Home page logo
/

interesting-people logo Interesting People mailing list archives

Quickie Privacy Analysis of Google's New "Chrome" Web Browser
From: David Farber <dave () farber net>
Date: Wed, 3 Sep 2008 05:20:18 -0400



Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: September 2, 2008 5:25:28 PM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Quickie Privacy Analysis of Google's New "Chrome" Web Browser



       Quickie Privacy Analysis of Google's New "Chrome" Web Browser

               http://lauren.vortex.com/archive/000420.html


Greetings.  Google's new "Chrome" Web browser beta
( http://www.google.com/chrome ) hasn't been generally available for
more than a few hours, and already I'm getting queries regarding its
associated privacy policy
( http://www.google.com/chrome/intl/en/privacy.html ).

So here's an "instant" quickie analysis, based solely on the info
Google has provided as linked just above.  Please note that I have
not yet looked into any possible privacy or security issues that
people have asked me about associated with "borderless" applications
(e.g. pages displayed without URL bars, etc.) -- nor do I at this
time presuppose that issues of concern exist in that area.

Cutting to the chase, it appears that -- with one exception that
I'll discuss below -- Google's Chrome (no affiliation with
"chrome.vortex.com" of course) by and large is defined to behave in
a conventional manner when it comes to handling of privacy-sensitive
data, including the provision of a "private browsing" mode similar
to that in the latest version of Internet Explorer.

In particular -- to answer the most frequently asked question --
there is no evidence that your routine Web site browsing URLs are
transmitted to Google as you traverse the Net (I'm making the quite
reasonable assumption that such data isn't somehow included in the
default sending of "usage statistics" -- for which I did not find a
precise definition).

Chrome's anti-phishing system appears to be the same well designed
Google-based mechanism -- using primarily hashed URLs -- employed by
default in Firefox 3 as well.  No problems there as far as I'm
concerned.

The only really new privacy-related aspect that may concern some
users in Google Chrome appears to be its "Google Suggest" feature
tied into the URL address bar. By default this will send information
to Google regarding the URLs that you enter directly, to enable URL
suggestion data to be returned to the browser from Google.  This
feature is somewhat similar to Firefox 3's new URL suggestion
mechanism, however Firefox's lookup system operates using only local
data in a much more limited fashion, without transmitting URL data
off of your system during the lookup phase.

So, again by default, if you entered:
"http://www.yetanothersecretsite.com"; in the Chrome URL bar, that
URL would apparently be transmitted to Google.

Whether or not this represents a problem for any given user is up to
them.  Obviously it is impossible for Google to provide a broad URL
suggestion capability without knowing what you're typing on the URL
line.  Note though that -- as described on the relevant Google
pages -- virtually all of these related features can be disabled by users
if they choose to do so.

For now, based on the information that I currently have to go on,
I'd give Google Chrome a thumbs-up from an overall privacy
standpoint, with the proviso that individual users may not wish to
accept all of the provided default privacy settings and should avail
themselves of the ability to disable (or enable) any specific
features as they feel appropriate.

My "day one" summary for Google Chrome (as Arte Johnson used to say
on "Rowan & Martin's Laugh-In"): "Very Interesting ... "

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault