(const base:
 
 namespace extension_urls {
 
-const char kChromeWebstoreBaseURL[] = "https://chrome.google.com/webstore";
+const char kChromeWebstoreBaseURL[] = "trk:09:https://chrome.google.com/webstore";
 const char kChromeWebstoreUpdateURL[] =
-    "https://clients2.google.com/service/update2/crx";
+    "trk:05:https://clients2.google.com/service/update2/crx";
 
 GURL GetWebstoreLaunchURL() {
   extensions::ExtensionsClient* client = extensions::ExtensionsClient::Get();
--- a/google_apis/gaia/gaia_constants.cc
+++ b/google_apis/gaia/gaia_constants.cc
@@ -25,23 +25,23 @@ const char kSyncService[] = "chromiumsyn
 const char kRemotingService[] = "chromoting";
 
 // OAuth scopes.
-const char kOAuth1LoginScope[] = "https://www.google.com/accounts/OAuthLogin";
+const char kOAuth1LoginScope[] = "trk:181:https://www.google.com/accounts/OAuthLogin";
 const char kOAuthWrapBridgeUserInfoScope[] =
-    "https://www.googleapis.com/auth/userinfo.email";
+    "trk:101:https://www.googleapis.com/auth/userinfo.email";
 
 // Service/scope names for device management (cloud-based policy) server.
 const char kDeviceManagementServiceOAuth[] =
-    "https://www.googleapis.com/auth/chromeosdevicemanagement";
+    "trk:102:https://www.googleapis.com/auth/chromeosdevicemanagement";
 
 // OAuth2 scope for access to all Google APIs.
-const char kAnyApiOAuth2Scope[] = "https://www.googleapis.com/auth/any-api";
+const char kAnyApiOAuth2Scope[] = "trk:103:https://www.googleapis.com/auth/any-api";
 
 // OAuth2 scope for access to Chrome sync APIs
 const char kChromeSyncOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:104:https://www.googleapis.com/auth/chromesync";
 // OAuth2 scope for access to the Chrome Sync APIs for managed profiles.
 const char kChromeSyncSupervisedOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromesync_playpen";
+    "trk:105:https://www.googleapis.com/auth/chromesync_playpen";
 
 // OAuth2 scope for access to Kid Management API.
 const char kKidManagementOAuth2Scope[] =
@@ -53,16 +53,16 @@ const char kKidManagementPrivilegedOAuth
 
 // OAuth2 scope for access to Google Family Link Supervision Setup.
 const char kKidsSupervisionSetupChildOAuth2Scope[] =
-    "https://www.googleapis.com/auth/kids.supervision.setup.child";
+    "trk:262:https://www.googleapis.com/auth/kids.supervision.setup.child";
 
 // OAuth2 scope for access to Google Talk APIs (XMPP).
 const char kGoogleTalkOAuth2Scope[] =
-    "https://www.googleapis.com/auth/googletalk";
+    "trk:106:https://www.googleapis.com/auth/googletalk";
 
 const char kGoogleUserInfoEmail[] =
-    "https://www.googleapis.com/auth/userinfo.email";
+    "trk:107:https://www.googleapis.com/auth/userinfo.email";
 const char kGoogleUserInfoProfile[] =
-    "https://www.googleapis.com/auth/userinfo.profile";
+    "trk:260:https://www.googleapis.com/auth/userinfo.profile";
 
 // OAuth scope for access to the people API (read-only).
 const char kPeopleApiReadOnlyOAuth2Scope[] =
--- a/google_apis/gaia/gaia_urls.cc
+++ b/google_apis/gaia/gaia_urls.cc
@@ -23,6 +23,7 @@
 namespace {
 
