Slashdot Mirror
Microsoft Claims Google Chrome Steals Your Privacy
An anonymous reader writes "Microsoft is going on the offensive against Google, accusing the search giant of creating a browser that does not respect user privacy. The company posted a video, embedded below, on TechNet Edge with the following description: 'Watch a demo on how Google Chrome collects every keystroke you make and how Internet Explorer 8 keeps your information private through two address bars and In Private browsing.' Microsoft's first criticism is Chrome's combining the address bar and the search box into a single entry box; IE8 keeps those fields separate. 'By keeping these boxes separate, your privacy is better protected and the addresses of the sites you're visiting aren't automatically shared with Microsoft, or anyone else,' says IE product manager Pete LePage."
Pete LePage is spot on with this. The privacy intrusion by Chrome is outstanding. Every key you type to the address bar is sent to Google. Your Chrome installation has an personal UI number to track where you downloaded Chrome from, wherever you use it and how you use it.
I am still surprised how many people (even here on our geeky slashdot group who should know better) choose something based on it being offered for free, no matter what happens to their privacy. The same people who complain about casual people using Facebook and how much information they're putting there, and not realizing how much privacy they are losing by using Google's free products and search engine.
It's a known fact that every software needs to be funded in some way. Personally I rather choose a paid solution where I know my privacy wont be lost and I can save documents, emails, etc on my own hard drive instead of relying on cloud computing and all the marketing and privacy intrusion to make it possible. After all Google is a marketing company while Microsoft is an software company. The fact they're doing business by selling me a product instead of whoring to advertisers kind of shows that.
Even if Chrome -was- violating your privacy, why switch to IE? Especially when there is Firefox... Myself I don't like using Chrome because it is not customizable the way Firefox is. You can't even change history settings on Chrome!
Taxation is legalized theft, no more, no less.
Google wants to know everything you do. from the user opinions i've read about the Nexus One it sounds like Google is doing the same thing there. Along with Google Wave. they want to know everything you type in and keep a record of it
"By keeping these boxes separate, your privacy is better protected"
Umm, the boxes are all controlled by the same program, so whether or not there is physical separation between them (does that have any meaning in a user interface?) has nothing to do with whether or not the data is collected or not.
This guy is a product manager?
Did you not read TFA at all ? You can not only choose which search provider to use the search suggestions, you can also turn off search suggestions in chrome !!
The unfortunate thing here is that when it comes to google, they really don't have much else.
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
Meh!
I don't care. I know the deal with Google. Everyone knows the deal with Google - they mine your data so they can target ads, you get useful software.
I don't mind Google's targeted ads so I feel no need for a tinfoil hat over this one.
If Google were trying to break into my bank account, I'd be worried, but I don't fear non-obtrusive advertising.
Has anyone ever tried to implment the Microsoft privacy policy? Here is one guy who did.
I use Chrome under Linux simply because the fonts look beautiful. I also never type stuff into the address bar - that's what all my bookmarks are for. When I actually am looking for something I use, tada, Google anyway. I am fully connected to a whole wack of Google services so I'm sure they know everything I do. So what. Google is benevolent and any information that could actually be used against you will be gathered anyway by someone with the motivation and resources no matter what browser you use. Now if I get a shiver up my spine I go into the tools menu and choose: "Incognito Window" and for every keystroke being entered into the address bar you can turn that off as well by turning off the suggestion service. So, if you don't use it correctly when privacy matters to you then there are privacy concerns. If you change the convenient settings the privacy concerns go away. Harping on Chrome for its suggestion features is a straw-man, if you want to talk real privacy issues then you talk about Cloud services themselves and laws about whether or not warrants are needed for them and also under privacy you talk about how easily compromised the browser is to leak your information. The address bar and suggestion services are just cross-camp sniping: they are easily changed to what you value if you have half a brain cell. Marketing.
Shh.
Gosh, who knew.
Entia non sunt multiplicanda praeter necessitatem.
All of these settings are hidden in the advanced settings dialog
Bullshit. The search provider option is right on the first options tab. The search suggestions option is at the very top on the last tab (there are only 3 tabs), under the big blue "Privacy" label. Don't damage your own case by exaggerating the facts.
Chrome actually has a bunch of fine-grain privacy controls they added in the last release.
http://www.google.com/chrome/intl/en/more/privacy.html
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
As somebody who personally knows people working on Chrome, I can assure you that data mining was not the goal of Chrome. Most engineers at Google are sincerely trying to make the Web a better place. That this actually helps Google is just a bonus for them.
If a joke is told and no one gets it, does it WHOOSH?
