Browser

Google promises Chrome is not phoning home with your Web data

Google Chrome is good software, but Google's data policies scare many businesses. Can Google's recent reassurances about Chrome ease IT's fears?

Despite the fact that I really like the Google Chrome Web browser, I gave up using it last month around the same I gave up Coke Zero. I gave up Coke Zero simply because of the caffeine. My reason for giving up Chrome was a little more complicated.

Chrome is a terrific Web browser, maybe even the best browser available. It's secure. It's fast. It's simple to configure and use. And, it makes very efficient use of screen real estate. In February, Chrome was the only one of the top five Web browsers to gain market share, and it did it at the expense of Internet Explorer, Firefox, Safari, and Opera. While it's still only about 5% of the market and is a distant third behind IE and Firefox, Chrome has lots of momentum.

I've never had a problem with Chrome itself, but I've become more and more wary about trusting Google with my data. Those feelings of mistrust intensified recently when the company released Google Buzz, as I explained in my article Why Google Buzz confirmed our two worst fears about Google.

Google's haphazard attitude toward data privacy was my biggest concern, and it made me want to limit to amount of data I gave to Google. Since I was already doing most of my Web searches through Google.com and handling most of my personal email through Gmail, I decided to avoid the Chrome Web browser and the Android smartphone platform.

If Google had all four of those platforms then it would have had a near-complete digital footprint of my online activities. Limiting it to two seemed wise. I was especially concerned with Chrome saving and storing my entire Web browsing history and sending it back to Google.

However, for people like me -- along with concerned IT leaders and technology professionals -- Google recently published a YouTube video (see below) explaining Google's privacy approach in Chrome. In this video Google says, "Using Chrome doesn't mean sharing any more information with Google than using any other browser."

As simple as this statement may sound, it has important implications for the future of both Chrome and of Google itself. Chrome needed the statement because power users needed the reassurance that Google wasn't going to use Chrome to further mine our data and manipulate it in ways that we never intended or consented to.

The statement is also important for Google in general because the company wants to make inroads with businesses (see the recent announcement of Google Apps Marketplace) and businesses and IT departments need to have a much stronger level of trust and confidence in Google's privacy and security policies.

I applaud Google for making this statement, and I also intend to hold Google to its promise by occasionally running scans to make sure Chrome really isn't "phoning home" to the mothership with any of my data.

Because Google is sitting on one of the largest collections of human information on the planet, the company still needs to become even more transparent and make similar statements about its policies for:

  • Ensuring its data centers are secure from attackers, both internal and external
  • Locking down user data so that Google employees cannot violate user privacy
  • Anonymizing data so that usability and UX information is not tied to specific users

That's the kind of stuff Google needs to share if it wants to win over the enterprise.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

96 comments
jjustice
jjustice

95% of computing users want computers to act like the one on Star Trek. The only way to do this is for computers to have a lot of personal data on your tastes and habits. What are you trying to keep private and why? What is you think will happen? Why do you think you have privacy now?

jfreedle2
jfreedle2

Google needs to collect NO information about usage except for information about how their servers perform. They have NO business collect ANY other information.

pinsard
pinsard

I also don't trust Google a bit, so I decided to install Safari. Safari uses the same WebKit engine (btw, it is developed by Apple) that Chrome uses, and Safari also does very good use of screen real estate. I changed my default search engine for Yahoo!'s and can't tell if I lost anything. Sure results are a bit different, by who knows if now I can reach otherwise unreachable content? Just because Google is a huge search engine doesn't mean that they will present what I want. After all, Google's business is information manipulation, or is it?

kgunnIT
kgunnIT

Well, I guess *IF* Google is taking and storing personal data, then they oughta know everything about me by now. I am a proud Chrome user, a proud Android phone user, and look forward to the release of Chrome OS. Do I trust Google? About the same I trust Apple and Microsoft. Is it worth the worry? For me, no. I like having everything in sync with the cloud. I can switch between computers and platforms and have all of my bookmarks and browsing history move with me. Sure, that's available in firefox through Mozilla Weave, but for me, Firefox has slowed down a lot. Chrome is a fast browser. It loads faster with multiple tabs open than firefox with a single tab. I also like that each tab is it's own process, so if one tab stops responding, the entire browser isn't rendered useless. The reality is Google understands cloud computing and that users like me like to have everything in sync for better mobility.