 // Gaia service constants
+//adding trk: here currently crashes the program
 const char kDefaultGoogleUrl[] = "http://google.com";
 const char kDefaultGaiaUrl[] = "https://accounts.google.com";
 const char kDefaultGoogleApisBaseUrl[] = "https://www.googleapis.com";
--- a/google_apis/gcm/engine/gservices_settings.cc
+++ b/google_apis/gcm/engine/gservices_settings.cc
@@ -30,18 +30,18 @@ const char kRegistrationURLKey[] = "gcm_
 
 const int64_t kDefaultCheckinInterval = 2 * 24 * 60 * 60;  // seconds = 2 days.
 const int64_t kMinimumCheckinInterval = 12 * 60 * 60;  // seconds = 12 hours.
-const char kDefaultCheckinURL[] = "https://android.clients.google.com/checkin";
+const char kDefaultCheckinURL[] = "trk:110:https://android.clients.google.com/checkin";
 const char kDefaultMCSHostname[] = "mtalk.google.com";
 const int kDefaultMCSMainSecurePort = 5228;
 const int kDefaultMCSFallbackSecurePort = 443;
 const char kDefaultRegistrationURL[] =
-    "https://android.clients.google.com/c2dm/register3";
+    "trk:111:https://android.clients.google.com/c2dm/register3";
 // Settings that are to be deleted are marked with this prefix in checkin
 // response.
 const char kDeleteSettingPrefix[] = "delete_";
 // Settings digest starts with verison number followed by '-'.
 const char kDigestVersionPrefix[] = "1-";
-const char kMCSEnpointTemplate[] = "https://%s:%d";
+const char kMCSEnpointTemplate[] = "trk:112:https://%s:%d";
 const int kMaxSecurePort = 65535;
 
 std::string MakeMCSEndpoint(const std::string& mcs_hostname, int port) {
--- a/jingle/notifier/base/gaia_token_pre_xmpp_auth.cc
+++ b/jingle/notifier/base/gaia_token_pre_xmpp_auth.cc
@@ -33,7 +33,7 @@ class GaiaCookieMechanism : public jingl
     // These attributes are necessary for working with non-gmail gaia
     // accounts.
     const std::string NS_GOOGLE_AUTH_PROTOCOL(
-        "http://www.google.com/talk/protocol/auth");
+        "trk:179:http://www.google.com/talk/protocol/auth");
     const jingle_xmpp::QName QN_GOOGLE_ALLOW_GENERATED_JID_XMPP_LOGIN(
         NS_GOOGLE_AUTH_PROTOCOL, "allow-generated-jid");
     const jingle_xmpp::QName QN_GOOGLE_AUTH_CLIENT_USES_FULL_BIND_RESULT(
--- a/remoting/base/breakpad_mac.mm
+++ b/remoting/base/breakpad_mac.mm
@@ -52,7 +52,7 @@ void InitializeCrashReporting() {
       [breakpad_config setObject:@"21600" forKey:@BREAKPAD_REPORT_INTERVAL];
     }
     if (![breakpad_config objectForKey:@BREAKPAD_URL]) {
-      [breakpad_config setObject:@"https://clients2.google.com/cr/report"
+      [breakpad_config setObject:@"trk:310:https://clients2.google.com/cr/report"
                           forKey:@BREAKPAD_URL];
     }
 
--- a/remoting/protocol/jingle_messages.cc
+++ b/remoting/protocol/jingle_messages.cc
@@ -25,7 +25,7 @@ const char kJabberNamespace[] = "jabber:
 const char kJingleNamespace[] = "urn:xmpp:jingle:1";
 
 // Namespace for transport messages when using standard ICE.
-const char kIceTransportNamespace[] = "google:remoting:ice";
+const char kIceTransportNamespace[] = "trk:100:google:remoting:ice";
 
 const char kWebrtcTransportNamespace[] = "google:remoting:webrtc";
 
--- a/rlz/lib/lib_values.cc
+++ b/rlz/lib/lib_values.cc
@@ -41,7 +41,7 @@ const char kSetDccResponseVariable[] = "
 //
 
 const char kFinancialPingPath[] = "/tools/pso/ping";
-const char kFinancialServer[]   = "clients1.google.com";
+const char kFinancialServer[]   = "trk:443:clients1.google.com"; /* not using URLRequest! catch with cache.ir */
 const int kFinancialPort = 443;
 
 // Ping times in 100-nanosecond intervals.
--- a/third_party/libjingle_xmpp/xmpp/constants.cc
+++ b/third_party/libjingle_xmpp/xmpp/constants.cc
@@ -194,7 +194,7 @@ const StaticQName QN_SASL_TEMPORARY_AUTH
 
