Hacker News new | past | comments | ask | show | jobs | submit login
Google will use Chrome browsing data for ad tailoring (twitter.com)
319 points by dchest on July 17, 2016 | hide | past | web | favorite | 200 comments

I don't know, I'm starting to think that all this is either propaganda for ad sellers or a prank Google, Facebook et all are doing to me.

Google has my full search history, all my hangout chats, all my e-mails, and yet:

* On my Android, it keeps proposing ultra boring "stories to read" about soccer, wannabe celebrities and YouTube videos of stupid teenagers doing stupid things;

* With the sole exception of when the sponsored link is exactly the same as the first result, ad words in my search results have never ever been relevant or interesting in any way.

Facebook is supposed to know everything I like, yet it only shows me ads about stuff I dislike.

The same for Twitter and everything else.

They are supposed to know the inside of my heart and mind, but they have, till now, utterly failed to prove it.

So, do they know me and just pretend they don't for some strange reason, or do they actually know shit and just pretend they do so that they can sell to advertisers at a higher price?

Very true. Customer data is big business, yet year after year it fails to deliver.

Another classic is the repeated ads for the dish washer I just bought, for months at a time. There are glimpses of potential with targeted search results. It can be practical, for example when I search for open source software named after a common word. So the technology is there, but isn't remotely used to its potential.

My only guess is that there is only so many advertisements available in the pipeline at any given moment. It's the 90/10 rule all over again.

This is what happens to me - I need to make a purchase of some sort, and so I research for a couple days before purchasing. Then after purchasing, I see ads for said item for a while. Even on Amazon, where I bought the thing.

So close, yet so far...

Maybe nobody is interested in buying ads for the stuff you are interested in and conversely, the people making ads for the stuff you dislike have so much money that it's worth it to them to invest in trying to make you buy their stuff despite your dislike.

So in a sense, targeted ads are only worth it for the ad seller who can try to squeeze even higher prices from the ad buyer.

I keep getting Ads about cars (probably because I'm 30 years old male) despite the fact that I've never even learned how to drive or been interested in cars in general... I assume their target grouping just isn't fine grained enough.

On 2015-08-12, early in the morning, I Googled the name of a local automobile dealership to find their web site. That afternoon, I bought a new truck and drove it home.

Nearly a year later, I am still seeing ads for that dealership as well as competing dealerships in my area.

And as I remember, it worked much better in 2005 when Adwords used only page information, not visitor's.

Same. Although Youtube recommendations are very good at times.

I wouldn't have said "good". They are very relevant to what you watched recently. But watch one random shit once and your side bar is now defaced with thumbnails you can't throw away. I really wish I could opt out altogether from this one.

You can! Go to youtube, then History, and there should be an option in there to have it stop tracking your history. I'm sure they still track it, but at least they don't give me recommendations anymore. This was especially annoying for me when I would step outside of my normal youtube zone by clicking on some youtube video from reddit or some such, and for the next week I'd have all sorts of crazy weird and at times NSFW recommendations from it.

Yeah, this is why I open clickbait vids in a private window.

I got married only two year ago yet Gmail keeps showing me ads about meeting mature singles (I'm not even 30) near me. Maybe it's because of all the viagra spam I get?

This is also my experience.

And this is the second reason I use an ad-blocker everywhere. The first reason is that I can't stand being always tracked.

I always favored contextual ads. I turned off the ad networks once they started badgering me for things I was not looking for anymore, by disabling 3rd party internet cookies.

I have the same experience than you but my conclusion was that their AI was just poor.

Or they have all that data and yet are still unable to do proper ad targetting

Have you turned off customized advertisements?

After reading one of those occasional "Turn off Google's privacy invasion in three small steps" posts perhaps...

Poorly related ad choices happen to me as well, and I'm surely never bothered to change any related setting.

In my case Google know even more than that. With my use of Android they know where I work, where I do my shopping, what time I get up and go to bed, how much time I spend at the gym. In short, they could have a hugely detailed profile on me. Yet like you I find their ads not particularly targeted. (This is odd, but as a Google shareholder I'm glad there is a lot more room to improve)

With Facebook ads, the price of impressions reflects FB's perception of the relevance of the ad to the targeted audience. It could be that most advertisers are just really fishing for that one in a million conversion that leads to a car sale, or a Viagra dependency (if that's even a thing).

