Google Chrome Security
PeterWallace
Some of the information below can also be applied to other browsers also:
I made a comment about me not trusting Chrome for security reasons. One of my big concerns is how much of my data can Google see and collect? It leads me deep into Google’s r Privacy Notice ( http://www.google.com/intl/en/privacy/ ) to see what they have to say. At the writing of this Chrome’s Section was last modified October 25, 2011 and in viewing the archived versions it appears they up date it about 3 times a year since 2009.
Google does not require personally identifying information to down load the Chrome software or to use it. When you use Chrome, Google only receives “standard Log Information” which has IP Address and cookie information. Like most Web sites, Google servers automatically record the page requests made when you visit their sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser/computer.
Here is an example of a typical log entry where the search is for “security”, :
###.###.###.### – 28/Nov/2011 10:15:32 –
http://www.google.com/search?q=security –
Firefox 8.0.1; Windows NT 5.1 – 740674ce2123e969
- ###.###.###.### is the Internet Protocol address assigned to the user by the user’s ISP; depending on the user’s service, a different address may be assigned to the user by their service provider each time they connect to the Internet or it could be the same if you have a static IP address;
- 28/Nov/2011 10:15:32 is the date and time of the query;
- http://www.google.com/search?q=security is the requested URL, including the search query;
- Firefox 8.0.1; Windows NT 5.1 is the browser and operating system being used; and
- 740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).
Wow that is some information they store and they can start to match up information based on the unique cookie ID and IP Address if users don’t delete the cookies. So big deal, I’m behind a corporate firewall and there are a hundred computers on that connection but if you look at that information the cookie data will be directly related to MY machine, so they can pin it down to one machine. Ok so how long will Google keep the data for? “We (Google) strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance.” That’s a long time to keep that information.
In addition to the above information if you are using Chrome as a browser some other interesting things happen (this is just a short list of what’s happening)
- As you’re typing the address the letters that you are typing are sent to your default search engine and if the engines auto complete feature is turned on it will give you recommendations. If you have set Google to be the default they are now tracking your keystrokes.
- If you type in a bad address that is nonexistent Chrome will send that information to Google to try to suggest the correct site.
- Chrome includes Google’s Safe Browsing feature and will scan Google’s database for reports of malware or phishing and will let you know if it finds something. This is over and above any virus / malware scanning you are doing outside the browser.
- Synchronization feature – will store your bookmarks, history and chrome settings on their servers but you need to setup a Google Account to do this.
- Location Feature will send local network information to Google to try to get an estimated location of where you are located. This will look at the IP Address you are connected, signal strength of your connection and some other information.
Things you can do to limit the information sent:
- Disable Chrome’s Auto complete Feature (Under the wrench Icon, select options, under the hood tab, privacy section, deselect the “Use a prediction service to help complete searches and URLs typed in the address bar” checkbox.)
- Disable suggestions on Navigation errors (Under the wrench Icon, select options, under the hood tab, privacy section, Deselect the “Use a web service to help resolve navigation errors” checkbox to disable the feature.)
- Check the other settings that are under the privacy section to see what you think about them. One of them that comes unchecked by default is “Automatically send usage statistics and crash reports to Google “
- Disable Synchronization feature – (Under the wrench Icon, select options, personal stuff, sync section has your information)
- If the box is NOT Checked that item is disabled.
Chrome does send a lot of information but in Today’s world any server we are connecting to or through is keeping logs with as much information as they can collect so I guess I really need to look into what extensions can be run to help me control what information is “leaked” out.
