Chrome Takes A(nother) Step Back From Privacy

Since 2008, Google’s Chrome browser has been boon for all users of the internet, but lately there have been some curious developments taking place within the Chrome browser (and Google itself).

Remember, if you will, browsing the internet in 2008.Microsoft’s Internet Explorer had around 70% of the browser market, with Firefox right around 25%. Safari and Opera combined filled out the last 5%. Stats found here.

Then, along came Google Chrome.

Chrome is based on the open-source Chromium browser. Chromium has the same basic source code as Chrome, but without some of Chromes functionality (automatic updates, Google branding, built-in flash, and user tracking).

That’s right, as you probably should have expected, Chrome has certain tracking functionality built-in. And in the past few weeks Google has stepped up the aggressiveness of their tracking.

Chrome tracks several things: installation success, how often it is used, any program crashes, and most interestingly, text typed into the Omnibox (the multi-function address and search bar) and also Google search queries. Some of this information is non-identifying, while other information is, by design, better when tied to your account. Things like past searches and browsing history make sense only when tied to your account.

And because Google doesn’t like to be straightforward, how you sign in is important. When using the Chrome browser, you can either sign into Google service (like Gmail) or you can sign into the Chrome browser itself (which will do things like sync bookmarks/history/etc.). Signing into the browser obviously has the potential to pass more data to Google’s servers – after all, the browser sees everything that you do online, not just the traffic on Google/Gmail/GDrive/etc.

Starting late last month, Google began offering a “feature” that would sign you into the Chrome browser automatically whenever you signed into any Google product. This has some pretty serious/interesting privacy implications, since once you are signed into the Chrome browser, it’s not hard to accidentally sync your browsing information.

Matthew Green, a Cryptographic Engineer, has written an excellent blog post about why this change, small though it may seem, is a pretty substantial violation of user privacy and trust.

Here are a few selected quotes from his article (do read the whole thing, though, if you use Chrome and value privacy):

In short, Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click. This is a dark pattern. Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data.

The Chrome developers claim that with “sync” off, a Chrome has no privacy implications. This might be true. But when pressed on the actual details, nobody seems quite sure.

For example, if I have my browser logged out, then I log in and turn on “sync”, does all my past (logged-out) data get pushed to Google? What happens if I’m forced to be logged in, and then subsequently turn on “sync”? Nobody can quite tell me if the data uploaded in these conditions is the same. These differences could really matter.

And to answer the people saying “why does this matter?”

One argument is that Google already spies on you via cookies and its pervasive advertising network and partnerships, so what’s the big deal if they force your browser into a logged-in state? One individual I respect described the Chrome change as “making you wear two name tags instead of one”. I think this objection is silly both on moral grounds — just because you’re violating my privacy doesn’t make it ok to add a massive new violation — but also because it’s objectively silly. Google has spent millions of dollars adding additional tracking features to both Chrome and Android. They aren’t doing this for fun; they’re doing this because it clearly produces data they want.

Although Google probably collects as much (or more) information than Facebook, they have, in general, been better stewards of that data. Even considering the recent Google+ news.

That being said, this change in Chrome seems a bit weird and heavy handed, and although I really enjoy Chrome, I’ve switched to using Firefox, Microsoft Edge, and occasionally Chromium (which doesn’t have the same sign-in feature (yet)).

If you’re one that values your privacy you may want to consider moving to a different browser for a bit.

Matthew Green’s excellent article on Chrome’s new “feature”.