Blog Post

Google Chrome Security

PeterWallace

Some of the information below can also be applied to other browsers also:

I made a comment about me not trusting Chrome for security reasons. One of my big concerns is how much of my data can Google see and collect? It leads me deep into Google’s r Privacy Notice ( http://www.google.com/intl/en/privacy/ ) to see what they have to say. At the writing of this Chrome’s Section was last modified October 25, 2011 and in viewing the archived versions it appears they up date it about 3 times a year since 2009.

Google does not require personally identifying information to down load the Chrome software or to use it. When you use Chrome, Google only receives “standard Log Information” which has IP Address and cookie information. Like most Web sites, Google servers automatically record the page requests made when you visit their sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser/computer.

Here is an example of a typical log entry where the search is for “security”, :

###.###.###.### – 28/Nov/2011 10:15:32 –

http://www.google.com/search?q=security –

Firefox 8.0.1; Windows NT 5.1 – 740674ce2123e969

###.###.###.### is the Internet Protocol address assigned to the user by the user’s ISP; depending on the user’s service, a different address may be assigned to the user by their service provider each time they connect to the Internet or it could be the same if you have a static IP address;
28/Nov/2011 10:15:32 is the date and time of the query;
http://www.google.com/search?q=security is the requested URL, including the search query;
Firefox 8.0.1; Windows NT 5.1 is the browser and operating system being used; and
740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).

Wow that is some information they store and they can start to match up information based on the unique cookie ID and IP Address if users don’t delete the cookies. So big deal, I’m behind a corporate firewall and there are a hundred computers on that connection but if you look at that information the cookie data will be directly related to MY machine, so they can pin it down to one machine. Ok so how long will Google keep the data for? “We (Google) strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance.” That’s a long time to keep that information.

In addition to the above information if you are using Chrome as a browser some other interesting things happen (this is just a short list of what’s happening)

As you’re typing the address the letters that you are typing are sent to your default search engine and if the engines auto complete feature is turned on it will give you recommendations. If you have set Google to be the default they are now tracking your keystrokes.
If you type in a bad address that is nonexistent Chrome will send that information to Google to try to suggest the correct site.
Chrome includes Google’s Safe Browsing feature and will scan Google’s database for reports of malware or phishing and will let you know if it finds something. This is over and above any virus / malware scanning you are doing outside the browser.
Synchronization feature – will store your bookmarks, history and chrome settings on their servers but you need to setup a Google Account to do this.
Location Feature will send local network information to Google to try to get an estimated location of where you are located. This will look at the IP Address you are connected, signal strength of your connection and some other information.

Things you can do to limit the information sent:

Disable Chrome’s Auto complete Feature (Under the wrench Icon, select options, under the hood tab, privacy section, deselect the “Use a prediction service to help complete searches and URLs typed in the address bar” checkbox.)
Disable suggestions on Navigation errors (Under the wrench Icon, select options, under the hood tab, privacy section, Deselect the “Use a web service to help resolve navigation errors” checkbox to disable the feature.)
Check the other settings that are under the privacy section to see what you think about them. One of them that comes unchecked by default is “Automatically send usage statistics and crash reports to Google “
Disable Synchronization feature – (Under the wrench Icon, select options, personal stuff, sync section has your information)
If the box is NOT Checked that item is disabled.

Chrome does send a lot of information but in Today’s world any server we are connecting to or through is keeping logs with as much information as they can collect so I guess I really need to look into what extensions can be run to help me control what information is “leaked” out.

< Older Post Newer Post >

Mail

Eberly Systems Acquires Lebanon County LYLAB Technology Solutions

By Eberly Systems • 02 May, 2024

West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.

Navigating Small Business Success: The Power of IT Outsourcing for SMBs

By Eberly Systems • 16 Jan, 2024

A trusted MSP can be your invaluable strategic partner.

Enhancing Business Security and Productivity with Microsoft Office 365

By Eberly Systems • 02 Jan, 2024

These 5 key features of Office 365 Business Premium make it essential for businesses to have.

Key Notes from the Security Team: Q4 2023

By Eberly Systems • 19 Dec, 2023

Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.

Customer Success Story: Construction

By Eberly Systems • 03 Jul, 2023

After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.