If I 'like' one of my gay cousin's posts on FB, I get the most interesting underwear ads for the next 3 days.

I suspect it boils down to what the ad customers are willing to buy and what they're willing to buy isn't very creative. They buy "people who liked a gay dude's posts" not "People who Facebook knows are super gay and into flashy underwear".

Remember how when Google and others launch ultra-vague privacy policies, people are quick to defend them and say "No, you don't understand - Google/Facebook/Microsoft would never do that worst case scenario you're thinking about right now. It's just phrased that way because lawyers wrote it!"

And 2-3 years later, that scenario turns out true, and they enable it silently, so not many people realize it. And they don't even have to change the privacy policy anymore, which would alert news sites, because they've already done that before.

The lawyers wrote the privacy policies that way because the companies intend to do other stuff with the data, or even that worst case scenario people think about, not just because "lawyers gonna lawyer". You don't think Google or Microsoft's general counsels know exactly what their CEOs/companies intends to do with that data 2-3 years down the road? Of course they do. They are usually part of all the long-term strategy planning.

So next time you see something like this, how about you stop giving these companies the "benefit of the doubt" (especially with their poor track record on this) and actually do assume the worst will happen, until they modify their privacy policies to specifically say what they're going to do or aren't going to do with your data.

And people still wonder why the EU could possibly want to investigate Google. Surely it's just American supremacy jealousy? I hope the EU brings everything it's got to Google, and brings the hammer down hard on them. The U.S. Justice Department seems to be completely unwilling to punish big corporations/elites anymore anyway (usually a big flashing sign for oligarchy).

What does this comment have to do with the parent?

Meanwhile, Firefox Sync encrypts your data with a password-derived key so that Mozilla can't even see your browsing history.

Consider your choices.

With Firefox, you can also self-host the sync server on your machines, which is totally awesome.


> Firefox Sync encrypts your data with a password-derived key so that Mozilla can't even see your browsing history.

Not quite true: the JavaScript (!) that derives the key is served from mozilla.org; at any time they could choose or be compelled to alter it so that all users' passwords, or a single targeted user's password, is sent to Mozilla or anywhere else.

The new Sync protocol is an abomination; the old one was actually secure; the new one is snake oil.

You can still use the old, self-hosted one but it's inconvenient to set up with the latest builds of Firefox. I just install version 28, sync it and then let Firefox update to the latest version. Hopefully they don't kill (the semi-hidden) legacy support for the old protocol.

I didn't realize how much data Google had on me until my search terms I used on my laptop was almost immediately available on my smartphone. I felt shocked and kind of stalked as well.

The data especially on Android can easily be hacked if someone has the expertise. This made me think how easy it would be for stranger to learn everything about me through my data.

I like that very much.

Whenever i'm doing something with my normal chrome -> I'm part of the system and look / am normal.

Whenever i wanna do something little bit different, i use incognito mode and a different browser.

Same here. It's basically splitting up internet usage between a 'sync browser' and an 'incognito browser'.

I search my porn in incognito mode too

IIRC chrome sync data is separate from google data and you can encrypt it by adding a password which Google claims makes it so they don't read your data


>how easy it would be for stranger to learn everything about me through my data.

Isn't that pretty much what's happening with your data at google?

Yup. And all it takes is for one mistake/button for my data to be shared with other people.

Expect it more in the future. Continuum and Continuity are just those very small attempts at bringing more data portability across technologies.

To be fair, Chrome has exactly that feature to, and let's the user choose what they want.

But Google has created a perverse incentive here. They give me a ton of choices, so many and so vaguely explained that I couldn't possibly understand what they really mean and I get suspicous of everything they offer me.

So what I do is disable everything without even thinking. Later when something isn't working as expected and it turns out it's because of one of those privacy settings, I start to think about whether or not I really need it.

So effectively, they give me an incentive to summarily reverse their opt-out strategy into an opt-in one. I suppose that's fine with them because most people won't do even that.

However, they should be aware of the fact that this is the second easiest thing to do after leaving everything enabled.