This post contains no rudeness or derision of any kind. All arguments are friendly. Terms and exclusions may apply.
I've read the title of the summary, and dismissed it as an especially smelly load of swine shit. Every browser has it's own issues, and the user should be familiar with them. Yeah, all the browsers tend to keep records that are unnecessary. All the browsers tend to report data that is unnecessary, to websites, to developers, to the authors, if left on default settings.
But, for MICROSOFT to point fingers is just preposterous.
Maybe they can try again in 10 years, after they've created a clearly superior browser. I mean, CLEARLY superior to anything else on the market. When those of us who really dislike and/or hate microsoft HAVE to admit that their browser is at least as good as any of the competition, THEN MS can find fault with the competition.
Wait - did I say "10 years"? Hmmmmmm. More than likely, browsers will be obsolete before Microsoft makes the browser that is clearly superior to any competition that can be found.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
What's so hard to understand about this problem? Most users want to use suggestions only for their searches, not URLs they enter. Chrome only allows toggling suggestions for both.
To add to that, what is to stop a software vendor (MS) from simply gathering the information typed into ANY field in a browser. Whether they are in a combo field or not is irrelevant. What a ridiculous argument.
Just when you think you've seen everything from Microsoft they go and outdo themselves. They really are a bunch of obnoxious motherfuckers, who wouldn't know quality or taste if it slapped them in their monkey-dancing faces.
... and then they built the supercollider.
Unless you go to Preferences->Advanced and turn off the appropriate option in the Privacy category.
/. didn't see that option? I saw only a comment or two mentioning that.
Or am I missing something major here? Is it possible that most people on
All of these settings are hidden in the advanced settings dialog
They aren't hidden, they're quite visible. 3 clicks show you them.
Earlier that day at Microsoft...
"Hey Pete, we can't get the combined search and address bar to work properly"
"Hmm. Ok, don't worry, we'll just spin it as a security feature".
The question of whether a computer can think is no more interesting than the question of whether a submarine can swim.
At least on the OS X version...
Preferences -> Under the Hood -> Uncheck "Use a suggestion service to help complete searches and URLs typed in the address bar"
So Chrome is a keylogger. Most of the new commercial stuff probably is. Nobody seems to care enough to do some deep checking...
For justice, we must go to Don Corleone
They (M$) do collect this information locally if you have form auto-completion. But they don't send anywhere, unlike google.
It's useless. Most Slashdotters have their heads so far up Google's ass, nothing you say will reach their ears. This is a company that indexes everything forever, including your email and IM conversations. It gets praised as some "open source company" when its main product--its search engine and advertising platform--is as closed as Windows. It only uses open source products to get people onto its proprietary advertising platform.
That's not true, if they wanted to keep it anonymous, they wouldn't send session cookie with each request. Yet they do. Session id is not required for auto-suggestions.
Once again they don't just receive everything you type in address bar, they also associate it with your session.
You can un-check the option to use the auto-completion suggestion service for anything you type in the omnibox. Its under Options->Under the hood. At least, that's the case for the latest beta releases. I just started using Chrome and have only used the latest beta software, which is extremely stable.
actually as someone who has researched this , Microsoft are actually correct, and Google are the bad guys here, sorry to break it to you, but whats the difference between a company worth $billions and $slightly less Billions, so exactly why do you trust Google more than Microsoft, did Ms rob your house last and torture your kitten, I see nothing but sheep here at slashdot, i fear google far more than MS,IBM or Apple (last one open to debate). time for a new search engine as that's all they really do and it been crap since 2002.btw i do respect there stance on China
You mean via the same mechanism where you type information into 'Bing', and then 'Bing' responds with your search results?
Most people don't type in 100 character URL's (I don't know of any) they either have it bookmarked, or they search for it via, you guess it, the search engine like Google, Bing, or whatnot.
That's a fine, legitimate argument. It becomes bullshit when you start suggesting that the options are "hidden in the advanced settings dialog" instead of just right there in the options menu. I'm just protesting the exaggeration.
Dude, if it's in an "Options" dialog we already know that 90% of users will not bother to touch it.
Also, while the first options tab controls *who* you send every single keystroke to, it isn't until you go to the "Under the Hood" tab that you can actually turn the feature off. So don't give me this "but but it isn't an advanced setting" crap just because the tab isn't named "Advanced".
how many users you think are going to check those just to know their privacy isn't violated?
All of them that are that anal about their privacy will.
Most of us, frankly, don't care if Google knows what addresses we've been putting into the address bar. It's not that big a deal. I could see terrorists or industrial spies not wanting to use chrome, but really, for most people this is not the kind of "privacy issue" that has them concerned. I use Google exclusively for my searches, so what difference is the address bar going to make? Get a grip, I and most others already trust them with far greater than the address bar, it is a non-issue.
