• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Goodbye, Chrome: Google’s web browser has become spy software

CyberPanda

Banned
Chrome lets tracker cookies follow you all over the web. The Post's Geoffrey A. Fowler imagines how that might feel in real life. (James Pace-Cornsilk, Geoffrey A. Fowler/The Washington Post)

You open your browser to look at the Web. Do you know who is looking back at you?

Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web.

This was made possible by the Web’s biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software.

Lately I’ve been investigating the secret life of my data, running experiments to see what technology really gets up to under the cover of privacy policies that nobody reads. It turns out, having the world’s biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop.

It made me decide to ditch Chrome for a new version of nonprofit Mozilla’s Firefox, which has default privacy protections. Switching involved less inconvenience than you might imagine.


My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker “cookies” that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality.

Chrome welcomed trackers even at websites you would think would be private. I watched Aetna and the Federal Student Aid website set cookies for Facebook and Google. They surreptitiously told the data giants every time I pulled up the insurance and loan service’s log-in pages.

And that’s not the half of it.

Look in the upper right corner of your Chrome browser. See a picture or a name in the circle? If so, you’re logged in to the browser, and Google might be tapping into your Web activity to target ads. Don’t recall signing in? I didn’t, either. Chrome recently started doing that automatically when you use Gmail.

Chrome is even sneakier on your phone. If you use Android, Chrome sends Google your location every time you conduct a search. (If you turn off location sharing it still sends your coordinates out, just with less accuracy.)

Firefox isn’t perfect — it still defaults searches to Google and permits some other tracking. But it doesn’t share browsing data with Mozilla, which isn’t in the data-collection business.

At a minimum, Web snooping can be annoying. Cookies are how a pair of pants you look at in one site end up following you around in ads elsewhere. More fundamentally, your Web history — like the color of your underpants — ain’t nobody’s business but your own. Letting anyone collect that data leaves it ripe for abuse by bullies, spies and hackers.

Google’s product managers told me in an interview that Chrome prioritizes privacy choices and controls, and they’re working on new ones for cookies. But they also said they have to get the right balance with a “healthy Web ecosystem” (read: ad business).

Firefox’s product managers told me they don’t see privacy as an “option” relegated to controls. They’ve launched a war on surveillance, starting this month with “enhanced tracking protection” that blocks nosy cookies by default on new Firefox installations. But to succeed, first Firefox has to persuade people to care enough to overcome the inertia of switching.

It’s a tale of two browsers — and the diverging interests of the companies that make them.

The Firefox Web browser, seen here on a Mac, gives users the option to sign in to sync bookmarks and login information, but doesn't send browsing data to maker Mozilla. (Geoffrey Fowler/The Washington Post)

The cookie fight

A decade ago, Chrome and Firefox were taking on Microsoft’s lumbering giant Internet Explorer. The upstart Chrome solved real problems for consumers, making the Web safer and faster. Today it dominates more than half the market.

Lately, however, many of us have realized that our privacy is also a major concern on the Web — and Chrome’s interests no longer always seem aligned with our own.

That’s most visible in the fight over cookies. These code snippets can do helpful things, like remembering the contents of your shopping cart. But now many cookies belong to data companies, which use them to tag your browser so they can follow your path like crumbs in the proverbial forest.

They’re everywhere — one study found third-party tracking cookies on 92 percent of websites. The Washington Post website has about 40 tracker cookies, average for a news site, which the company said in a statement are used to deliver better-targeted ads and track ad performance.


You’ll also find them on sites without ads: Both Aetna and the FSA service said the cookies on their sites help measure their own external marketing campaigns.

The blame for this mess belongs to the entire advertising, publishing and tech industries. But what responsibility does a browser have in protecting us from code that isn’t doing much more than spying?

To see what cookies Firefox has blocked for a Web page, tap the shield icon, then "Blocking Tracker Cookies" to pull up a list. (Geoffrey Fowler/The Washington Post)
In 2015, Mozilla debuted a version of Firefox that included anti-tracking tech, turned on only in its “private” browsing mode. After years of testing and tweaking, that’s what it activated this month on all websites. This isn’t about blocking ads — those still come through. Rather, Firefox is parsing cookies to decide which ones to keep for critical site functions and which ones to block for spying.