Over time, they may be creating a popular culture of "disable everything" just like they created a culture of ad-blocking (where "they" is the whole advertising industry in this case, not so much Google itself)

Google also has an obnoxious "if we can't keep it, you can't either" approach to user data. For example, I have location history turned off for obvious reasons and tried using the Google Maps app. I wound up having to re-enter my destination several times due to accidentally doing something that cancelled the navigation and caused it to instantly forget the destination. As another example, Google's new Allo messaging app supports end-to-end encryption but it's not on by default and activating it blocks local logging - if they can't get a copy of your chat history and use it to work out stuff about you, they won't let you have one either.

If they did support keeping the history but only using it for you, it would be even harder for them to credibly prove that they are not keeping the history for advertisement purposes ("I have disabled you keeping any location history and still you list the places I have been to? How dare you??").

I can understand your point about allo more, though of course storing the local history unencrypted also means that it's going to be accessible to interested third parties in one way or another. If they don't keep it at all, it means that it won't be.

I have location history turned off, yet it still shows me previous destinations (thankfully, I like that one).

Is Chrome's sync not a blob?

I tried to find information about it online, but the official documentation [0] is less than helpful to say the least. I'm guessing when they say "stuff", that's a euphemism for blob, but fuck if I know, maybe they are just trying to be hip in their documentation. After all, it's also business time, in case you didn't know.

Currently downloading the Chromium source code, to see if that's more helpful, but I kind of doubt it...

[0]: https://www.chromium.org/developers/design-documents/sync

Alright, status report.

The official documentation talks about the folders /chrome/browser/sync/engine, /chrome/browser/sync/syncable and /chrome/browser/sync/protocol.

These folders are missing from the source tree, as you can see here: https://chromium.googlesource.com/chromium/src.git/+/master/...

However, I decided to give the benefit of the doubt and did a few file-searches, in case the files were moved at some point and the documentation was just not updated.

And it seems like that's actually the case. The folder /sync contains all three missing folders (engine, syncable, protocol) and more: https://chromium.googlesource.com/chromium/src.git/+/master/...

I think the official documentation is what's found in the help center; this page contains a lot more information about using a custom passphrase for your sync data: https://support.google.com/chrome/answer/1181035?hl=en (top result when searching for "chrome sync encrypted").

At least in the Debian builds of Chromium the sync component is included. So I guess it's open source?

Chrome does not have self-hosted server feature.

It does, but it's poorly documented and quite difficult to use. Use the flag --sync-url="" when launching Chrome, and I believe the server is run through chromiumsync.py.

Does that also work for the Android build? Sounds like an incentive to finally try out sync...

It looks like it's doable with a rooted device. See section "Setting Flags for Chrome on Android".


A successful experiment may be deserving of a blog post.

> Meanwhile, Firefox Sync encrypts your data with a password-derived key

Didn't they drop it like 9months ago and moved to Firefox Sync?

About 2 years ago they started moving from randomly generated keys to the e-mail+password approach. Do you mean that?


The new system is still end-to-end-encrypted, though...

I think that's what I meant. Why is the new system better than the old one? There was a lot of FUD on reddit around it and I stopped following the news. Thanks for update.

The line of thinking was that people are used to email+password (as oppose to what was before). I think that was the right move.

The system is still end-to-end encrypted, if you reset your password it will also reset the storage (by definition).

> reset the storage

Does that mean you lose your history when you change your password? Or just that you need to use the new password to access (old and new) data?

You lose the data that's stored on Mozilla's server, but since it's a synchronization service, you should have a complete local (unencrypted) copy which can then just be encrypted with the new key and re-uploaded to their server.

The new system, Firefox Sync, is the one that encrypts your history with a password-derived key, by means of HKDF. Mozilla cannot decrypt and read your data.

> Mozilla cannot decrypt and read your data.

Completely false: they can if they want to. All they have to do is serve a new login page to you which transmits your password as well as the derived key. They control the login page, they control the JavaScript which derives the key. They can do it at any time, invisibly.

This is different from trusting them to make a trustworthy browser, because you download the browser once, while you may download the login page and associated JavaScript every time you login. They could target you, or all of their users, just once, or for a limited amount of time; unless you inspect the HTML & JavaScript source every single time you use your Firefox account you cannot be certain that they aren't being evil.

Firefox Sync is unacceptable for password — or any other private data — storage. This is a pity, since the old protocol was very suitable.

> the old protocol was very suitable

It wasn't, because I've managed to lose my history with it. I very much prefer my history to be synchronized to a server I cannot lose.

