Beware: Chromium-based Browsers Save Download Origin URL for Files

Are you aware that Chromium-based browsers like Google Chrome, Chromium, Opera, etc, save the URL of origin for all downloaded files on Windows 10 and Linux? By using this information, you will be able to quickly retrieve the source URL from where you have downloaded your files. Also, you might be unhappy to learn this if you have to share your PC with other users.

Google Chrome Default Incognito Theme

Find Origin URL of Downloaded Files in Windows

NTFS, the default file system of modern Windows versions, supports storing multiple streams of data under one file unit. The default (unnamed) stream of a file represents the contents of the file visible in the associated app when you double-click it in File Explorer. When a program opens a file stored on NTFS, it always opens the unnamed stream unless its developer has explicitly coded a different behavior. Besides it, files can have named streams.

When you download a file with a Chromium-based browser, it adds an alternative data stream to it that contains the full download URL (a direct link) to the file until you unblock it. Also, it stores a referrer page that allows you to see from which web page exactly you downloaded the file.

To Find Origin URL For File Downloaded with Chromium-based browser,

Tip: Here's how to tweak your PC to ensure top performance for a specific type of task, be it gaming, document work or something else.

  1. Open PowerShell at your downloads folder. You can do this by opening the folder in Explorer and then typing powershell.exe in the address bar. It will directly open it at that folder's path.
  2. Execute the following command: Get-Content "file name" -Stream Zone.Identifier.
  3. Substitute the "file name" with the actual file you have downloaded and not unblocked yet.Windows 10 Read Alternative Stream Contents 3

As you can see, Chrome adds two lines, ReferrerURL and HostURL to the alternative NTFS stream, so anyone who has access to your PC can quickly find where you downloaded your files from.

Once you unblock the file, this information will be removed.

Note: If you have enabled this Group Policy setting "Do not preserve zone information in file attachments" or used Winaero Tweaker to enable the tweak "Disable downloaded files from being blocked in Explorer" then the origin URL will not be stored inside the file.

Find Origin URL of Downloaded Files in Linux

Linux can be installed on a variety of file systems. Today's de-facto standard is the Ext4 FS. While it doesn't support alternative streams, it supports a special data structure called "inode". Inode stores various information about a file, including its read, write, execute permissions, ownership, file type, file size, and many other. An inode is automatically assigned to any file when it is created.

On Linux, Chromium-based browsers store the ReferrerURL and HostURL values to inode, so it is always accessible. You cannot unblock the downloaded file like you can in Windows 10. I am sure that plenty of newcomers on Linux are not aware about this feature, so they will be surprised.

To Find Origin URL of Downloaded File in Linux,

  1. Open your terminal emulator app. Any app is suitable.
  2. Type the command getfattr -d "file name".
  3. Substitute the "file name" portion with the actual path to the file you want to check.Linux Download Origin Url Getfattr

It is worth mentioning that on Linux, the described behavior is not exclusive to Chromium-based browsers. The popular console downloader, wget, can also save file origin information.

To remove this information under Linux, you need to execute the following commands:

$ setfattr -x user.xdg.origin.url "filename"
$ setfattr -x user.xdg.referrer.url "filename"

Linux Remove Download Origin URL

Personally, I find this feature useful. It will help you retrieve the source URL without you having to store it individually for each file. However, some folks may find it destructive for their privacy. Keep this in mind when you deal with sensitive data. For a PC which undergoes forensic checks, such information will reveal a lot.

That's it.

Driver Updater

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.