Google Chrome May be the Wrong Choice

After having used the Google Chrome internet browser for a while now, I can say that it is generally a pretty nice browser, but I have some very serious privacy concerns.

When you open a new tab in Chrome, it displays pictures from websites you have visited. This means that if someone is sitting next to you, the moment you open a new tab, your recent browsing history is prominently displayed. The obvious response to this by some will be “Then don’t visit porn sites.” This is of course a very short-sighted response.

Do you work for a company with an internal website? Is Chrome going to show people confidential or proprietary information as soon as you open a new tab? Do you want to tell the person sitting next to you on an airplane or in a coffee shop where you bank, what stocks you own, your own medical conditions which you may be researching, that you are looking for homeopathic cures for hemorrhoids, and so on?

With Chrome you will instantly and automatically display websites you visit when you open a new tab.  If a person is a victim of domestic violence, this could be an extremely serious privacy and safety problem which may result in injury or death. Simply clicking on new tab to hide the current window from prying eyes may cause even more harm.

ESET Researcher Pierre-Marc Bureau pointed out to me that already when you start typing a URL into the address bar it may display some sites you have visited. This is a valid point, however the size of the displayed data is significantly smaller, and the duration of the display is probably going to be much, much shorter. Unlike Firefox, Chrome has no setting to automatically delete the history, etc. when you close the browser and no user control over how long history and temporary files are stored.

Chrome is still in beta and when it releases, perhaps the new tab display design flaw will be fixed. For the time being, I would have to say that Chrome is inappropriate for corporate users, the worst choice for victims of domestic violence, and a miserable choice for those who like privacy and tabbed browsing.

For a product in beta it is understandable that Chrome is quite weak on configurability options, but quite frankly, with such an obvious design flaw related to privacy, Chrome went into beta prematurely.

For the time being, the work around is to clear the browsing data regularly. Another option is to change the shortcuts to Chrome. Chrome has a feature called “incognito” browsing. Incognito is quite misleading, it doesn’t make you at all incognito, but it does help with privacy… most noticeably by not displaying any of your browsing history in a new tab. Unfortunately Chrome has no setting to start in incognito mode. To start the browser in incognito mode you need to modify the command line and add “–incognito” without the quotes. I use the quick launch button to open Chrome. If you right click on the Chrome Icon and choose properties there is a field called “Target” and that tells the computer what program to run when you click the button. By default the entry for Chrome is
"C:Documents and Settings<user name>Local SettingsApplication DataGoogleChromeApplicationchrome.exe"

By adding –incognito to the end of this as shown here:

"C:Documents and Settings<user name>Local SettingsApplication DataGoogleChromeApplicationchrome.exe" -incognito

I always launch Chrome in incognito mode and don’t have to worry about the Chrome tabbed browsing privacy vulnerability (or design flaw) on my computer.  Note that <user name> is the name of the user who is currently logged in.

If Google fixes this egregious privacy problem, the browser looks like it will easily contend for market share with Microsoft and Mozilla. If Google adds some additional configuration flexibility the browser will even be suitable for use by people who understand security and privacy. The inability to choose to be prompted for an action when a “secure web page” attempts to display both secure and insecure content leaves a lot to be desired. For now I would have to recommend that most users stick other current browsers, especially in a corporate environment, or if there is any need for privacy and confidentiality at all.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • http://anti-virus-rants.blogspot.com kurt wismer

    i wouldn’t hold my breath waiting for the non-beta release of google’s chrome… gmail is still in beta after 4 years… as has been mentioned elsewhere, google abuses the ‘beta’ label…

  • NiveusLuna

    I’d like to point out that a freeware program called CCleaner can clean Chrome’s cache, saved form information, history, etc. http://www.ccleaner.com
    I find the new tab page annoying, too.

  • ADMIN

    Google Chrome will be out of beta next year [confirmed]. It will be released as Google Chrome 1 and it is almost there [currently at 0.4].

  • Randy Abrams

    Just a quick note… The previous comment is from “ADMIN”. This is not an ESET Admin, and may not be from an admin at all. Anyone can choose any name they please. I have not confirmed the release date of Chrome 1.0 and the previous comment does not provide any evidence to support the claim of a release date for next year. The comment may be true, but the point is… verify everything you read on the Internet… even what I write!!!

    Randy Abrams
    Director of Technical Education
    ESET LLC

  • http://Google N.Buchalter

    I have been using Google Chrome for sometime now and find it is much faster than Firefox and I.E

    Just click on tools then options and it is easy then to work out how you want your homepage displayed. No need for people to see what websites you have been looking at.

    There is always a way of doing things differently.

  • I am

    Terrific article! Google Chrome May be the Wrong Choice | ESET ThreatBlog seriously makes my morning somewhat better :D Continue alongside the exceptional posts! Special regards!

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
31 Oct 2008
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.