If your objection is not about cloud storage, then your objection isn't about the protocol, but its implementation (e.g. usage of HTML/Javascript): https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc...

> you download the browser once

That's not true. Modern browsers are set to upgrade automatically in the background, without notifying the user.

If you're paranoid, you can self-host your own Sync server, but then if you don't trust the vendor of your browser, then you've got bigger problems and I hope you're compiling your own binaries.

> Modern browsers are set to upgrade automatically in the background, without notifying the user.

My browser isn't; I use the Debian Firefox package and update it on my schedule.

> If you're paranoid, you can self-host your own Sync server

Only if you host it locally; if you host it at a VPS/dedicated-system provider then you're trusting that provider never to break into your system.

It's bad social hygiene to develop systems which are breakable.

You can also use your own auth server if you want... Just host it on your machines and change the URL in about:config.

> You can also use your own auth server if you want

The problem with that is that if the auth server is on a machine you don't have complete control over (e.g. one hosted by a dedicated-system or VPS provider) then you are trusting that provider to never break into your machine; you are also trusting that machine never to be broken into via some remote exploit.

That's far too much trust for a system hosting sensitive data like passwords. The only secure thing is to deploy a system with as little trust as possible.

Then host the auth server locally on your device.

The great thing about the self-hosted sync server is, the storage and auth components are separated, and the storage one just stores encrypted blobs.

If you want you can trust Mozilla with the authentication part while storing everything where you prefer, but if you're worried about a javascript change set up an auth server locally, create an account in it and copy it on every device you own: since it stores only account details which doesn't change, you don't have to worry about replication.

Firefox is significantly less secure though. Chrome has its sandbox and a highly effective XSS auditor. Firefox has neither.

I do not appreciate this change, however, and I hope that they reconsider it.

On the other hand, firefox is really sluggish.

    > firefox is really sluggish
Statements like this are very hard to quantify in a meaningful way. Especially on Windows, over a time interval I can notice a definite performance degradation of programs. Often times, completely deleting all program data and reinstalling seems to fix the problem. On GNU + Linux and macOS systems, I've noticed that Firefox is usually snappier to render pages.

But I wouldn't go so far as to suggest that one browser is sluggish -- there are too many environmental variables to have a good discussion on this subject.

I'm on Ubuntu. The installation isn't really fresh any more, but on a fresh installation, Firefox was sluggish. I only have 4gb RAM, but that seems acceptable for chrome.

Could you ELI5 Chromium's license to me? Is the whole thing open source, or just part? Can I build the whole thing myself, or does it rely on Google's magical binaries?

EDIT: also, smooth scrolling. If there's something that ruins my day is going on a browser with smooth scrolling. First world problems.

EDIT2: also, I'm struggling to remove add-ons. I know I have pocket installed because I see its icon on the top right, but it's showing up neither on Extensions nor on Plugins. Proof: http://i.imgur.com/ShUW5CK.png

EDIT3: manage to turn off smooth scrolling. Firefox is now skipping frames. Some times there's no difference (for example in google.com Firefox scrolls as well as Chrome.) Some times there's is a clear difference (for example, http://en.flossmanuals.net/chromium/ch008_installing-chromiu... Chrome is really smooth, while in Firefox there's noticeable jerking). Some times the experience is really REALLY bad (example, imgur)

Hmmm... can't say I've seen that before. I agree that 4gb of RAM should be more than enough for Firefox. Chromium has a history of fetching and installing binary blobs w/o asking for user permission.

I'm curious about the frame skipping is caused by -- I've never seen that problem. I'm wondering if maybe it's video card related? Might be worth asking someone involved in the project about to see if it's a known issue.

[citation needed]

You can cite me.

and me

The way the screenshot is cropped is misleading. The actual page makes it clear this feature is opt-in.

If you're logged into a Google account and haven't already made a choice on the page you can see it at http://www.google.com/settings/ads.

It's explicitly not "opt-in" since the default setting is turned to "on" (tested with multiple accounts) without any prompting. Opt-out is better than nothing, but it's a pretty suspect move to say "oops, you were accidentally opted in to something that would make us money without your permission."

I'd respect them a lot more if they came right out and said "let us sell your data or start paying for our services." That would at least be a fair choice, and I'd be happy(ish) to pay google 10 bucks a month if they promised not to sell my information on the side.

> "let us sell your data or start paying for our services."

