Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Private Mode Not Quite Private

Posted by CmdrTaco on from the what-if-i-wear-a-hat dept.

wiplash writes "Google Chrome appears to store at least some information related to, and including, the sites that you have visited when browsing in Incognito mode. Lewis Thompson outlines a set of steps you can follow to confirm whether you are affected. He has apparently reported this to Google, but no response has yet been received."

30 of 234 comments (clear)

  1. Addicted. by Anonymous Coward · · Score: 5, Insightful

    Google is addicted to your information, and will do whatever they can to get more.

    They cannot help themselves.

    Resist.

    1. Re:Addicted. by sopssa · · Score: 4, Insightful

      Yes, it's the basis of their business model. They need all that information to serve their advertisers better. This means they're also constantly looking for new ways to get even more and more information. Even if some of their services currently aren't related to advertising (like their free DNS service), there's no guarantee that they cannot be in the future. They're awfully easy to integrate later when they have grown, and with publicly traded companies you never know what is going to happen in the future. Especially when they're looking for new ways to generate advertising revenue.

      Notice that all of their services are related to obtaining information, usage statistics, datamining and serving advertisement. YouTube too is a great resource for advertisers, as soon as online video matures a little bit more (though they're already working on it).

      Not that it's a bad business model - but if you value your privacy, you might want to consider forgetting freeloading for a moment and buying software. You know, the business model that is based on customers paying for the software instead of selling their soul for advertisers. Google is the new adware business, they have just hidden it better.

    2. Re:Addicted. by Anonymous Coward · · Score: 3, Informative

      Do you believe every piece of FUD that comes out of sopssa's mouth? By default yes, everything typed into the address bar is sent to google which is how their autocomplete for searches works. If you just don't want it sent to google, change your default search provider. if you don't want it sent anywhere simply uncheck 'use a suggestion service to help complete searches and URLs typed in the address bar' in the Under the Hood tab of Options.

    3. Re:Addicted. by kdemetter · · Score: 5, Funny

      "We are the Google , you will indexed " ?

      --
      Slipping shoelaces ?
    4. Re:Addicted. by steelfood · · Score: 3, Insightful

      I'm not too worried about my privacy when it comes to corporations. Partly, it's because they already have a lot of data on me. Partly, it's because if they abuse it, I have at least a possible method of recourse.

      What I am worried about is the government getting their hands on such data. Now that's a danger that far exceeds what a corporation can do. And, you have no method of recourse against the government.

      Look at it this way: The worst a corporation could do is deny me a loan, because I buy a lot of junk online, and that means (by whatever twisted logic corporations employ) I'd be more likely to default on it.

      The worst a government can do is pull me over for a traffic violation, and throw me into prison without a trial because the routine check brought up the fact that I frequent sites that advocate extreme or even locally unpopular views.

      Which all leads to why I try to keep as anonymous as practically possible. Corporations don't have adequate data retention (or deletion) policy for my needs. And they cave easily to the government. Google is only slightly better in that they explicitly state how long they'll keep the data. But until every corporation adopts far more restrictive data retention policies whether by government regulation or by public outcry, I'm going to keep data on me from leaking out as much as possible.

      And before anybody points out the obvious contradiction above, I'm just going to say that entities can work for you sometimes, and against you sometimes, neither of which precludes them from doing the complete opposite at the same time.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    5. Re:Addicted. by Snarf+You · · Score: 3, Interesting

      Is there any way to stop Chrome sending the info of the URLs you type into the address bar back to google, yet?

      Yes - use SRWare Iron. It's a fork of Chrome, without all the phone-home stuff.

    6. Re:Addicted. by AnotherUsername · · Score: 5, Interesting

      I was going to reply with comments related to the Constitution(specifically the Bill of Rights), how the court system works, the various court cases the Supreme Court has ruled on regarding protests and freedom of speech, and other facets of how the law protects you from government abuse related to freedom of speech and protest/demonstrations, but then I remembered that this is Slashdot, and the government is always bad, and corporations are always better than the government.

      I sometimes forget that I am in the minority around here when it comes to trust of the government vs. trust of corporations(I trust the government more than I trust corporations, though I have a healthy wish for privacy). I am one of those that thinks Orwell is overrated(I like the stories, but I don't see them happening), with Huxley's Brave New World being my dystopian present/future to be feared.

