Heh, that login page is marked up with a tabular layout. I wonder why Google as a "cool-kid" company never properly redesigned its internal applications. I can only shudder at the usability of "moma". Or is it just the login page?
The autocomplete timings are one part of it. I am more concerned about other parts which are not publicly documented and seem to contain possibly identifiable information. I will be very happy if my suspicions are proven unfounded.
Aside, there seems to be an RLZ parameter in Chrome, which is purportedly absent from Chromium. The RLZ parameter comes from [1], which according to that page is now integrated into Chromium. By manual inspection of the AQS parameter value, there seems to be some identity of the browser included in it.
>Disable the webservice for finding navigation errors (happens via Google)
>Disable the autocomplete omnibox features (happens via Google)
>Disable the prediction of network actions (happens via Google)
>Disable protection against phising and malware (happens via Google)
>Disable requests for translating webpages (happens via Google)
>Disable HTTPS validity checks (happens via Google)
>Disable background apps
>Disable Google Cloudprinter detection
And with that, you have gotten rid of all tracking interaction via Google at browser level which is user configurable (i.e. accessible via chrome://settings).
The vast majority of Chrome's users have no idea what any of those terms even mean, or what the tracking actually entails. Most people don't read EULAs and will never touch program defaults. They certainly don't fully understand the compromises they are making with their privacy. Having these options available is irrelevant for most people.
These are the only options you can modify from the assigned UI for it (chrome://config). As far as I know, Chrome is the branded version of Chromium. Chromium development is done by open source contributions, but mostly they are on the Google payroll. What do they get from this? As you said: user-tracking so they can deliver even more targeted advertisements. It is great they also deliver a FOSS-ish browser, but there is only a small minority actually using Chromium. The majority gets to use Chrome which, due to Google branding, is vastly more popular.
Their search engine also greatly benefits from all the data hoarded.
At least on the desktop they bother sending autocomplete requests over https. On android, autocomplete is a security disaster. the stock browser up to 4.2 sends anything you type in the addressbox in cleartext over the "wire". Haven't checked if chrome does the same thing but i would guess they share some of their codebase.
I think it's time to start compiling your own browser..
15 comments
[ 2.9 ms ] story [ 41.2 ms ] threadhttps://code.google.com/p/chromium/codesearch#chromium/src/c...
https://code.google.com/p/chromium/codesearch#chromium/src/c...
Looks harmless enough. It just provides omnibox autocomplete timings to search engines.
ther is a link with more details: http://goto.google.com/binary-clients-logging
but for that you have to login with a google employ account...
Aside, there seems to be an RLZ parameter in Chrome, which is purportedly absent from Chromium. The RLZ parameter comes from [1], which according to that page is now integrated into Chromium. By manual inspection of the AQS parameter value, there seems to be some identity of the browser included in it.
[1]: https://code.google.com/p/rlz/
>Disable the webservice for finding navigation errors (happens via Google)
>Disable the autocomplete omnibox features (happens via Google)
>Disable the prediction of network actions (happens via Google)
>Disable protection against phising and malware (happens via Google)
>Disable requests for translating webpages (happens via Google)
>Disable HTTPS validity checks (happens via Google)
>Disable background apps
>Disable Google Cloudprinter detection
And with that, you have gotten rid of all tracking interaction via Google at browser level which is user configurable (i.e. accessible via chrome://settings).
{google:baseURL}search?q=%s&client=ubuntu&channel=cs&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
The vast majority of Chrome's users have no idea what any of those terms even mean, or what the tracking actually entails. Most people don't read EULAs and will never touch program defaults. They certainly don't fully understand the compromises they are making with their privacy. Having these options available is irrelevant for most people.
Does anyone know for certain what differences between Chromium and the closed-source Chrome is?
I find it very hard to trust a browser from the internet's biggest user-tracking- and ad-agency.
Their search engine also greatly benefits from all the data hoarded.
I think it's time to start compiling your own browser..