 // These are non-standard.
 const char NS_GOOGLE_AUTH_PROTOCOL[] =
-    "http://www.google.com/talk/protocol/auth";
+    "trk:236:http://www.google.com/talk/protocol/auth";
 const StaticQName QN_GOOGLE_AUTH_CLIENT_USES_FULL_BIND_RESULT =
     { NS_GOOGLE_AUTH_PROTOCOL, "client-uses-full-bind-result" };
 const StaticQName QN_GOOGLE_ALLOW_NON_GOOGLE_ID_XMPP_LOGIN =
@@ -338,7 +338,7 @@ const char STR_SHOW_DND[] = "dnd";
 const char STR_SHOW_XA[] = "xa";
 const char STR_SHOW_OFFLINE[] = "offline";
 
-const char NS_GOOGLE_PSTN_CONFERENCE[] = "http://www.google.com/pstn-conference";
+const char NS_GOOGLE_PSTN_CONFERENCE[] = "trk:237:http://www.google.com/pstn-conference";
 const StaticQName QN_GOOGLE_PSTN_CONFERENCE_STATUS = { NS_GOOGLE_PSTN_CONFERENCE, "status" };
 const StaticQName QN_ATTR_STATUS = { STR_EMPTY, "status" };
 
@@ -433,7 +433,7 @@ const StaticQName QN_MUC_ROLE = { NS_MUC
 const char STR_AFFILIATION_NONE[] = "none";
 const char STR_ROLE_PARTICIPANT[] = "participant";
 
-const char NS_GOOGLE_SESSION[] = "http://www.google.com/session";
+const char NS_GOOGLE_SESSION[] = "trk:238:http://www.google.com/session";
 const StaticQName QN_GOOGLE_CIRCLE_ID = { STR_EMPTY, "google-circle-id" };
 const StaticQName QN_GOOGLE_USER_ID = { STR_EMPTY, "google-user-id" };
 const StaticQName QN_GOOGLE_SESSION_BLOCKED = { NS_GOOGLE_SESSION, "blocked" };
--- a/ui/accessibility/extensions/chromevoxclassic/chromevox/background/prefs.js
+++ b/ui/accessibility/extensions/chromevoxclassic/chromevox/background/prefs.js
@@ -72,9 +72,9 @@ cvox.ChromeVoxPrefs.DEFAULT_PREFS = {
   'outputContextFirst': false,
   'position': '{}',
   'siteSpecificScriptBase':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/',
+      'trk:242:https://ssl.gstatic.com/accessibility/javascript/ext/',
   'siteSpecificScriptLoader':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
+      'trk:243:https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
   'sticky': false,
   'typingEcho': 0,
   'useIBeamCursor': cvox.ChromeVox.isMac,
--- a/ui/accessibility/extensions/chromevoxclassic/host/chrome/host.js
+++ b/ui/accessibility/extensions/chromevoxclassic/host/chrome/host.js
@@ -96,9 +96,9 @@ cvox.ChromeHost.prototype.init = functio
           (!cvox.ApiImplementation.siteSpecificScriptLoader ||
            !cvox.ApiImplementation.siteSpecificScriptBase);
       cvox.ApiImplementation.siteSpecificScriptLoader =
-          'https://ssl.gstatic.com/accessibility/javascript/ext/loader.js';
+          'trk:244:https://ssl.gstatic.com/accessibility/javascript/ext/loader.js';
       cvox.ApiImplementation.siteSpecificScriptBase =
-          'https://ssl.gstatic.com/accessibility/javascript/ext/';
+          'trk:245:https://ssl.gstatic.com/accessibility/javascript/ext/';
       if (apiPrefsChanged) {
         var searchInit = prefs['siteSpecificEnhancements'] === 'true' ?
             cvox.SearchLoader.init :
--- a/ui/views/examples/webview_example.cc
+++ b/ui/views/examples/webview_example.cc
@@ -29,7 +29,7 @@ void WebViewExample::CreateExampleView(V
   webview_->GetWebContents()->SetDelegate(this);
   container->SetLayoutManager(std::make_unique<FillLayout>());
 
-  webview_->LoadInitialURL(GURL("http://www.google.com/"));
+  webview_->LoadInitialURL(GURL("trk:174:http://www.google.com/"));
   webview_->GetWebContents()->Focus();
 }