Apple’s Safari browser, used on iPhones, also began applying “intelligent tracking protection” to cookies in 2017, using an algorithm to decide which ones were bad.

Chrome, so far, remains open to all cookies by default. Last month, Google announced a new effort to force third-party cookies to better self-identify, and said we can expect new controls for them after it rolls out. But it wouldn’t offer a timeline or say whether it would default to stopping trackers.

I’m not holding my breath. Google itself, through its Doubleclick and other ad businesses, is the No. 1 cookie maker — the Mrs. Fields of the Web. It’s hard to imagine Chrome ever cutting off Google’s moneymaker.

“Cookies play a role in user privacy, but a narrow focus on cookies obscures the broader privacy discussion because it’s just one way in which users can be tracked across sites,” said Ben Galbraith, Chrome’s director of product management. “This is a complex problem, and simple, blunt cookie blocking solutions force tracking into more opaque practices.”

There are other tracking techniques — and the privacy arms race will get harder. But saying things are too complicated is also a way of not doing anything.

“Our viewpoint is to deal with the biggest problem first, but anticipate where the ecosystem will shift and work on protecting against those things as well,” said Peter Dolanjski, Firefox’s product lead.

Both Google and Mozilla said they’re working on fighting “fingerprinting,” a way to sniff out other markers in your computer. Firefox is already testing its capabilities and plans to activate them soon.

Google CEO Sundar Pichai, pictured at the company's 2019 I/O conference, led product management of the Chrome browser earlier in his career. (Jeff Chiu/AP)

Making the switch

Choosing a browser is no longer just about speed and convenience — it’s also about data defaults.

It’s true that Google usually obtains consent before gathering data, and offers a lot of knobs you can adjust to opt out of tracking and targeted advertising. But its controls often feel like a shell game that results in us sharing more personal data.

I felt hoodwinked when Google quietly began signing Gmail users into Chrome last fall. Google says the Chrome shift didn’t cause anybody’s browsing history to be “synced” unless they specifically opted in — but I found mine was being sent to Google and don’t recall ever asking for extra surveillance. (You can turn off the Gmail auto-login by searching “Gmail” in Chrome settings and switching off “Allow Chrome sign-in.”)

After the sign-in shift, Johns Hopkins associate professor Matthew Green made waves in the computer science world when he blogged he was done with Chrome. “I lost faith,” he told me. “It only takes a few tiny changes to make it very privacy unfriendly.”

When you use Chrome, signing into Gmail automatically logs in the browser to your Google account. When “sync” is also on, Google receives your browsing history. (Geoffrey Fowler/The Washington Post)
There are ways to defang Chrome, which is much more complicated than just using “Incognito Mode.” But it’s much easier to switch to a browser not owned by an advertising company.

Like Green, I’ve chosen Firefox, which works across phones, tablets, PCs and Macs. Apple’s Safari is also a good option on Macs, iPhones and iPads, and the niche Brave browser goes even further in trying to jam the ad-tech industry.

What does switching to Firefox cost you? It’s free, and downloading a different browser is much simpler than changing phones.

In 2017, Mozilla launched a new version of Firefox called Quantum that made it considerably faster. In my tests, it has felt almost as fast as Chrome, though benchmark tests have found it can be slower in some contexts. Firefox says it’s better about managing memory if you use lots and lots of tabs.

Switching means you’ll have to move your bookmarks, and Firefox offers tools to help. Shifting passwords is easy if you use a password manager. And most browser add-ons are available, though it’s possible you won’t find your favorite.

Mozilla has challenges to overcome. Among privacy advocates, the nonprofit is known for caution. It took a year longer than Apple to make cookie blocking a default.

And as a nonprofit, it earns money when people make searches in the browser and click on ads — which means its biggest source of income is Google. Mozilla’s chief executive says the company is exploring new paid privacy services to diversify its income.

Its biggest risk is that Firefox might someday run out of steam in its battle with the Chrome behemoth. Even though it’s the No. 2 desktop browser, with about 10 percent of the market, major sites could decide to drop support, leaving Firefox scrambling.

If you care about privacy, let’s hope for another David and Goliath outcome.

 

somerset

Member
Browsers are all going the same way. And it's hard to fight back. The web methods are now very advanced, and the idea of using a basic browser no longer works. We need the insanely complex code machines, and within these giant code bases every kind of abuse can be unleashed.