krishna@LifeBoatFoods.com
krishna@LifeBoatFoods.com

I tried Chrome for a few weeks and liked it for its lean simplicity and performance was generally good (previously using Firefox 3.5 - which had become extremely slow and felt top heavy). I set Chrome as the default web browser. What was shocking to me was when I wanted to use some screen capture add-ons in Firefox, Firefox would no longer even run. period. My suspicion is that Chrome hijacked and disabled Firefox from any function at all (probably not possible with IExplorer). Not UNTIL I set Internet Explorer as the default browser, downloaded Firefox 3.6 and installed it. Now Firefox is running again, and I'm currently not planning to use Chrome again, despite its good performance. I regard what happened in this instance with Firefox, as something I "never intended or consented to."

senaa
senaa

I tried Chrome browser a few months ago and stopped using it for exactly the same reasons you stated in your article. I no longer trust Google with any information for reasons that are complicated. Regarding Google's promise, I've heard that line before; and it turned out to be just so much b.s. I am founder of a Native American nonprofit org that was involved in stopping Peabody Coal and the BIA from forcibly removing a group of Navajo from their homes in order to get to a vein of coal beneath their homesteads. That was between 1998 and 2001. Because of our loud opposition, we came under the watchful eye of the NSA, FBI, CIA, and other federal agencies. Even though covert wire tapping was illegal and Washington promised us that it could not be done without a warrant or without our knowledge, our phones were still tapped and our e-mail messages intercepted. One of the agencies also made a concerted effort to hack our computers and put Trojans, Worms, and viruses on them directly. Fortunately, my firewall and other apps warned of the hack attempts and blocked them all. When they could not hack into our computers, they then tried to divert our Internet connection, and did so until I phoned the ISP and they did tests that revealed that the connection was being physically diverted. So much for promises. I no longer believe any promises made by anyone who has access to any information or files on my computer. Chrome and Google fall into that category. I especially am suspicious of someone who has already violated my trust and then promises they won't do it again, which is essentially what Google is doing. They tried to violate our trust when they automatically implemented Buzz, only giving us the option to turn it off AFTER they had already used it to gather all our contacts and other info from our gmail accounts. No thanks. I can live without Chrome--or Google, for that matter. Google is also, little by little, configuring YouTube videos so they do not work correctly if their Flash cookies--including its own global settings LSO to replace the user-configured LSO--are not placed on the user's machine. Until about two weeks ago, around the time publicity about LSOs and how to manage them began to circulate anew, YouTube videos played correctly even after deleting the LSOs. Now the full-screen function doesn't work quite correctly unless YouTube's replacement global settings LSO is allowed to replace the user's version. (I have my global settings LSO set as "read only" so other sites cannot delete, change, or overwrite it. YouTube doesn't like that.) So much for Google and honesty.

melekali
melekali

...changes its privacy policy to a reputable one from a shady one, they will never have my trust and I will never use their browser or just about anything else other than their search, and I am actively looking for other search engines because their privacy policy is driving me to do so. When everyone else gets on board, Google will go out of business or change their privacy policy.

benwal91
benwal91

I use Google Chrome most of the time. But I'm just about to leave google due to their so called "Awesome, secure" spam filter, I'm getting spammed 24/7. (Thanks CareerBuilder, and some other sites.)

Ocie3
Ocie3

Quote: [i]"'Using Chrome doesn't mean sharing any more information with Google than using any other browser.'"[/i] On the face of it, that is true, but what Google ignores is that its subsidiary, DoubleClick, engages in behavioral tracking and targeted advertising. It ordinarily succeeds at that because it is ordinarily necessary to allow web sites to use JavaScript in order to obtain most, if not all, of the content. Google Chrome does not have a feature that allows the user to manage, for each and every web site, which JavaScript (if any) the browser will render. So the activities of DoubleClick will not be frustrated. In comparison, the Firefox NoScript extension is designed for that purpose and it is quite useful to help protect the user's privacy and to make browsing safer. Google is also all about advertising and I doubt that we will ever see a Chrome feature that enables us to protect our computer systems from potentially loading third-party advertising content that contains malicious JavaScript, which the Firefox AdBlock+ extension allows us to do. When I read your previous blog entry about the dustup over GMail and Buzz, I checked Google's privacy policy and the Opt-out option(s). Unlike previous visits, I found that the Opt-Out button was disabled. Also, the statements on that page were remarkably different than what I had read before. Personally, I do not believe much of any thing that Google declares with regard to its respect for privacy (it doesn't seem to me to actually have any), and with regard to safety (their profit-seeking will take precedence over the security of my computer system). For searching, I recommend Scroogle. As to anonymized data, I recommend that you read the following article and those to which it links - The NY Times, "How Privacy Vanishes Online" by Steve Lohr (March 16, 2010): http://www.nytimes.com/2010/03/17/technology/17privacy.html?th&emc=th

