This whole conversation between Justin and Robin is incredibly frustrating to read, and reinforces my lack of trust in Google/Chrome around #privacy issues, particularly in relation to their #PrivacySandbox proposals.
https://twitter.com/robinberjon/status/1373691498240339975
A little bit of context first - this isn't just some argument between random dudes on the internet.
Justin was "Engineering Director on Chrome Security & Privacy" for the last 11+ years, retiring just under a month ago.
Justin was "Engineering Director on Chrome Security & Privacy" for the last 11+ years, retiring just under a month ago.
Justin's original assertion is that Chrome's privacy label on the Apple app store shows so much data being collected because the *sites* you visit via Chrome can collect that data, and all other browsers should be listing the same labels.
There's a lot we could contest there, but lets focus on the implied conclusion - that Chrome doesn't collect/use this data itself (at least more than any other browser).
This simply isn't true, as pointed out by Robin and others.
This simply isn't true, as pointed out by Robin and others.
If you enable sync on Chrome, all your synced data (other than passwords) will be sent to Google unencrypted by default. It's stored against your Google account, and (at least) your browsing history will be used to "personalise Search, ads, and other Google services".
Lets try enabling sync in Chrome and see how the process works. I'll be using an account I created a couple of years ago, and haven't used since. I haven't used it for Chrome sync before, or changed any privacy settings on the account.
I want to enable the sync feature, so I click the "Turn on sync..." button, and am prompted to log in - so far so normal.
Once I'm signed in, I'm asked if I want to turn on sync.
But notice the light grey text under the description of sync - it's not just sync I'm enabling:
"Google may use your history to personalise Search, ads and other Google services"
But notice the light grey text under the description of sync - it's not just sync I'm enabling:
"Google may use your history to personalise Search, ads and other Google services"
This "personalisation" is not the feature I'm trying to enable - I'm trying to enable sync. Bundling them together is clearly a ploy to trying and sneak in consent for personalisation along with an actually useful feature.
The "Yes, I'm in" button (that consents to and enables both "features") is bright blue, and it's already focused - pressing enter on your keyboard clicks it.
It's designed to get people to click through without really understanding what they're agreeing too.
It's designed to get people to click through without really understanding what they're agreeing too.
There is some more (light grey) text that says you can "...choose what to sync in settings", but personalisation isn't a type of data being synced - it's a separate feature that uses the synced data.
There's no indication you can enable sync without enabling personalisation.
There's no indication you can enable sync without enabling personalisation.
Regardless, I'll click the "Settings" button to see if I can disable personalisation.
Just to check the above, I'll first try "Manage what you sync". Sure enough, no mention of personalisation.
Just to check the above, I'll first try "Manage what you sync". Sure enough, no mention of personalisation.
Presumably, if I disabled "History" sync it'd effectively disable personalisation, since it's indicated elsewhere that it's your browsing history that's used for personalisation. However, I want to sync history - I just don't want it used for personalisation.
The next option - "Control how your browsing history is used to personalise Search, ads and more" - looks more promising. Note that it's not part of Chrome settings - it's an external link to a Google site.
The "Web & App Activity" switch apparently controls all "activity" data collection and personalisation across Google services.
A checkbox extends this to your synced Chrome history (and any other third party site/app that uses Google services).
Both are enabled by default.
A checkbox extends this to your synced Chrome history (and any other third party site/app that uses Google services).
Both are enabled by default.
Disabling the "Include Chrome history..." checkbox is presumably what I'm after. Once I've done that, I should be able to enable sync without having Google mine my browsing history to "personalise" my experience.
I wonder how many people find this option?
I wonder how many people find this option?
But wait, we're not done. De-selecting this checkbox opens another modal with a wall of confusing text.
Apparently, this only "pauses" collecting "activity" from your Chrome sync data (and elsewhere) - it won't remove any that's already been collected.
Apparently, this only "pauses" collecting "activity" from your Chrome sync data (and elsewhere) - it won't remove any that's already been collected.
It's rather unclear, but it's implied that any existing "activity" on your account will still be used for personalisation.
So unless this is the first time you're enabling sync, you'll need to go and purge all that "activity" data from your account as well.
So unless this is the first time you're enabling sync, you'll need to go and purge all that "activity" data from your account as well.
Anyway, back to Chrome settings to finally finish enabling sync.
Wait, there's another another entry in the "Sync" section - "Encryption Options". Lets check that, just in case.
Wait, there's another another entry in the "Sync" section - "Encryption Options". Lets check that, just in case.
The description says "... Google Chrome will encrypt your data", but if you expand it you find it'll only encrypt your synced passwords by default. The rest of your data is unencrypted unless you change this hidden setting.
Even after all the hassle of disabling personalisation, Chrome sync is still sending Google all my browsing history (and all other synced data other than passwords) in pain text.
This is not normal. Other browsers - e.g. @firefox - always encrypt synced data end-to-end.
This is not normal. Other browsers - e.g. @firefox - always encrypt synced data end-to-end.
OK, so enabling encrypting synced data seems like a good idea. In fact, just doing that would probably have been a faster way to disable personalisation, right?
Well, not so fast. End-to-end encryption prevents Google reading your sync data on their servers, but there's nothing stopping them accessing that data in other ways.
After all, the two "ends" are both Chrome, which they control.
After all, the two "ends" are both Chrome, which they control.
They could analyse it in Chrome (#FLoC et al.), or send it to their servers in other ways.
In fact, we can see at least one way of doing this further down the same settings page, (once again) enabled by default!
"Sends URLs of pages that you visit to Google"
In fact, we can see at least one way of doing this further down the same settings page, (once again) enabled by default!
"Sends URLs of pages that you visit to Google"
To summarise, Google is absolutely using Chrome to collect a wide range of data on users, and exploiting it in other products (including search and ads).
The idea that browsers have to include data that sites can collect in Apple's privacy labels is a disingenuous distraction.
The idea that browsers have to include data that sites can collect in Apple's privacy labels is a disingenuous distraction.
The convenience of sync is used as a carrot to get users to share their data with Google.
Feature bundling, bad defaults, confusing terminology, misleading descriptions, and other dark patterns ensure most users have no idea what they're consenting to.
Feature bundling, bad defaults, confusing terminology, misleading descriptions, and other dark patterns ensure most users have no idea what they're consenting to.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