Look at all the world wide prosecutions of users who connected to various illegal 'dark web' sites using Tor. Tor needed to be, and *is* compromised by mechanisms built into all major browsers that spy on your machine and can either broadcast that info to statist listening sites, or use signature methods to feed back data about a user's machine to compromised Tor nodes.

The breaking of Tor security is a service literally offered to every government on the planet- 'good' and 'bad'. And Google did this. And Mozilla did this.

And, of course, when the NSA and GCHQ backdoor tricks hit wider awareness amongst the cyber criminals, the 'nothing to fear' nonsense mantra is exposed for the sh-t it always was as criminals exploit all those purposeful exploits in the browsers offered by MS, Apple, Google, Mozilla etc.

Today, the statist filth want to watch each keystroke in real time- it's as close to *mindreading* as one could hope for. So every browser has this facility, and any NSA compromised tab or site can watch and record your browser keystrokes and mouse movements and desktop image.

The worse it gets, the worse it gets. The scum at Google HQ etc get the big bucks for thinking up the next wave of abuse, and the circle simply turns all the faster. Most people only feel the noose tighten when ad companies exploit the new methods- but the ad abuse is but a side-effect.

At this time, securing an online computer is possibly *impossible*, and this applies to governmental systems as well. The madness in opening the gates of hell is search of the perfect orwellian situation.
 

pr0cs

Member
It's still difficult to understand the negatives in all this. They're going to send ads to me regardless, that's basically how the internet works now. Am I worse off that the ads are at least somewhat relevant to me than if I was anonymous and of zero relevance to me? I'm not convinced.
If time goes on and your digital signature starts ending up in places different where you started (you were reading on a particular topic which then causes a company or entity to consider you a threat or even worse an enemy) then I'll agree that it is a real issue.. The potential may be there but so far the lions share of cookies are so innocuous that it's hard for me to give two shits about them.

If I'm going to complain about chrome it will be that it's fantastic at bringing my devices (mobile and pc) to its knees by using a retarded amount of memory and resources.
 

longdi

Banned
I dont get this article
I tried to disable cookies, but a lot of sites wont work properly, not gmail not neogaf.
So does other browsers do it safer?
 

juliotendo

Member
Google makes money selling ads and playing with your private information. That is their bread and butter. They don’t make money doing anything else.

That’s why I don’t see them as a tech company but more of just an advanced ad company.

Nothing they do should surprise you. They have no other means of generating money.
 
Last edited:
S

SLoWMoTIoN

Unconfirmed Member
Using your android phone means they know everything about you already though.
 

DS_Joost

Member
Joke's on them. I've been using Vivaldi for years now and I am never going back to that POS.

Yes I am aware Vivaldi uses Chromium. Don't care. It's a better browser by miles and miles.
 

StreetsofBeige

Gold Member
Don't care if browsers use my surfing for cookie tracking, ads and whatnot. Better to see relevant ads than random ads.

Maybe one day I'll try a new browser. Chrome is fine. But my Win 10 new laptop occasionally crashes when watching too many YT clips requiring a reboot. Not sure why, but I think it's Chrome related, not Windows.

As for Firefox, I used it way back probably 10 years ago. Ditched it as it became slow as fuck. It's like it morphed from am easy and fast IE substitute to a bloated mess. Like everything Google, Chrome is fast and the overall shell is simple.

For some reason, other tech makers can jam all kinds of shit into your stuff. The worst was the old Yahoo home pages before Google took off. Hey man, I just want to search for stuff...... not have every pixel promoting News, Sports, Ads, Community Pages, Classified Ads and other shit bogging down the page.
 

eddie4

Genuinely Generous
New Chromium based Edge is better Chrome, since it removes a lot of crap Google puts.

Opened the same two tabs in Chrome and Edge..... fuck off chrome.
 

Dontero

Banned
I would avoid Mozzila though. They have shown that they care about politics of people who use them. They banned Dissenter addon for no reason just because developers behind mozzila addons feature didn't like it.

Either way future is either Dissenter browser or something else. I personally wait for Dissenter to launch android browser and full proper synchro and i am out of firefox.
 

#Phonepunk#

Banned
That’s interesting. I do work where I have to look at things on various browsers and Chrome is my main mostly cos the dev tools are so good. Funny enough most of the devs use it as well.

