Google Security Alert

Posted by admin on September 9, 2008

Do NOT Use Chrome

On September 5, 2008, Google announced the launch of its own web browser. Chrome was billed as an open source browser with a “faster more reliable experience.” Seeing as how I might have to eventually program to this browser, I downloaded it for a test-drive to see how it rendered pages compared to Firefox and Internet Explorer.

RELATED ARTICLES Google Promises Privacy Fixes in Its Chrome Browser (Washington Post, September 9, 2008) Heads Up: Chrome’s Omnibox May Record What You Type, TechNewsWorld, September 4, 2008 Google Chrome, At-A-Glance (Information Week, September 3, 2008) Chrome’s ‘Save As’ Flaw Could Give Attackers Control (Yahoo News, September 8, 2008) Critical Vulnerability Patched in Google’s Chrome (Security and Risk Online, September 9, 2008) Google Reacts to Some Chrome Privacy Concerns (Google Blogoscoped, September 9, 2008)

The tools and tabs are fresh and shiny new. The pages appear at first glance to load faster, but I believe it’s an optical illusion. What it does do is wait to display the page until it’s finished downloading everything on it. So instead of giving you the text and then slowly adding in images and ads and such, it waits and then displays everything as a complete package. For big pages like cnn.com, this can take a while and look like it’s had an error and frozen.

The most important thing—and the thing that made me remove it from my system immediately—is that the toolbar where you put in your url is actually a Google search box. That may sound innocent, but think about if you’re trying to access a development server that is private and is not intended for public viewing, it means that you’ve just submitted that url to Google and one of their spiders might come by to crawl it.

Privacy violation, bad, bad, bad.

If you’ve taken any of my classes, I think you’ll remember that I mentioned that nothing on the web is private? People start password protecting anything remotely sensitive now (if you haven’t already) because Aunt Myrtle may just be using Chrome.

Google admits to collecting data from its new browser. TechNewsWorld reported:

“As for Chrome’s powerful Omnibox, the intelligent location bar at the top of the browser that lets you type in URLs or search terms, data collection is still actively taking place. Anything typed into the box —even if the enter key isn’t struck—could potentially be logged with the user’s Internet protocol address, Google spokesperson Carolyn Penner told TechNewsWorld.

However, only about 2 percent of entries are collected, she said, and users can prevent this from happening by using the “Incognito” private browsing mode or simply turning Chrome’s “suggest” feature off.”

(Heads Up: Chrome’s Omnibox May Record What You Type, TechNewsWorld, September 4, 2008)

That’s 2% too many if you ask me, even with the sheer volume of searches giving you “herd” type protection. The Washington Post reported on September 9th that Google is promising to address the privacy issues, but my feeling is that my trust has already been violated. When it comes to the security of my clients and my family’s personal data, I don’t give second chances.

Buzz This Post Delicious Digg This Post Facebook Reddit Stumble This Post

Did you like this post? Share It