The Google Chrome Blog

Chrome Resources – themes, plugins, new, tips, tricks and more


« New Screenshots of Google’s Chrome OS
Delicious in Google Chrome »

Is Google Chrome Privacy Worse Than We Think

Update: Google has stated that they are working on a change to their system which will anonymize all data collected from their suggestion services (including Chrome) after 24 hours. This is exactly the sort of thing I was hoping for. Good job Google!
Update: Maybe Google’s new privacy policy isn’t good enough after all.

A friend of mine let me in on some info about Google’s secret Chrome project about 6 months ago but I didn’t get to actually try it till yesterday. I’m pretty impressed with some of their new innovative features like independent processes for tabs, compiled javascript, and the incognito mode.

But then I realized something huge. If you use Google Chrome, Google will know every URL you type into the location bar. More than that, they will know (almost) every partial URL you type into the location bar. More than that, they will know every word or phrase you type into the location bar, even if you type it and then delete it before pressing enter. More than that, all this information can be linked with your main Google account, because Google sends your cookie along with every automatic search it performs from the location bar. Chrome will use the cookie of whatever Google account you are currently logged into.

No other browser that I know of uses an automatic search/suggest feature in the location bar. The location bar is where you type the address of the site you want to navigate to. Firefox uses a suggest feature in the search bar. It makes sense to do it there. Google.com now has auto suggest on their homepage. It makes sense there too. Now it makes sense to also have it in the location bar in terms of a nice helpful feature. But in terms of privacy I think this is a new low. I think Google should, at the least, not be sending your cookie out with these searches. But even then they could be connected to you by IP.

Don’t believe me? Go download the Wireshark packet sniffer and do some tests for yourself.

Now to be fair it seems they don’t auto suggest once you’ve typed “http://” but who actually types that anymore? There are also some timing issues, if you type really quickly and hit enter the auto suggest may not be attempted.

I’m sure there’s a team of Google data mining engineers somewhere who are giddy as shit about having all this information once Chrome becomes more widespread.

Update: Google responded to a CNET story about this issue regarding their data retention policy:

A Google representative told CNET News that the company plans to store about 2 percent of that data–and plans to store it along with the Internet Protocol address of the computer that typed it.

Update: As Rushi Vishavadia points out, the data will be sent to whatever search engine you set in the options. Of course it will default to Google but if you were to change it to Yahoo or MSN they would be receiving this data instead of Google.

Here’s an example of what Chrome is sending to Google while I’m typing the URL www.whatismyip.com into the location bar:

GET /complete/search?client=chrome&output=chrome&hl=en-US&q=ww HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.what HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.c HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.co HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.com HTTP/1.1

Here’s an example when I’m typing the search query “how to cheat on taxes” into the location bar:

GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+t HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+c HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+tax HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+taxe HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+taxes HTTP/1.1

Even if I never pressed enter to submit the above search to Google, they would still have this data and be able to link it to my account.

I should point out this feature can be disabled by going to Options -> Manage -> Uncheck “Use a suggestion …”



Yorumlar (0)    Posted in Tips & Tricks    

Subscribe RSS 2.0 feed. Leave a response, or Trackback from your own site.






Leave a Reply