      --
      I don't like Linux. This doesn't make me a troll.
    7. Re:Addicted. by LordLimecat · · Score: 3, Informative

      Um, yes, and AFAIK you have been able since almost the beginning. Wrench-->options-->under the hood --> "Use suggestion service...".

      Just for the sake of putting this stupid argument to rest, I tested it with wireshark, and yes, unchecking that box immediately causes chrome to cease sending URLs to google. In fact, with all the boxes unchecked, it appears that the only traffic sent is directly to the websites that you are fetching.

      I like how your "yet" implies that that hasnt been there from practically the start, though, or that you cant just use chromium if you are really that worried about it.... really some quality FUD there.

    8. Re:Addicted. by LordLimecat · · Score: 3, Informative

      So, maybe Im just being an apologist here...
      But while I did verify this, and can see some disk writes in ProcMon to a tmp file (which seems to be deleted on close), is it asking too much to have a little more info before running off and declaring it to be some additional nefarious way to collect info? Any packet sniffing, or even seeing if it can be replicated in chromium or Iron? Any effort to see ANYTHING AT ALL of whats going on, or whether that data is stored anywhere except the "magnify websites to this level" database?

      I mean come on, I know Google is the new "cool to hate" company, but a 1 paragraph blog entry with NO technical details whatsoever makes REALLY poor outrage material.

    9. Re:Addicted. by HBoar · · Score: 3, Informative

      That's the point -- the Queen can't just step in because she doesn't like the current government, it's only if the shit really hits the fan, as a last resort. For example, if an elected government tried to turn itself into a perpetual dictatorship without the support of the public, she could go in and kick some ass.

  2. Re:WHAT by Minwee · · Score: 3, Funny

    How else do you think Chrome gets to be so fast? The Chocolate Factory knows your entire browsing history so it just pre-loads your favourite pages before you even realize that you want them. Why shouldn't it keep track of your favourite kinds of porn, offshore gambling web sites, and that hotmail.com email address that you thought you were keeping to yourself?

  3. Didn't work for me by TimHunter · · Score: 4, Informative

    using 4.1.249.1064 on Win7.

    1. Re:Didn't work for me by Anonymous Coward · · Score: 5, Funny

      Yeah, seems this only affects the beta versions from their Dev channel.

      Man that's evil! Putting bugs in their betas so they can spy on us...

  4. this doesn't happen to me by yincrash · · Score: 4, Interesting
    tried it in 5.0.375.38 beta. my hypothesis is that he had other incognito windows open as well (probably with porn in them) that kept the incognito session going while he was open and closing the elephants.com window.

    all incognito windows share the same session

  5. Persists across restarts, too by emag · · Score: 4, Informative

    So, since the example in TFA didn't restart Chrome between incognito windows, I decided to see what happened when I followed the steps with "4.5 Exit chrome completely, then restart", and can confirm that even when Chrome fully exits and is restarted, it remembers the zoom level used in a URL only ever visited in an incognito window.

    --
    "The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
  6. Reproduced it here just fine by droopus · · Score: 5, Informative

    Exactly as reported.

    I'm using 5.0.375.29 beta on an Air running 10.6.3 over wifi.

    Went to cheese.com (the #1 resource for cheese!) and the zoom held.

    Additionally, when I opened a new tab in non-incognito mode, the zoom STILL held, so there is definitely some communication between regular and incognito windows.

    I'm devastated that my secret cheese browsing is now public.

    --
    "The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
  7. Re:Not surprised. by drinkypoo · · Score: 4, Informative

    There's always Chromium; I run it on Ubuntu. For Windows there's SRWare Iron. I'm not sure which is the preferred build for OSX; perhaps Crossover Chromium. TFA doesn't say whether Chromium is affected. Some comments under TFA state that the effect lasts only until Chrome is restarted, suggesting that the information is stored only in the memory cache.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. The bug by trazan · · Score: 5, Informative

    Here's the bug in question, filed about 2 weeks ago:
    http://code.google.com/p/chromium/issues/detail?id=43107
    Seems like someone looked at it, prioritized and classified it (eg pri-2, internals-cookies).
    What's the big deal? It's just a bug that needs to get fixed, not a huge conspiracy by Google.

    1. Re:The bug by EvolutionsPeak · · Score: 4, Funny

      Look, we're trying to do some rabble rousing here and you are not helping.

