
Chrome Is Scanning Files on Your Computer - uptown
https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool
======
christefano
Sadly, the article doesn’t say what’s being uploaded to Google.

Just the file metadata of my documents folder? Just the metadata of the files
that Chrome thinks might be malware?

In this climate, I’m shocked Google thinks they’re above needing to fully
inform their users that their web browser is inspecting user files that have
nothing to do with that browser.

------
danielovichdk
I don't want any browser to do antivirus/malware scans.

I already believe browser vendors taking care of privacy is a huge dilemma.
This should be baked into the standards.

------
jshb
As far as I could tell as a non Chrome user, Chrome Cleanup Tool is a separate
download from Chrome. Chrome may prompt to install it under some
circumstances. However, what's described in the article does not appear to be
a functionality that exists in normal Chrome installation.

~~~
slezyr
Process "chrome.exe" opens files. I don't think that it's a separate program.

------
cat199

        "But there’s no reason to freak out about it."
    

Thank you vice for telling me how to think.

------
fancyfacebook
The last thing I want on my computer is anti virus. The last feature I want in
my web browser is anti virus.

What on earth?

~~~
Spivak
At some point as as community need to recognize that we're grossly out of
touch with how people outside our bubble use computers. Browsers are the #1
consumer attack target and have been plagued with all forms of malware since
before IE6 -- malicious plugins, extensions, DLL hacks, history harvesting,
apps that override settings to push adware.

It's not that surprising that browsers are trying to go on the defensive,
Firefox shipped extension signing and Google is trying an active scanner.

It sucks for our bubble but that's ignoring the huge number of people with
horribly infected browsers that are about to be cleaned of malware.

~~~
fancyfacebook
So because IE6 was a trainwreck and you could dump dlls over port 80 you think
Chrome needs anti virus?

I don't think this is a "bubble" problem, rather a "statistical arrogance"
problem. Google seems to have plenty of the latter nowadays, I wonder when
someone is going to stand up to all the data people making bad decisions.

------
bitwize
It comes from Google, so it most certainly _is_ something to worry about.

------
codedokode
Also, I think the article is misleading:

> it [antivirus] only has normal user privileges (meaning it can’t go too deep
> into the system),

On a single user system all personal files are accessible with "normal user
privileges".

> In other words, Chrome Cleanup Tool is less invasive than a regular “cloud”
> antivirus that scans your whole computer (including its more sensitive parts
> such as the kernel)

How kernel is "sensitive"? It is the same on every computer running same OS.

> Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that
> ... uploads some data to the antivirus company’s servers.

How do you know Chrome doesn't? Is this module open source? They write Google
got it from ESET so it is possible that Google themselves never saw the source
code and received it as a binary module.

------
codedokode
Do you believe that this is really an "antivirus"? Is it open source? Please
remember the case with Kaspersky software that moved files from NSA
contractor's PC to Russia. Now let's think what is the probability of Chrome
moving your files to NSA?

~~~
Spivak
Here's the thing I don't get. If you're running Chrome you're already trusting
them with basically everything -- they could record every page you visit,
every key you press, every ad you click on, every process running on your
computer, or secretly use your webcam or microphone. If you don't believe
their word carries any weight then this scanner is probably the least of your
worries.

If you believe that Google would ship you malware for nefarious purposes and
then sraight-faced lie about it then you probably shouldn't be using Chrome.

~~~
codedokode
I use Chromium, not Chrome, but it doesn't matter. Software vendors should not
be allowed to do this.

Imagine if you hired an electrician but he would secretly go across your house
and searched everything to get rid of bugs (at least that's what he said).
Would you like that?

If you advertise your app as a browser then it should not secretly scan files.

~~~
Spivak
> If you advertise your app as a browser then it should not secretly scan
> files.

Not trying to be snarky, why not? It's one of those statements that seemed
obvious until I thought about it. Who even gets to decide what features
something called 'X' is allowed to have?

Sure, I would personally prefer that they didn't but I honestly cant think of
a reason they should be forbidden from doing so. "Our users' browsers are
horribly infected due to malware/adware that's not being purged. So we're
including an AV to combat that" seems like enough of a justification.

~~~
nugi
Why not? Secretly exfiltrating my data is plenty.

------
digital_voodoo
Google.

"Quietly" trying to transform Windows (and soon other OSs?) into ChromeOS?
Accessing file system (apart from just downloading & uploading would be a huge
leap.

Might sound like a noob dream, but I wish there were a permission system like
Android (I'm not used to iOS).

------
hellbanner
Actual program they are referencing: [https://www.google.com/chrome/cleanup-
tool/](https://www.google.com/chrome/cleanup-tool/)

------
ocdtrekkie
Chrome is, actually, not scanning files on my computer. Because I don't run
Chrome on my computer.

This is very much a no-thanks piece of functionality. If I already have
malware scanning software, the last thing I want other apps doing is _also_
scanning my entire file system. I'm mostly on SSDs now which significantly
reduces the performance hit, but still.

I would also note this is a serious concern with the whole trend for auto-
updating "evergreen" software. Without you even knowing, your browser software
may decide to load up a different company's antivirus engine without even
giving you so much as a heads up about it. You have to be aware of what
companies you grant this type of access to, because once they have it, they
essentially have complete control of your computer.

~~~
commandlinefan
> Because I don't run Chrome on my computer.

That's what you think.

~~~
jocoda
Explain why you say this. What if chrome is not installed?

~~~
romanovcode
Slack? It's supposed to be Chromium but still..

~~~
jocoda
why mention slack? didn't see anything in either the article or the comment
about slack. Article says this is specific to chrome windows.

Google does way too much tracking as it is, but this is about a supposed AV
scan not link tracking, so I'd like to understand the comment.

~~~
ocdtrekkie
Slack's desktop apps use Electron (the GitHub Desktop and Discord apps do as
well, for further examples), which is built on Chromium.

