More privacy in the Chrome web browser

Current reports have Google's Chrome web browser outranking the Firefox browser developed by the Mozilla Foundation [1]. Without a doubt, Chrome runs faster, but it also does large-scale eavesdropping on users. Google might provide the majority of the BSD-licensed source code as Chromium, but modifying the Chrome binary data runs afoul of its Terms of Service. The company arms the software with countless services and a search engine. Without modification, Chrome is constantly "phoning home."

This intrusion provides the company with very detailed information about users' habits that it then sells to the advertising industry. Stemming the flood of data from the browser to Google requires careful manual configuration and applying a number of add-ons and extensions.

Overview

The search engine giant published a white paper to expose the various services that contact the browser [2]. Despite the white paper's feel-good intention, the company's data undeniably leads to creating detailed user profiles. All that's needed is to merge the data.

A main element of Chrome is its so-called Omnibox – the browser's address bar that also acts as a search mask. During entry of only a few characters, Chrome contacts the Google servers or another search engine and tries to auto-complete the entry. It then conveys the IP address of the PC and various cookies to return as many relevant hits as possible. But that's not all. Right after a fresh installation, it contacts unrequested the Google website (Figure 1).

Figure 1: Without even opening a web page, Chrome has already contacted Google.

Fasting

To prevent transmission of data, you can first go to the configuration using the button with three horizontal bars at the upper right next to the Omnibox. The Settings entry opens a browser window with Show advanced settings at the very bottom. Click the link and scroll to the Privacy category, which has some defaults already set. Remove any undesirable ones by unchecking the boxes (Figure 2).

Figure 2: Google activates certain Chrome services by default that can convey plenty of data right to the company's servers.

Behind the Content settings… button lurk several additional options that determine the browser's performance. Pay special attention to the Location and Media categories. If your computer has the corresponding functionality, it's recommended to activate the Do not allow sites to access your camera and microphone option in Media . Various bugs in Chrome and the Flash Player plugin have transformed in the past the browser into a spying tool by way of a specially crafted website. Attackers could take control of the webcam and microphone and eavesdrop in the vicinity of the compromised computer without users detecting it [3] [4]. If you still want to grant certain websites access to multimedia hardware, you can always do so by clicking Manage exceptions… (Figure 3).

Figure 3: Chrome allows unsolicited access to your system's webcam and microphone under certain circumstances.

Allowing all sites to track your physical location is especially useful for snoopers when your browser has mobile hardware. Therefore, it's also recommended to disable this feature in Location and define only trusted exceptions when needed.