  9. Um no by coolsnowmen · · Score: 3, Insightful

    There are many ways to finger print something that are not reversible. For instance, this is just page viewing preference data about a site you visited. What if it takes a hash of the url and uses that to store settings like current zoom and scroll location. There is almost no way this violates the idea of 'incognito' mode.

    1. Re:Um no by Rockoon · · Score: 4, Funny

      You are kidding, right?

      So I jump on your computer and browse to red-hot-midget-porn.net and find that the zoom level isnt the default value...

      Do I conclude that (A) you don't like red-hot-midget-porn?, or (B) you do like red-hot-midget-porn?

      Well in any case, I'm pretty sure that everyone likes red-hot-midget-porn, so maybe this is a bad example.

      --
      "His name was James Damore."
    2. Re:Um no by elmodog · · Score: 3, Funny

      Do I conclude that (A) you don't like red-hot-midget-porn?, or (B) you do like red-hot-midget-porn?

      It depends on whether it's zoomed in or out.

  10. Pitchforks down, please, no story here by TerrenceCoggins · · Score: 3, Informative

    TFA only mentions zoom levels as being stored -- not any other info from users' porn-mode browsing session, just zoom levels. Chrome recently began saving users' zoom levels (if I'm not mistaken) so that pretty much explains that (while conveniently also accounting for why users of earlier versions may not experiencing this phenomenon as well.) We're all waiting for google to slip up monumentally (or "pull a facebook," if you will,) but unfortunately we'll have to wait another day.

    1. Re:Pitchforks down, please, no story here by McDutchie · · Score: 3, Insightful

      You're missing the point. If Chrome records zoom levels for particular sites, each such record is proof by implication that you visited the site. The Incognito mode is supposed to prevent recording of what sites you visit.

    2. Re:Pitchforks down, please, no story here by jonnythan · · Score: 3, Informative

      If it remembers zoom levels for particular websites, it must remember the websites themselves. That also means someone can potentially obtain a list of URLs you visited in incognito mode.

      That defeats the entire point of incognito mode. It's not supposed to remember anything.

  11. I submitted this a while ago by rcamans · · Score: 3, Interesting

    Submitted by rcamans on Friday October 23 2009, @01:21PM
    rcamans writes "Visit a bunch of sites in Chrome incognito, and then look at your history in IE 7. Oh My God! A few of the sites you did not want in history are in IE history? How did they get there? A nasty in Windows XP OS. Oh, man...
    These sites do not show in Opera history, Safari history, Chrome history, or FIrefox history. So maybe it has to do with IE integration into the Windows OS. Do not trust Chrome incognito until this bug is fixed. If it can be fixed.

    Also, IE7 search history shows Chrome incognito search items. Oops

    --
    wake up and hold your nose
  12. Simple explanation by jeti · · Score: 3, Interesting

    Chrome is very likely to hold the DOM of visited pages in the cache so that f.e. hitting the back button will quickly render the previous page. That does not necessarily mean that the information gets persisted on the hard drive or is available to other pages. On the other hand it's not unlikely that the information sometimes gets paged out to the hard drive and persists until it gets overwritten.

  13. Re:The Phone Company by Sancho · · Score: 3, Informative

    The article shows that a per-site setting (page zoom) persists between incognito sessions. That's all. No mention or even speculation that Google is storing that information on their servers.

    That said, Incognito was never meant to be private browsing from Google. Your search queries still get send to your search provider (imagine that!) and auto-suggest will still work. What Incognito mode is for is to prevent your wife/brother/sister/boss from seeing the sites you use. This has been discussed to death already.

  14. Its Not about Trust by hax0r_this · · Score: 3, Insightful

    I think you're missing the GPs point. Although many around here might well hold the beliefs you allude to (I don't think its a significant population on Slashdot, as victimized as you might feel by them), the GPs point is that the cost of betrayal by the Government far exceeds the cost of betrayal by a Corporation. In fact, the worst a Corporation can do do you is really limited by what the Government will allow it to do - if you are really so afraid of what a Corporation can do to you, you are implicitly afraid of what the Government will let it do.

  15. This issue has been fixed. by Paxtez · · Score: 3, Informative

    http://code.google.com/p/chromium/issues/detail?id=43107