For better or worse, my blog is popular with the Google conspiracy-theorist demographic. I knew that as soon as Google Chrome launched, some readers would ask tough questions about privacy and how/when Google Chrome communicates with google.com.
So I decided to tackle this issue head-on. I talked to the Chrome team to find out if there’s anything to worry about. The short answer is no. For the long answer, read on.
- If you’re just surfing around the web and clicking on links, that information does not go to google.com.
- If you are typing a search or url in the address bar, Google Chrome will talk to the current search service to try to offer useful query/url suggestions. I love this feature, but you can turn it off. Right-click in the Omnibox/address bar and choose “Edit search engines…”. Or click the Chrome menu (it looks like a wrench), then Options->Basics and then the “Manage” button. Either way, you’ll see this box:
Uncheck the checkbox at the bottom of the dialog box that says “Use a suggestion service to help complete searches and URLs typed in the address bar.”
- By default, crash reports and other anonymous usage statistics (e.g. which features are used most often) are not sent to Google. The Chrome team would love if people opted-in to send crash report data though, because it would improve Chrome for everyone. To opt in, click on the Chrome menu (it looks like a wrench), then click “Options.” On the “Under the Hood” tab, check the box that says “Help make Google Chrome better by automatically sending usage statistics and crash reports to Google.” You can read more about this opt-in option on this support page.
- I believe if Google Chrome sees a very short, stock 404 page (less than 512 bytes), it talks to Google in order to try to suggest other possible pages and options. My understanding that this is the same underlying technology that I talked about earlier this year. I think if you have a helpful 404 page (> 512 bytes), Google Chrome doesn’t modify that (this 404 page isn’t changed for example), but Google Chrome does try to help with very short/unhelpful 404 pages. If you still don’t like this feature, you can turn it off. Go to Chrome/Wrench menu->Options->Under the Hood and uncheck the box that says “Show suggestions for navigation errors.”
- Google Chrome checks for automatic updates every 25 hours. Other modern browsers check for updates as well, e.g. to plug security holes. Given today’s sometimes-hostile web, I think checking for updates like this is a very smart choice.
- Every 30 minutes, Google Chrome downloads a list of 32-bit url hashes of urls thought to be dangerous (malware or phishing). That is a download of data from google.com, not to google.com. As you surf around the web, if you happen to hit a url whose hash is in the dangerous list, the 32-bit hash is sent to Google and Google replies with a full 256-bit hash of the dangerous url in question. Not only does this happen very rarely, but Google Chrome doesn’t send a url to Google, it sends a url hash, so Google doesn’t learn the url from this exchange. By the way, this is essentially the same protocol that Firefox 3 uses to protect its users from malware/phishing urls as well.
Update, September 5th 2008: A friend pointed me to this nice public description of Google’s Safe Browsing protocol in case you’re interested in more details.
- When you choose your language in the user interface, Google Chrome downloads a spellcheck dictionary. Again, that is a download of data from google.com, not to google.com.
To the best of my knowledge, this is the only communication that happens between Google Chrome and google.com. I thought it would be better to write down all the communication that happens so that people wouldn’t invent conspiracy theories. As Louis Brandeis said, “Sunlight is the best disinfectant.” Luckily, you can double-check me because the browser is open-source. I hope this helps in case anyone has any privacy-related questions about Google Chrome.
Update: David Pogue writes this of Google Chrome in the New York Times:
Will Google ensure that its own services run better in Chrome than in other browsers? Is this part of Google’s great conspiracy?
That’s a no and a no. Chrome is open-source, meaning that its code is available to everyone for inspection or improvement — even to its rivals. That’s a huge, promising twist that ought to shut up the conspiracy theorists.
That’s a good way to put it.