john3347
john3347

I fail to understand why this clandestine "information harvesting" on the part of Google is just now getting its much deserved public attention. Hints and evidence of such activities were exposed long before Google became so big and powerful that "Google" became a verb.

amfventures
amfventures

Good post - I like the four platforms, however we create and consume content via screens (aka the 6 screens of life) these being cinema, TV, PC, airplane/ car, mobile and ipod. The digital data that can be gained from these varies, however most of the data can be collected from one - the mobile and depending on where you live it may be the only one. Personally less worried about what they know, more interested in how unfair the barter is for my data. I get free search. I would like to see a lot more for giving up my privacy. Tony Fish www.mydigitalfootprint.com

us000483
us000483

While I trust the present mgmt of Google, God help us when someone else acquires all their massive resources, or the shadow gov't we have takes arbitrary action to demand (under color of terror 'protection') that trove of info.

TechPro34yrs.
TechPro34yrs.

To wjaspers, how do you think the new fake-ya out AV anti-virus, Internet Security, Anti-virus 2009,2010 are being implemented on computers and causing infections? Through the browser-Ads. There are backdoors on any software. Attacking someone's character or knowledge isn't cool to begin with. You don't know me nor have you met me.

v941726
v941726

i cant believe you think chrome is so wonderful! whats so good about it? the best available? guess their advertising dollars are big here

Deejay54
Deejay54

If you decide to uninstall Crome, it doesn't exactly put your settings back the way the were before. I had to do some registry edits to get IE to launch the appropriate programs after a Crome uninstall.

tinaaltamura
tinaaltamura

Do you really trust MS or Firefox or anyone else any more than Google? If you're concerned about Google using browsing history for ads, you must know that MS just purchased Yahoo, so watch out for them! At least Google is being up front with this. And, I've been using Chrome for a couple of months and have had only great experiences with it.

TechPro34yrs.
TechPro34yrs.

In Chrome "Options" there is a section called "Under the hood" uncheck the box "To not send usage stats" back to the mothership/Google H.Q. And yes, I too will not put up with any company grabbing my computer usage or my personal data. Congress should implement iron clad laws to prevent any on-line company, business or organization to gather any data, period!! And everyone wonders why there is so much I.D. thief.

wjaspers
wjaspers

So many still don't understand what Google really is. Yes, Chrome collects browsing data--BUT! You HAVE CONTROL OVER IT. Since Google wants information about usage and to tailor your search results based on browsing history the default permissions allow Chrome to aggregate this data AWAY from your PERSONAL information. As much as I feel Google is the NSA (National Security Agency), I still commend their efforts to provide effective privacy controls to those who want it. Like Facebook, google's privacy tools are a little buried--BUT they're there!! P.S. IF you're paranoid about what chrome is reporting, change the browser's settings. Not to mention, try using an application like Wireshark to peer into your network traffic. Not to mention, but I'm using Chrome to make this post!

fjabbie
fjabbie

To think that one can use the internet and not have their personal data collected by any of the browsers used in foolish and juvenile. I suppose we can and should we weary of personal privacy going online and using services that are provided by all these major companies and web browsers out there IE, Chrome, Firefox, Safari, and Opera, or search engines Google Search, Bing. Theses browsers are here to serve us better as users, and if we scream about privacy at every moment we get, then we shouldn?t bother using them at all. Browsers rendering of data and efficiency of getting accurate searches are kudos to data collected from what we do. It is a double edge sword, and we should voice our opinion off course, but we also need to understand the benefits and simplicity creating these ubiquitous environment provides us as users. I personally didn't like that Google Buzz used all my contacts in my address book and added them to Buzz without my permission. Created settings and people I followed that I didn't care to follow. Microsoft did the same thing with its Messenger Live; all the default security Permissions where set to public and all of a sudden am getting stranger asking to be my friend or adding me to MSN Messenger. Strange! I changed all the settings to private or limited them to people on my immediate network, it is a hassle but I figured I also have to play my part as a responsible user when I chose to download and install these browsers. Bottoms line is, if you don't want much of your private information to be used by IE, Chrome, Firefox, Safari, and Opera, or search engines Google Search, Bing, DON'T USE THEM AT ALL. If you choose to do so, trust yourself to limit what information you want to share by changing privacy settings to be more restrictive. And remember at the end of the day, they have businesses to run and will capitalized on any data to generate revenue, and for Government use if and when needed. Welcome to the world of Capitalism, we love it don't we!