A bit hard to tell if this is a serious deal or not. Feels like a journalist maybe just whipping up a story maybe not. Cookies aren’t inherently a danger nor do they really have much data in them. If this is a real thing I’m sure I’ll hear about it at work
 
Last edited:

Makariel

Member
I would avoid Mozzila though. They have shown that they care about politics of people who use them. They banned Dissenter addon for no reason just because developers behind mozzila addons feature didn't like it.
Literally never heard of that add-on, what does it do? Many add-ons have been removed during one update or another, sure it was not just a case of "not been updated to fit the new version"?. The amount of times I had to re-install adblock are beyond my ability to count (so more than 5 times).
 

Dontero

Banned
Literally never heard of that add-on, what does it do? Many add-ons have been removed during one update or another, sure it was not just a case of "not been updated to fit the new version"?. The amount of times I had to re-install adblock are beyond my ability to count (so more than 5 times).

Dissenter is addon which gives every website comment section. As long as there is url there will be ability to comment. So this gives you ability to comment on everything regardless of site owner wants or rules. If someone doesn't want comments on articles ? Too bad. You can even comment forum pages or singular posts.

It basically adds icon to your addons which displays amount of comments in number on icon and once you click it it pops out comment sections which you can read and add comments.

And no it wasn't removed because it developer didn't update it. It was removed because Mozzila addons mods didn't like it and gave no reason for removal. Obviously there is plenty of shovelware addons there they don't care about.
 

Makariel

Member
Dissenter is addon which gives every website comment section. As long as there is url there will be ability to comment. So this gives you ability to comment on everything regardless of site owner wants or rules. If someone doesn't want comments on articles ? Too bad. You can even comment forum pages or singular posts.

It basically adds icon to your addons which displays amount of comments in number on icon and once you click it it pops out comment sections which you can read and add comments.

And no it wasn't removed because it developer didn't update it. It was removed because Mozzila addons mods didn't like it and gave no reason for removal. Obviously there is plenty of shovelware addons there they don't care about.
I guess there was a certain intention in calling it "Dissenter" and not "Commenter" then? Could REEEE users comment over GAF with that? Could I spread my socialist propaganda on the republican party website?

As I said, never heard of it, hence not sure what I'm missing.
 
Epic are quite serious about privacy, so much so they don't allow you to change from their default (crappy) search engine. Try them!
Like mentioned, with fingerprinting and whatnot, doesn't matter what browser you use or whether you're behind 7 proxies or not, your usage habits and system settings are going to identify you. Immediate threat is relevant ads (and brands) that might be a little intrusive. Future threat could be a record of your behaviour i.e. social credit system, who knows.
 

Tako Ou

Banned
That’s interesting. I do work where I have to look at things on various browsers and Chrome is my main mostly cos the dev tools are so good. Funny enough most of the devs use it as well.
All chromium based browser have the same dev tools.
Chromium (raw as it is) is a good alternative to Chrome if you do not mind the non-automatic update, it's the same thing without the Chrome layer that collect all sorts of data.
Brave is also a good alternative and my personal favorite.
Opera is also a chromium based browser. Tested GX recently, didn't like it.
 

Fbh

Member
Stuff like this and all the talk about Google possibly taking stepts to block adblockers on Chrome made me give go and give Firefox (which I hadn't used in like 10 years) a chance. And I have to say the switch has been rather painless so far.

I'm not noticing any big changes in performance or speed, it has a good selection of extensions and all the general features I need.

I'll also go an see how their mobile browser works
 

PSlayer

Member
If you're a complete newbie and just want to improve your privacy and have a better control of what info this companies have on you without having to tinker too much with the settings,do this:

1) Install Firefox
2) On Firefox, install these 4 extensions:

-uBlock origin
-Private badger
-Decentraleyes
-HTTPS Everywhere.

3) if you have one or more google accounts, log in on each of these account and go to this page:
https://myactivity.google.com/

From this link you can see pretty much everything google has about you.You can delete that information and even set up you account so google stop storing future information. Here is a basic tutorial of how to manage your account.
https://helpdeskgeek.com/how-to/delete-personal-activity-information-collected-by-google/

Again this is for those who simply want to improve their privacy without going too far with the thinkering.
 
Last edited:
Top Bottom