What are the security concerns with Chrome? (Page 1 of 2)

I don't get it either, dude... are these guys constantly hacking the FBI or something?

Either way, I have some privacy concerns, as in I only like people to know what I'm willing to share. I use facebook, gmail, twitter and chrome, each with privacy settings to my liking. Oh noez

well omns i have looked into this for a bit now and one thing i have seen over and over is personal pref. & miss-information seems to over power logic at times.

for the last 25-30 years there have been huge servers that have one existence: to collect personal info. used for such things as sales, marketing, advertisement, spending habits, billing, likes, dislikes,
ET-cetera,  ET-cetera,  ET-cetera...

and people are concerned about chrome, fire fox, or any other browser, collecting info. lol

+1 Hanna
i am with you on this one

Chromium, (The opensource version of chrome.) isn't owned by google and doesn't do anything like that, and both versions also have this one privacy mode.

Doesn't it? Chromium uses Google as its default search engine which brings the same security concerns that people worry about in Chrome.

So why not package Firefox like Mint does? The bonus is people would stop asking about installing the actual "Firefox" and not Iceweasel

Good topic, omns. Thank you for starting it.

I'm newly back to using Chrome again over Chromium (on Linux only) due to some technical issues here and there with Chromium but I do have mixed feelings in regards to Google itself which will (of course) tie into how I feel about Chrome, the browser.

I mostly use Google search as it's still bringing back the most relevant content. If something is really personal and I don't want it logged for tracking, I use Midori and DDG.

Two-part response on this.

Slightly aside to your question and I might be wrong on this- but I think one part of the issue is how the update process itself has been handled by Google. Many apps phone home to check for updates, but until fairly recently the Google update process was running 24/7 and would respawn unless you disabled it as a service and via msconfig in Windows. Many people (including myself) ran into the issue of very high resource usage, and when combined with it as a respawning process it becomes a large annoyance heading into rogue territory. One of the questions was "why does this need to be running 24/7 instead of using the built in Windows task scheduler, do your thing and then exit?". IIRC there was never a real answer but it has been remedied.

Now more directly related to your question, Google does send some info back in update as shown here:

http://static.googleusercontent.com/ext … epaper.pdf

(actually, that's worth a look at anyway as it covers general settings outside of the update process for those looking at what things get sent and how to adjust settings so might be handy as a reference)

I use Gmail, but a whole lot less since the Google Buzz incident (mostly for things like forum signups or mailing lists). I touched on that a bit in an older thread here:

http://crunchbanglinux.org/forums/post/76777/#p76777

I do use Facebook but treat it for what it is- a data harvester that I can chat with people I know on, as a promotional tool (I admin a business page) and I also use Twitter (for work only). 

But getting back to Google, up until the Buzz attempt there is (or was) an expectation of contextual privacy.  The way I aee it, your social network (Facebook and those before it) is your apple, your email is your orange. You treat them accordingly as a learned behavior. Then suddenly one day it's now some apple-orange smoothie where all context has been flattened without permission since it's been decided that things should be "shared" (code for advertisers, who love user to user relational mapping) for a Better User Experience for All. That's actually pretty arrogant. Now combine that attitude and a few other missteps with Eric Schmidt's creepy-to-alarming "jokes" regarding privacy and I think that is where you will find a great deal of the blowback (not just here, but in general) is coming from. 

Probably not. And even if you're not on the internet you still are via public records or your most social contacts. Hell, I've had my personal data preloaded into networks I have no interest in ever joining but used as "Google Bait" to get people I know to sign up. This is just how the internet is now. However, I think it's up to the individual to decide how much they choose to share and with whom and in the places where the trade-off occurs (product or service in exchange for information), what is being shared should be made very clear, so there is (edit- I had the phrase "informed consent" here, which isn't actually the term I'm looking for but close enough to what I mean).   

But I use Google products and probably not going to stop any time soon, so I'm a hypocrite in this regard. I think Chrome is a pretty good browser.   

I guess the takeaway is that when some of us talk about Chrome we might be talking about more than just a web browser since it's not always easy to separate the entity from the product.   

If that's the only reason, agreed.

Interesting conversation, thanks again omns!

