Getting stealthy with Google Chrome

The tide has turned on Google over the past 10 years. From starting out as a well-loved ‘do-no-evil’ high-tech startup, it has become one of America’s biggest brands and one of the world’s largest corporations.

Those concerned about privacy and anonymity point out that Google holds more data on many individuals than any government authority or credit ratings agency. Chances are that Google knows what you search for, where you shop, what sites you browse, what emails you receive and what your interests are. Depending on the products you use, it may even know where you are right now, who your friends are, and have a file on your medical history.

Google Chrome - Google’s quite astounding web browser - has been caught up in this wave of nervous suspicion, and quite rightly so. A web browser can send back all sorts of information to its author - such as browsing habits or even confidential personal information - helping that author refine their ad serving algorithm, or take another step towards world domination.

Unfortunately for conspiracy theorists, Google Chrome is, in reality, slightly more mundane than all of that. In its default state Chrome only calls home marginally more commonly than Firefox - usually for the same reasons as FF - and by turning on some privacy options in Preferences, you can stop it calling home at all.

Below are the options you’ll need. Ones with a (*) against them have no impact on communications between Chrome and Google, but are nice to have for private browsing.

Basics Tab

  • Untick “Enable Instant for faster searching and browsing”

Personal Stuff

  • Make sure Sync is off
  • Never save passwords (*)
  • Disable autofill (*)

Under The Hood

  • Content Settings
    • Tick “Clear cookies and other site data when I quit” (*)
    • Block all plugins
    • Don’t allow popups (*)
    • Tick “Do not allow any site to track my physical location”
    • Tick “Do not allow any site to show desktop notifications” (*)
  • Privacy - should be all unticked:
    • Untick “Use a web service to help resolve navigation errors”.
    • Untick “Use a prediction service to help complete searches and URLs typed in the address bar”.
    • Untick “Predict network actions to improve page load performance”.
    • Untick “Enable phishing and malware protection”.
    • Untick “Automatically send usage statistics and crash reports to Google”.
  • Untick “Offer to translate pages that aren’t in a language I read”

Of course, there’s a play-off between the functionality that these features provide and the privacy gains you’ll have made by turning them off. The most important one is the phishing and malware protection feature - which calls home pretty much every time you visit a page to make sure that the page isn’t in a malware database. By turning it off you may have exposed yourself to identity theft attacks. If you’re not a tech-savvy surfer then you’re probably more likely to protect your privacy by having it switched on.

I’ve done all that! How do I know it’s not still calling home?

If you want to verify it for yourself (as every paranoid person should) then download a packet sniffer like Wireshark and take a look. Wireshark makes it easy to capture HTTP packets, see where they’re going and look at what they contain..

Browsing a site like www.europa.eu with Wireshark running is a good test, because that site seems to serve nothing from third party servers - everything comes from just one IP. You’ll see that apart from packets flying back and forward between the europa.eu server and your computer, there is no other activity coming from Chrome.