News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Preston Gralla's picture
Preston Gralla

Seeing Through Windows

More posts | Read bio

September 4, 2008 - 5:54 P.M.

Chrome: Google's biggest threat to your privacy

14 comments

Lost in all the hooplah about Chrome's release is a very disturbing fact: The new browser could be Google's greatest privacy invader yet. In fact, Chrome can send back the keystrokes you type into its Address Bar, even if you don't bother to hit Enter. I've got details, along with a fix.

The danger comes from one of Chrome's niftiest features, what it calls the Omnibox. The Omnibox is, in fact, the browser's Address Bar, but it has a feature that looks at what you type, and then auto-suggests sites that it thinks you're about to enter. As you type, the suggestions appear.

As you type, your text is sent back to Google, which analyzes it and makes the auto-suggestions. That's why you don't even need to press Enter for the text to head to Google.

Making matters worse is that Google has already said it will store approximately two percent of the information it gets this way, including the IP address of the computer.

Google already has tremendous amounts of information about you, including your search habits. With Chrome, matters get worse --- it can now even find out what you type, even if you don't visit a Web site. It's not at all clear at this point what Google will do with this data.

There are a few ways you can stop your information from being sent from Chrome back to Google, though. If you use a search provider other than Google, the information won't be sent. And if you don't use auto-suggest, the information won't be sent, either.

To use a different provider, or to turn off auto-suggestion, click the Tools icon, and select Options. You can then select a different search provider from the drop-down list next to Default search. To turn off auto-suggest, click Manage, and a screen like the one below appears. Uncheck the box at the bottom of the screen.

You can also use Incognito Mode, in which all your surfing remains private --- think of it as porn mode. To launch an incognito window, click the Page button and choose New incognito window. You can also press Ctrl-Shift-N.

Like this blog? Subscribe to the RSS feed!


Google Chrome Browser

Related News and Blogs

What People Are Saying

Add new comment

It's superior javascript

Submitted by Dll on March 20, 2009 - 8:22 A.M.

It's superior javascript engine isn't going to have much currency amongst the general public, and the techies don't get the plugin bells and whistles so _who_ exactly is the market?

Reply | Report this comment

Well, Chrome is GPLed and Iron is privacy

Submitted by Georgi on December 22, 2008 - 7:56 A.M.

Feel free to have a look at http://goit-postal.blogspot.com/2008/12/google-chrome-without-data-sniffing.html - a browser fork named Iron is out there and it has no “data features” included… ;-)

Reply | Report this comment

spy eye

Submitted by Oana Mondoc on September 19, 2008 - 7:18 P.M.

It gets more intense when you look at their logo. Right to the point.

Reply | Report this comment

Good writeup. I agree with

Submitted by incognito mode on September 8, 2008 - 5:08 P.M.

Good writeup. I agree with chrome being sleek. I did an evaluation of this so called "incognito mode," and the results were impressive. I even tried it with my pal a forensics expert who tried to dig up data. We couldn’t find any trace on the hard drive. Click my name to read details of the study.

Reply | Report this comment

Get a grip

Submitted by nahtass on September 5, 2008 - 1:49 P.M.

Yup, your right. Same as FFox google bar.

Oh SNAP - what about the fact that FFox and other browsers use google to verify sites. What does that mean - more or less every single site you look at google knows about through FFox. IE uses MSN.

Forget about the box, you're fine. There are too many idiots out there who will diffuse the threat (2 billion requests later you think someone is fishing our bank account out at google?)

Read the Google privacy policy - that is scary. It is only a matter of time before they release your browsing habits as public info.

The ISP's also began tracking your habits online via your IP and packets for targeted advertising - pretty cool huh? Your 5 year old will get porn now because of your "private" surfing.

One solution, GULP! - Federal regulation of the retention of search and private information. Google RIGHT NOW can change who wins the election. Who is looking out for that?

You people only know that half of it. In my work I have proof that google is involved in a number of illegal activity. Do I care? Not really.

There is so much information coming and going your are, once again, just a blip.

As evil as google IS,they produce better products than anyone else in the IT field. All I want is formal Federal regulation of the data they trade. The fed's slow them down and allow for competition.

Reply | Report this comment

I agree Google's privacy

Submitted by Max Keith Gates on June 29, 2009 - 6:55 P.M.

I agree Google's privacy Policy for Chrome can cause nightmares besides Chrome is like worst Web Browser in History.

And I don't think Google has best products in IT industry, they have only one Google Search which too was originated 10 years ago, since then nothing. Other companies has come up with several good products.

Google came in market with a slogan Don't Be Evil. Time has come to look into mirror and see Who's Evil.