miko
miko

If you trust Google, I have some great oceanfront property here in East Texas I will sell you

l_creech
l_creech

Google's privacy policy isn't the only issue with Chrome. Look at it's install path, simply not acceptable in a domain environment. In Win7 the path is "C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe" While I like the speed of Chrome, I'm simply not willing to give my users rights to run apps from non-standard paths. When Google wakes up and installs to the proper Program Files or Program Files (x86) directories I'll look at them again. In the meantime, Firefox works very well and can be configured easily.

Skeetre
Skeetre

I'm glad to hear of others who are skeptical about Google's dedication to personal privacy (ours, not theirs) and are willing to forego Google at as many levels as possible. For myself, I use Google only through Scroogle (https://ssl.scroogle.org), Gmail (only one account which sees very little activity) and Google directly only when I need to conduct a specialized search (a single website, for example). Even then, I use a VPN so that my IP address and other information is withheld from Google. Anyway...Jason, you mention that you "also intend to hold Google to its promise by occasionally running scans to make sure Chrome really isn?t 'phoning home' to the mothership with any of [your] data." Would you be willing to tell us what program(s) you use and how you use it to do this? I, too, would like to be able to monitor applications for the same reason. Thank you.

DJL2
DJL2

Timely article. I just installed Opera this morning for the very same reason :) Latest Opera version looks really good...super fast, plus no more ads on the free version. Or I might just go back to Firefox.

Sirgwain
Sirgwain

Yeah, and I'll believe THAT when I see pigs fly!Is that why Google is in league with the FBI and other government intelligence organizations as they collect every search you do and record them? For those of you who say they don't do that, get your heads out of the sand. As for me , I WILL NEVER use any product from Google, not even their search engine.

NickNielsen
NickNielsen

I have a Gmail account. That's all that Google has right now. Or at least all they're willing to tell me...

JCitizen
JCitizen

On the first page of a typical Google search; I can't find anything using the other search engines. I can occasionally use Bing and find enough code words to switch back to Google and finally compete the search, but that is about it. Google saves time and effort, I just don't have time for the others.

JCitizen
JCitizen

I'm more interested in obfuscation of my persona against criminals and the government. The government already knows more about me than my family. I just do it for the principal of the thing. The less they have legal access to the better. I suspect it will eventually become something in the next line in the bill of rights.

jmbrasfield
jmbrasfield

I had a similar experience with Chrome hi-jacking my web browsers and not playing nice with the others. Uninstalled it after less than one day for that reason. What I have read since about Google and privacy concerns makes me glad I did. Now I need to find a new search provider, and it ain't gonna' be Bing and for the same reasons. Who to trust? No one! How sad we have become.

wjaspers
wjaspers

I agree "There are backdoors on any software"--but I think you're misinterpreting the issue. These aren't backdoors, they're security flaws that can be exploited. I apologize if I'm being harsh, but I'd really like to see the air cleared about technological problems. Anyway... I'm off topic. This entire article is about Google's Chrome product, not the exploits that can befuddle the web.

pgit
pgit

"Congress should implement iron clad laws to prevent any on-line company, business or organization to gather any data, period!!" Congress doesn't stop any bad behavior, not in any realm it touches. It merely shifts liabilities and injects lawyers to enforce it's artificially created "reality" on a given situation...