Last edited by chillicampari (2011-01-14 06:14:15)

I love chrome.  Everything from the speed to the way it looks, but i guess its just not for some people.  My main concern with using it though, is it still doesn't have noscript extension that firefox has.  Noscript is a godsend, more so for that exploitable friend windows we all know.  Just recently, the project creator of adblock, took over the one in chrome.  While the code isn't the same, I feel better knowing that he's behind it, as the extension for firefox is great.  Looking at firefox 4, i feel like its starting to look more like chrome, then firefox, but for me, that isn't a bad thing.  For those with privacy concerns, while its not the best protection, you can turn off your location under settings > options > under the hood > content settings.  Google will no longer poll your location like firefox is by default.

Isn't this enough? They collect data about my interests and behavior to create a profile of me to show me more specialized advertising. I don't want specialized stuff, when it comes to random stuff, I want whatever others get. How should I evolve and find new interests, when all I see is what I already saw, just to make me buy faster? I don't allow anyone to make detailed statistics about me. This is personal information. If someone wants to sell his goods to me, he should ask politely, instead of trying to manipulate me.

Usually over proxy. Enough said, I assume.

I have a very sophisticated package management system for such things. I want my software to communicate with whatever server I want it to or, if there are needs, with servers required for it's functions. I don't care if there is an update and I won't install the update manually. That's what my distro is bleeding edge for.

I use neither of them. I only use message boards and and mailing lists, as well as messenger services. Important communication is encrypted. That means my IP address and my mail address are given away. Ten of my not so geeky friends sent me invitations to my mail address from facebook. I told them that I will change my mail address and ask them to never do that again. I explained to them, how my thoughts about facebook are and, should they do that ever again, I might find a lawyer that'll help me sue them for that. The last statement was a joke of course, but it showed them, how important that is for me. Anyone giving my mail address away without asking me, will suffer consequences, either personal or legal.

Pure rhetorics. Three completely distinct sentences in a paragraph, no facts, no conclusions. You are either very good in creating controversy or very bad in trolling.

No objections here. I don't have time to review every piece of code I use... and I don't know every language that stuff is written in. If I don't review the FOSS stuff, it would be hypocritical to say closed source is evil.

Yo bro, can I have yo mail?

Nah seriously, I don't get where all this is about. Sure, they're taking info on you and sure, they can use that against you and sure, they shouldn't. But I think it's all made bigger than that it really is. Personally,
I don't mind. It's not that you can avoid it anyway, they will get your info from somewhere, unless you're going to live in a cave and eat fish, cooked on your camp-fire.

I pay little or no attention to the types of Ads that appear on my screen. For me the only purpose they serve is to get in the way of the data I'm trying to access. What they contain and how it gets there is of little consequence to me. That said it's how the online world goes round. Advertising helps pay for most of the content we have access to these days - like these forums. Of course it creates unnecessary and unwanted sites which only have the purpose of spamming others but it also keeps the good content going. It's a necessary evil I guess. There are other options like sponsorship and donations but not everyone has the pulling power of say, wikipedia, to obtain these funds.

Fair enough, I'm curious how many others use proxies like tor for browsing. I know I've used it in the past but didn't in the long run find a purpose for it. If I'm going to the lengths of not being identified in where I go on the net then perhaps my concerns would be addressed by better browsing habits.

I have less bleeding edge needs and don't mind if an application is looking for an update. Sometimes it is of use to my needs, sometimes not. It doesn't concern me enough to disable it unless it is annoying me with constant popups. That said I would usually choose not to have updates looked for if the program provides that option when first run so i guess I do make some effort to reduce this type of traffic.

Personally I don't have an issue with social media as long as you are aware of what is actually happening when you engage with them. Sadly most don't. My use of these services is always for a very specific purpose. Anyone seeking to interact with me outside of those targeted needs is blocked or denied access. I also make sure that I only post content there that I have no issues with others accessing if they make the effort to find it. It's all about better practice in the long run.

An interesting view regarding online privacy http://crunchbanglinux.org/forums/post/101869/#p101869

hmm, I run the risk of getting off-topic here...

hehe, when drafting the reply I initially made a reference to more 'ethical' browsing habits but thought that might be a bit to provocative and didn't want to sound accusing (which wouldn't have been the intent). I guess I'm saying that if you aren't doing anything wrong then you shouldn't have much to worry about. In this scenario I don't see a need for browsing via proxy.