September 3, 2008

Dennis Kempin's Blog

Dennis Kempin

Google Chrome Privacy (Update #2)

I had many discussions this day about the privacy policy of google chrome. The most arguments against chromes privacy policy are:

  • The unique application number allows google to track me
  • The auto completion sends every URL to google
  • The  Phishing service sends every visited site to google
  • The updater searches for your e-mail address and sends it to google

Well that’s a lot of stuff. But when you take a closer look at chromium most of these “arguments” expose as exaggerated. More details:

The unique application number

Sounds scary, but this number is only used during update checks. Chrome does not send this number with any other requests. Many programs that use automatic update checks use some kind of unique id to identify each program installation. Firefox does too.

This feature (the Automated Update Service) also sends Potentially Personal Information to Mozilla in the form of a cookie named “aus” that contains a unique numeric value to distinguish individual Firefox installs. Mozilla uses this information to provide you with updated versions of Firefox and to understand the usage patterns of Firefox users.

I pointed out the location of the application number in the registry here, but that the location was wrong, since it was part of the installer, not the updater. I am sorry for this. But there is a much simpler solution below.

Association with your IP (Update #2)

The unique application number is worthless on its own, since it does not contain any private information. But google could use the update check to associate your application number with your IP-address. This mapping alone is worthless too but when combined with existing information databases such as search logs or website statistics this whould make it possible to determine the application number behind these IPs.

But I personally don’t think that this information would lead to statistically relevant data. Since dynamic IP addresses are common practice it will be hard to determine the time frame in which the IP-to-application-number-mapping is valid. The updater checks for updates about once a day, it does not try to update on chrome start-up. That means that google could see once a day which application number this IP is using. But it cannot be sure if the IP address is used by any other consumer half an hour later. Small and imprecise statistics are not worth anything, so i doubt that google will try to use these informations.

Solution

Well since this is not a Chrome, but a google updater problem the easiest solution is to uninstall google chrome, and install it again using the offline installer which does not contain the updater.

Auto completion via google.com

Well for some people this is a nice feature. But this implies that everything you type into the address bar is sent to google.com. Gladly you can deactivate this feature in the Search Engine Options Menu. Some people say that Chrome will continue sending you address bar entries (german), but I have not observed any auto complete packages after deactivating the feature.

The anti-phishing service

The  anti-phishing service uses the same technique as Firefox3. It frequently downloads a list of potential dangerous sites and checks your visited sites against this list. When you visit a potential dangerous site the Browser sends a request to google which contains a hashed value of the visited website. This ensures that the website is really listed, because your local list may be outdated. Using a hash value leaves no possibility for google to get any private information about your visited sites.

The updater and mail-addresses (Updated)

Some people have observed their mail address transferred to google (german). I wanted to test that for myself and the only thing that was transferred via my googleupdater service is my application id. I cannot confirm the transfer of private data over the google updater, but it still remains suspicious.

Digging into the code and talking with some chromium developer, the most obvious reason for this is that the users declared their address as feedback address. There is not indication for Chrome searching for your mail address and sending it back to google.

What remains? And how do I get rid of that?

You may want to look at my next blog post, which describes how to configure chrome to be silent.

Sources: Chromium Source Code
Google Chrome privacy policy
Google Chrome communication

Additionaly I watched the traffic using wireshark, to see what chrome is sending back to google.

by Dennis at1:04 PM under chrome, google, privacy, various (Comments)


Google Chrome - first experiences and benchmark

I just downloaded Google Chrome and I am pretty amazed by the fast and lean user interface. Use the Read the rest of this entry » to see my experiences with the User Interface, some Javascript performance tests and the examination of the privacy policy.

User Interface

It starts up nearly immediately, while Opera and Firefox take some seconds to be usable. Google has designed its interface to be as much invisible as possible. And thats what it is, it does not disrupt the work flow in the browser. Bookmarking is one click, downloading is one click, and using the address bar it searches your the content of previously visited sites.

New Tabs have an Opera-like start page, but extended to contain bookmarks and search engines besides the most visited sites.

This is in my opinion the user interface a browser should have. It does not get annoying with any stupid questions, and everything is within one-click reach.

Performance

I don’t feel much differences between displaying common, static html pages. Using Webkit, chromes rendering is pretty fast, but well Opera and Firefox are fast too. But there are remarkably advantages in Javascript performance. I took the SunSpider JavaScript Benchmark and these are the overall results (On my 1.6GHz centrino, in performance mode):

  • Opera: 10294.8ms
  • Firefox3: 7432.8ms
  • Chrome: 4545.8ms

Well chrome is leading the Benchmark, even though its still in Beta phase. When it comes to Flash the performance of Flash Chrome seems to be a bit slower. I have not taken a test but some animations on youtube.com seem to be a bit slower than on Firefox/Opera.

Security

Well its hard to test security, but i think that Chrome has some nice concepts integrated to increase the overall browser security. Another very important thing is, that if one Webseite crashes due to bad Flash oder Javascript all other tabs remain,  since every tab has its own process.

The incognito mode is also a nice security add on, which allows you to surf in an extra browser window without leaving any trace. Of course this is not new, there are several plugins for Firefox which do the same.

Privacy Policy

Well Google has a bad reputation when it comes to privacy. So many User are doubtful using a product from google which will contain that much private information. I had a look at the Privacy Policy. Google explains what Information is send back to Google using Chrome.

When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for. If you choose to share usage statistics with Google and you accept a suggested query or URL, Google Chrome will send that information to Google as well.

Well for many people that seems scary. But i think this can be a nice feature since you find more just by typing in your address bar. Since this could be used to create protocols of your visited sites (It could be used, I don’t think google will do that, but that’s something  everyone should decide on his own) you can deactivate that feature.

Google Chrome’s SafeBrowsing feature periodically contacts Google’s servers to download the most recent list of known phishing and malware sites. In addition, when you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site’s URL so that we can send more information about the risky URL. Google cannot determine the real URL you are visiting from this information.

The same technique is used by Firefox3, and there is, in my opinion, no possibility for google to threaten your privacy using SafeBrowsing.

Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates.

Well thats somehow scary. Google can identify you by the unique application number. Its hard to tell what information this application number contains. Many update systems use a similar concept and the application numbers mostly contain computer specific values that are hashed. Since no private information is send using this application number this should be harmless.

But to be sure we need to wait for the source code. I doubt that Google has build in any privacy flaw since the browser is release as opensource so it could be forked and modified in any way.

Conclusion

Well thats my first experience using Chrome, I really like the clean and easy interface. The performance is great and i don’t see my privacy hurt in any way. But well you should not forget that this is a beta product. It is not that stable as other browsers. There are some minor rendering flaws and the browser may hang for 1 or 2 seconds from time to time.

Thanks Google for this fresh air Browser.

Appendix: Paranoia

There are many people who spread the rumor that Google Chrome

  1. Sends your Mail-Address to google using the googleupdater
  2. Sends completion requests even if completion has been deactivated
I got curious and watched the outgoing packages for myself. These are my results
  1. The updater sends a request with the application number as parameter. No private information. 
  2. When search engine completion is deactivated chrome does not send any completion requests.
  3. Google even lets you select the search engine to use for these features. 
So please get rid of this google-paranoia thing, its getting really annoying. 
One more thing: People using Firefox should not complain about the Application Number:
“This feature also sends Potentially Personal Information to Mozilla
in the form of a cookie named “aus” that contains a unique numeric
value to distinguish individual Firefox installs.”

by Dennis at9:17 AM under benchmark, chrome, google, privacy, review, various (Comments)