wjaspers
wjaspers

You're a CIO and you think our web browsers are the reason Identity theft is a growing problem??! I'm absolutely stunned. If you don't mind me asking, WHERE are you a CIO?? The browser you use can contribute to it, but given the specific topic at hand, Chrome has virtually NOTHING to do with identity theft. Not to mention that most ID theft requires physical access (including paper records), remote control of a machine, or a trojan horse. Yes, browsing suggestions and whatnot utilize AJAX which is an HTTP (non-secured) protocol, but I have NEVER seen a Google product transmit personally identifiable data through an unsecured channel. And no, Congress should NOT implement iron clad laws to prevent companies from gathering data or the purpose of the internet dies. I agree that personally identifiable data should and shall not be shared--but aggregating keywords/phrases/urls and whatnot is mission critical to providing effective services online. If ever privacy law reaches the federal level, it should only deal specifically with personally identifiable information--and shall not reach outside the boundaries of the methods in which data is collected. PERIOD.

jollyollyman_87
jollyollyman_87

Tastes like Chrome, smells like Chrome, none of the scary stuff (they list it on their site). It's weird, but I'd rather trust a company I hadn't really heard of (SRWare) with a bit of my browsing activity (if they collect it, which they say they don't, I can't see it in the source if they do) than a big company like Google.

fairportfan
fairportfan

...that, too. Based on some personal experiments some time ago, i am Very Cautious about using software that installs in such a non-standard manner.

g0dFather
g0dFather

...WOW! I hadn't realized that. Thanks for the find 88Fan. I'm still with Firefox myself.

quantumstring42
quantumstring42

First, I do not use Chrome, simply not impressed with it. I only use Google searches and have 1 GMail account and that is just for junk. Just use a packet sniffer and be done with it (assuming that Chrome's phone home is not encrypted). If it's using SSL you can still see the payload but you need more than just a packet sniffer.

blair.howze
blair.howze

Have any of you tried SRware Iron? It is a supposedly privacy-enabled version of Chrome. I am playing with it now and getting used to it. It has everything *I* need, but I don't spend a lot of time playing around online. Search, read, solve, leave.

NickNielsen
NickNielsen

aren't [u]much[/u] more susceptible to government pressure, you are sorely deluded. And if you browse the web, even here on TR, you are indirectly using a Google product: Google Analytics. This screen shot is the NoScript dialog for this discussion thread: http://i111.photobucket.com/albums/n152/nnielsen/NoScript.jpg. Note the highlighted area. I'm running Firefox with NoScript, and don't even worry about Google, or anybody else, for that matter, collecting data. If the script can't run, they can't collect.

jasonhiner
jasonhiner

That's one of the things that ultimately makes Firefox superior, its extensibility allows for tools like NoScript and other great add-ons. Of course, the challenge is that some add-ons can lead to performance and security problems.

Deadly Ernest
Deadly Ernest

The Bill of Tights and everyone will be required to wear tights from then on.

JCitizen
JCitizen

Yes and they make sure and write any law so only a lawyer can read it, much less understand it. Even the lawyers can't agree what the law really says. And congress happily passes laws they can't understand or don't really know what is in it too! :(

Ocie3
Ocie3

I would say that you need to forbid QuantServe and forbid revsci.net as well.

NickNielsen
NickNielsen

The only add-ons I'm running right now that are active during page loads are NoScript and AdBlock Plus. All the rest are on-demand add-ons for download assistance, link verification, clearing browser tracks, etc.

JCitizen
JCitizen

:^0 :^0 And Robbing Hood and his merry band of men will go skipping off into the forest! =)

NickNielsen
NickNielsen

I like to visit that will not render properly in FF without Quantserve. I could block Quantserve and do the temporarily enable thing, but I'm lazy that way. Go figure. revsci.net is the same as google-analytics: not allowed. It still appears in the dialog because I haven't marked it as untrusted yet. Up in that "Untrusted" collection are doubleclick, atdmt, adserve, and many others.

dogknees
dogknees

My sentiments exactly. The information I choose to share (by putting it online) is open to public access, and I couldn't care less. I don't particularly care what others know about me because I don't care what their opinions are. The people who know me know who I am and their's is the only opinion that matters to me. While I know other people don't agree, that is their choice with consequences for them to deal with. They should not assume everyone wants the same as they do any more than I should expect others to want the same as me. If you don't like what's hapenning to you, do something about it. Note, "doing something" does not mean whining on this or any other site, it means taking some direct action yourself to secure your own information. If you can't be bothered, then you deserve what you get.

Editor's Picks