Reply | Report this comment

cool technology, usability issues

Submitted by suzuki on September 5, 2008 - 11:18 A.M.

I think the outstanding features of Chrome are, by far, sandboxing and V8.

I'm O.K. with search suggestions, (after all, the search text goes to Google anyhow, no?), BUT I absolutely agree auto-complete based on personal data like history or bookmarks is a serious privacy concern, especially on shared or workplace computers.

On an intranet with convenient redirects, "search from address bar" can be annoying, so I prefer to disable it. Basically, I don't really like the Omnibox's ambiguous ("multiguous"?) functionality, much less the privacy implications.

(If you really want what's basically a text console, then implement some kind of script to make explicit requests: Maybe something like "http//blahblahblah.com", "http//myredirect", "google//my search terms", "googlelucky//my search terms", "yahoo//my search terms", etc.)

Just can't understand why browsers like Chrome and FF ship with such weak cookie control. I prefer to explicitly block or allow cookies at the domain level, (which of course raises some privacy issues of its own). Oddly, cookie management is one thing IE does right: FF still needs an add-on like "CS Lite", tho' looser handling of session cookies in FF is also worthwhile, methinks.

Incognito Chrome seems like a better, cleaner starting point than default Chrome. (Isn't it kind of crazy that there's no way to turn off history in default Chrome? Or am I missing something?) There's probably an easy way to default to Incognito(?) but how hard would it be to selectively modify Incognito to allow persistent cookies needed for desired functionality?

Reply | Report this comment

Of course you can block --

Submitted by Anonymous on September 5, 2008 - 11:55 A.M.

Of course you can block -- and allow -- cookies by domain in firefox.

Here's how: Click on "privacy" in options or preferences if you have the Mac Version.

Once there, I avoid network cookies by unchecking the "allow third party cookies." I allow session cookies and set all cookies to expire when I close Firefox _except_ for those I allow explicitly under "exceptions." That sweeps every thing else away when I close my browser. I allow every cookie on sites that require me to login each visit -- they have my info anyway so there is no point in "tossing" those cookies.

Hope this helps!

Reply | Report this comment

Oh my god

Submitted by Sarah on September 5, 2008 - 10:44 A.M.

I'm so glad I read this! Now I know to stop typing my passwords, SSN, and naughty search terms into the Omni bar! Someone at Google might see them and think "oooooooh someone typed that!!!"

Reply | Report this comment

Are you serious!

Submitted by JasonD on September 5, 2008 - 6:15 A.M.

You are telling me that you are afraid that google knows the first few letters of things that you are searching for?

Every time you submit ANY URL or SEARCH... you are sending data to some computer other than your own. How do you expect them to give you results, if they don't know what you are searching for?

It is not like they are watching the web-pages data, or what you type in note-pad.

You give more personal information to the e-mail controllers that you use. Worse than what you search for, you tell them your names, passwords, account info... It is encrypted, but they hold the key. Otherwise they can't send it to the recipient. (Unless you PGP everything.)

Seriously, they have no idea who 121.43.115.85 is. That is the IP they see... thousands of users can have that same IP, there is nothing that signifies that IP, with YOU, except the time-stamp, and your ISP, who can only confirm the account holder. (If you are in a school or business, the IP is shared, and NOTHING signifies any individual computer, that can be seen past the IP. Your HOST manages who sent what, and what you get.)

Stop crying wolf, and stop using it if you don't like it. The point is... You are searching/looking for something OUTSIDE when you type plain-text in that box. What significance does hitting "Enter" have to do with the relevance of the situation? How often are you typing "Your Name, Your SSN, Your CC Number" for a web-address or for a search, by accident?

Possibly the same amount of times that you hit "Enter" by accident, after typing that info. (Which is still NEVER. And if it was often, you are your own security risk for not paying attention. That info just got boradcast to every search engine as a search-q, and sent to thousands of DNS servers that are trying to find that website, if you were not in a search box. Those "Error-logs", are usually public, and unsecure, and indexable.)

Yes, I am sure google personally goes through billions of keystrokes of data per day, to find out what millions of searchers are typeing. There are limits, and most limits to indexing are 3-8 letters. What personal data do you have, that is that important, and is only 3-8 letters long. I hope not your passwords!

Reply | Report this comment

Related Posts

Google falls from list of most trusted companies for privacy
Mozilla VP: Google's Chrome add-on for IE is just plain wrong
Privacy group: Ban Google services like Gmail from the cloud
Google Voice: Press "1" to invade your privacy

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
Elpida inks DRAM tech, outsourcing deal with Taiwan's ProMOS
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.