How to use a prediction service to load pages more quickly?
Chrome offers a "prediction service" for faster page loading. It might load some links on a page before you even click on them:
Use a prediction service to load pages more quickly: Browsers use an IP address to load a webpage. When you visit a webpage, Chrome can look up the IP addresses of all the page's links and load the ones you might navigate to next. If you turn this setting on, websites and any embedded content that are pre-loaded may set and read their own cookies as if you had visited them, even if you don't.
The option is in advanced > privacy > Use a prediction service to load pages more quickly
How vulnerable is it to attacks? Let's say someone sends me a link using Facebook Messenger or Twitter, or on other websites. If this setting is on (which is on by default!) then will Chrome open that link?
Will my IP address get leaked because of this? Maybe opening up my browser to even worse attacks and identity leaks?
I just don't understand how this can not be a major security flaw, am I missing something? Is there any protection against these types of attacks in this service if I leave it on?
You want to know how to use a prediction service to load pages more quickly, you must understand that there is no code execution vulnerability. Put simply, the bottleneck for any well designed site is the network, so prefetching the data for links reduces the impact that network performance has on actually accessing those links. In essence, what these services do is preload the data into the browser's cache so that you don't have to download it over the network when you follow the link. This is fundamentally no different from manually downloading a copy of a web page using a tool like cURL or wget, no rendering work is being done, and no javascript is being processed.
- There are, however, a couple of other risks with this:
- From an outside perspective, without proper correlation, this looks like you're actually following all those links.
- Your external IP address gets leaked to any systems you happen to connect to.
- Your bandwidth utilisation will look different from how it otherwise would.
The first is not likely to be a serious issue unless you are living under a totalitarian regime or frequent shady (but not necessarily illegal) sites. The second is not likely to be an issue (if you are using IPv4, you're almost certainly behind at least one NAT router anyway, and even if you aren't or are using IPv6, there is almost certainly still a firewall between you and the internet). The third is not likely to be an issue at all, but may affect how your ISP handles your connection.