Now, if you want to argue that Google should not be trusted, I'm all ears. So far they've done right by me and everybody else though, so you'd better have something pretty damning to make me change my mind.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
They (M$) do collect this information locally if you have form auto-completion
Yes, and my MS Outlook 2007 collects my emails and stores them locally too! Bastards!
If you want to use Chrome without Google spying on you then use SRWare Iron instead. This page details the major differences between the two Chromium sourced browsers: http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php Download SRWare Iron here: http://www.srware.net/en/software_srware_iron_download.php
All of these settings are hidden in the advanced settings dialog
They aren't hidden, they're quite visible. 3 clicks show you them.
I seem to recall it is 4 clicks to disable UAC in Windows, but remember how much of a stink that put up when it came out? It's all about the DEFAULT behaviour of a program that determines the software company's evil or not evil motives.
So then what is a good browser? I do value privacy so I don't use Chrome (I figure google can have either my search history or web browsing history but not both, and adblock for Chrome really sucks). I hate ads so I don't use Opera (the adblock solution also sucks). I don't care about bloat, but I do care about speed, and firefox is the slowest of the main browsers I use (I do not use IE8). The four things I care about are security, ad-blocking, speed, and privacy. It looks like this is another case of "choose 3 out of 4".
Well, Firefox's default behavior is to serve up your keystrokes to google as well, so I think the main point is that all three browsers' defaults aren't privacy friendly.
I've never tried Google Chrome, but now I never will unless they take this "feature" out.
They've already given you the option to disable it, good night.
Don't you do your searches with Google? You can't tell me you use Bing... This is trivial compared to your search history.
You also trust your ISP with everything you do on the net, I don't see you disconnecting your internet for that "invasion" of your privacy.
Seriously, you people need to get a grip. There isn't one person in ten thousand who's address bar history is so important that they'd actually care to dig it up and link it to you directly. You just aren't that important. The only reason Google uses it at all is to target unobtrusive advertisements at you - which makes ads less annoying and more relevant to you anyway.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Yeah, lots of engineers want to make the world a better place in some way.
They are paid by people with money in order to make them more of it. The "bonus" for the workers is that they keep their jobs.
...any claim about protecting privacy from the one company that has been the direct or indirect cause of so much private data being lost or compromised is really rich. I'd have to think that it's a red herring, really, to divert attention away from the privacy/security problems IE 6/7/8, Windows XP/Vista/7 have already....
Assuming you didn't just pull that "90%" figure out of your ass, who cares? They obviously don't, and it's not my privacy they're dicking with. Besides, it's not like Google and every other search engine out there doesn't already store and analyze search queries (indexed by IP address). Is it that big a problem that Google or Bing or whatever knows what you are about to search for before you hit the enter key?
How is Microsoft's response here not them trying desperately to spin their way past the latest Pwn2Own results from CanSecWest? Safari, Firefox and IE8 all went down pretty quickly. Chrome wasn't even attempted. Nobody there had a way to take it down. Money was left on the table.
( http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 )
Microsoft's response?
First claim that Windows 7 isn't really meant to prevent you from hacking into it.
( http://www.computerworld.com/s/article/9174309/Microsoft_defends_Windows_7_security_after_Pwn2Own_hacks )
Then try to convince people Chrome is somehow worse.
Seem's like that makes your choice to either accept that a company like Google knows what information you're looking for [turn off the option, heck even use a different browser. I'm sure they can figure it out anyway.] or letting random anyhacker access ALL the data on your system.
I'll take option A thanks.
Who cares? I think everyones missing the real reason Chrome fails and that's it's sole purpose is to entice people away from firefox and adblock+ I can control what I see in my browser, Google should know better than anyone that once this kind of Genie is out of it's bottle there's no putting it back in.
What a lame attempt, microsoft ...
1) - If you use explorer, you are using windows. The chances of someone exploiting your browser and getting access to all your files is 90%
- You can use Chrome in Mac or GNU/Linux. Both Chrome and your OS keep your data secure
2) - I have the source code for Chrome (Chromium) and I can study it, make sure it's safe, or change whatever I want. Also, I know the community has reviewed it, and the company is not trying to hid anything behind a binary
- I don't have the source of explorer, and microsoft has a huge history of phoning home and spying on users
3 - Chrome is standards compliant, so there's no vendor tie-in. If I find something I don't like, I can move on to another browser
- Explorer is platform specific, and non compliant with standards. That means, if I develop anything for it, it'll probably be incompatible with other browsers and moving away will be hard.
