Above: Chrome’s security web page.
BitDepth#1225 for November 28, 2019
When Google introduced Chrome in September 2008, the Internet was a very different place.
The browser wars were still a real thing, with Internet Explorer and Mozilla still battling it out for market share.
The emphasis for the new browser back then was speed and Chrome, while built from components licensed from existing browser projects, implemented the browsing experience with discernible improvements in website loading and rendering.
By 2011, Google had migrated almost entirely from dependencies on code it hadn’t developed and the Chromium project would become the foundation of its development.
Eventually, other browsers, including Microsoft’s Edge would make use of this alternative browsing engine.
Chrome has also benefited from other software developments in Google and its tight integration with Maps, GSuite, Translate and other products introduced by the company have led it to be a convenient way to browse the web.
But Chrome is a part of the Google ecosystem in other ways and the company is in the advertising business and leverages user information to improve its targeting.
In July, Washington Post tech columnist Geoffrey Fowler put Chrome to the test and found that it allowed thousands of tracking cookies to be set during normal use.
It also doesn’t help that Chrome’s use of “helper” applications to manage its tabs and the memory leaks that ensue make it demanding of computer resources.
Fowler also pointed out that the dominant company issuing tracking cookies for advertising purposes is DoubleClick, a subsidiary of Google itself.
The settings in Chrome don’t limit many of these bits of code, which are necessary for legitimate sites to offer a range of convenient features, such as remembering who you are as a user.
An HTTP cookie or browser cookie is a tiny bit of data that’s sent from a website to your browser. Some websites will warn that this is part of their normal operation and ask permission, but many don’t.
Cookies have been in use since Mosaic was introduced in 1994, but their presence is now almost universally pervasive, and the scope of their operation within a browser has become disturbingly wide-ranging.
It was once considered good form to build these bits of code to expire after the user left the website, but many cookies in use today are persistent, sticking around in your browser to track what you view.
Best practice is to create what’s called a same-site cookie, which after being approved for tracking on a single site, limits its operations to that site, making regular log-ins, for instance, easier by pre-filling windows with required information.
A supercookie can execute malicious code and most are blocked by default using an online list that tracks existing instances.
At a Google I/O show in May, Google argued that a nuanced approach to managing cookies is best and announced that it would require developers to specify when cookies would be used for cross-site tracking, gathering information on your browsing habits after you leave a website.
It also announced plans to crack down on ‘browser fingerprinting,’ in which scripting evaluates a browser’s configuration to identify it whenever it is in use.
Both Apple and Mozilla have taken a harder line with their browsers Safari and Firefox, emphasising data privacy as a core feature of their products.
Recent versions of Firefox are particularly aggressive about blocking cookies, locking down even the cookies that link Facebook to websites you’ve built yourself.
If you sign up for the Firefox Monitor service, you can get updated on the rather alarming number of breaches in which the data associated with your email address might have been compromised. You can add additional emails to the service, which draws its data from haveibeenpwned.com.
Switching to Safari, Firefox or the new Brave browser is one strategy you might want to consider if you are concerned about the extent to which your online activities are being recorded.
Brave, ironically, runs on Chromium and implements a controversial ad-blocking/replacement technology that’s drawn the ire of publishers who object to the browser replacing their ads with its own advertising ecosystem.
You might also think about replacing Google Search with DuckDuckGo, which emphasises private connections and more balanced search results.