Sorry microsoft, Google published the source code for their browser, it's well developed, multi-platform, they'll take my patches and if they are good implement them on their source, and they are open and transparent about everything the browser does. They are doing all the right things, and I just love this browser.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Use SRWare's Iron.
It's google Chrome without the reporting bits (and actually with newer rendering java, so it's actually faster).
It's screamingly fast, and emulates IE-dedicated pages (including nasties like MS Webmail) far better than Firefox. I love it.
-Styopa
This is some rather lame marketing by Microsoft because Chrome's user experience with one magic box for address and search is so spot on and IE's dual boxes seems so lame and dated. Particularly in Windows, it is just as easy to get at keystroke messages for all windows as it is to get them in one, you can go in your main message loop:
while (GetMessage(msg)) {
if( msg.something == WM_KEYDOWN)
log(msg);
}
I think would work for just about everything.
So yes, Microsoft might have a point about Chrome invading your privacy, but, at the same time, trying to bundle it in with a critique of chrome's single window is just marketese and really undermines the rest of their own point. It's such a stretch of reality, that you have to wonder how much the rest of their message is true.
This is my sig.
That said, most of that 90% of users who wouldn't bother changing the default options in Chrome probably wouldn't have Chrome to begin with. Most of those users would be using whatever browser came pre-installed on the PC that they ordered from Dell or picked up at Sam's Club, and many of them probably haven't even heard of Chrome yet.
My point is that Chrome already has a pretty advanced user base (advanced enough to know how to download and install a web browser, anyway), and they would know how to edit privacy options if they wanted to do so.
The fact is, Chrome is the most privacy intrusive browser
Firefox's Awesome Bar does the exact same thing, by default. IE's anti-phishing sends every URL you visit to Microsoft.
Don't thank God, thank a doctor!
What's so hard to understand about this problem? Most users want to use suggestions only for their searches, not URLs they enter.
Bullshit. Most users only use the search bars on Firefox and IE, anyway. And they frequently type URLs into them. If I had a nickel for every time I saw someone type "google" into the search bar, click the first result from MSN and then type a search...
Usage studies is how Google came to their cleaner interface. Your concerns about privacy are valid, and I wouldn't doubt that factored into their design decisions, but I wouldn't be surprised if the other browsers combined their bars eventually, too. We're already moving that way with FX's awesome-bar.
As somebody who personally knows people working on Chrome, I can assure you that data mining was not the goal of Chrome. Most engineers at Google are sincerely trying to make the Web a better place. That this actually helps Google is just a bonus for them.
What, and the engineers working at Microsoft all cackle evilly muttering about sharks and laser beams as they plot to take over the software industry? The people working on a product are essentially never the ones with ill intent.
The intent of the people working on the project is quite irrelevant. What matters is the company itself, and what they can do with what they've developed. Everyone wants to believe that Google is some benevolent savior, but the realities of large business suggest otherwise. Let's say they are at this moment. How long do you think that attitude can last?
AccountKiller
I still prefer the way Opera does it, which is if I want to search I can type "g " or "y " to search google or yahoo. I use this all the time. This way if I want to search using the bar it is explicit. On the other hand most people wouldn't bother to figure out such a feature even exists...
Um, Firefox's address bar searches your local bookmarks and history. The "suggestions" are from your own locally stored browsing habits, which you can burn to the ground with every exit if you like.
--
Toro
And 90% of all statistics are made up on the spot!
Exactly ... and as for suggestions ... they may be sending requests with keystrokes, but I would imagine they are not 'storing' them along with their order and identifiable data (They could be, but I doubt it). I would think that would be too unreliable and risky in terms of performance. Firefox does essentially the same thing via it's search box when Google and/or Yahoo are selected.
I bet they do store *queries*. A Request does not automatically equate to storing something in a database. Do MSN/BING/Yahoo!/[INSERTSEARCHPROVIDER] not store the queries (along with environmental info. about those queries) and the subsequent clicks and look at that data?
And there's things like this from the article:
---
In the second part of the video, LePage demonstrates how Internet Explorer 8 has a privacy feature called InPrivate, a privacy mode to allow browsing without leaving a trace. Unfortunately, he fails to acknowledge the existence of Google Chrome's Incognito, which disables history tracking, which undercuts his argument.
---
And there's the question of how IE does it's Anti-phishing ... I'm sure it send all your URL's through M$'s network. Does he address whether or not those are stored? M$ is just mad that Google beat them to the idea ... Look for it in a future version of IE. Move along folks ... nothing new to see here.
Just check your browser's privacy options and set them to level you are comfortable using them.
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]