Same page:

> What’s still the same?

> Google does not sell your personal information to anyone.

The wording may matter so here are real questions that I can't seem to get definitive answers for because everyone seems to have strong opinions either way but no reference ever:

- Does "aggregated data from multiple users" or "anonymized data form a single user" still counts as personal from Google's PoV?

- Is Google effectively selling data in any way or is it only using data to back a service up? (e.g ads are getting served based on profile but the profile itself never leaves Google)

I'd be thankful if anyone points me to unambiguous text (ToS or other) pertaining to each question, whatever the answer is.

It's in the ToS, and it's their entire business model, that they do things you might like that makes them money, so you don't have to pay with money, you pay with data derived from the usage of their services.

I think it's not just your data. It's not completely theirs either. Your search history is very important from a privacy standpoint, but it's still just data about how a particular user account, session, IP address or browser GUID used their services. It's not data you have explicitly uploaded (let's say like you do with YouTube or Photos).

The whole problem is the infrastructure they have in place. It's not transparent, and thus we don't know who gets to drink from their firehose of [meta]data.

It's a very good and hard ethical question (problem) to judge this trade-off. (Short term gain for our civilization, since we get awesome services for free - as in the population just uses it and generates the data, so it's endogenous growth, - but in the long term we increase the risk of having to face an efficient totalitarian surveillance system.

> and I'd be happy(ish) to pay google 10 bucks a month if they promised not to sell my information on the side.

They don't have to do that because Google doesn't sell any data

Google does offer something like this - Google for Work is $10 a month .

https://goo.gl/XNykgg (Disclaimer: Referral)

But basically, Google for Work is like normal Google services (Gmail, Google Drive, Hangouts, etc), except without advertisements and more restrictions on what they do with your data:

https://support.google.com/work/answer/6056650?hl=en (Privacy policy for Google for Work)

There are of course other benefits and extra controls/features as well, but it at least covers your main point.

I'm not convinced it's opt-in. I just visited that page, and everything was switched on. I can't profess to having a perfect memory, but I can say that opting in would have been pretty out of character thing for me to do.

> I'm not convinced it's opt-in. I just visited that page, and everything was switched on. I can't profess to having a perfect memory, but I can say that opting in would have been pretty out of character thing for me to do.

I in fact explicitly remember clicking no to a prompt similar to this one, so I'm very puzzled how I got auto-opted in anyways..

I just got this prompt yesterday and explicitly opted out. It has it opted in currently in the Activity Controls of my account. Clearly this opt out screen does not work.

Activity Controls is whether or not Google logs Web/App activity. The Ads opt-out controls interest-based ads as a whole, including from Web & App Activity if enabled.

"Auto-opted in." I can't wait for dodgy software bundlers to start using this doublespeak terminology.

Ad personalization is on by default. The checkbox that says:

> Also use Google Account activity and information to personalize ads on these websites and apps and store that data in your Google Account

Should be off if you didn't opt-in though. I just tested it with a new Google account and it was off after I opted out.

"Not opting in" is very different than "opting out".

"Not opting in" implies you are are opted out by default. Thus everyone's negative reaction.

I don't recall ever enabling this but this is enabled already for me.

(note that not recalling doesn't mean I never enabled it, however it would have had to have been fairly inconspicuously for me to "opt-in")

what about 'don't be evil'; have they silently changed the corporate motto, or is it now an 'opt-in' clause ? ( opt-in for the customers 'request that no evil be done to you', the customers are otherwise known as 'the product' https://www.schneier.com/blog/archives/2013/11/surveillance_... )

"Don't be evil if someone explicitly asks you to not be evil."

"Pretend you're not doing evil, but do it anyway".

Google replaced "Don't be evil" with "Do the right thing": https://www.engadget.com/2015/10/02/alphabet-do-the-right-th...

That's not correct. Alphabet has the mantra "Do the right thing", but Google never changed theirs.

It's actually the very first line of their code of conduct.


Do the right thing for customers, or for shareholders?

Like all profit-making businesses, they try to balance the interests of both in the short term to maximise shareholder value in the long run.

A few Hacker News users being opposed to this doesn't make Google evil. A lot of people don't care, and I've met some who think it's a good idea.

Even alot of people not caring doesn't inherently make it the right thing.

True, but nor is the opposite true - that a lot of people caring somehow makes it the wrong thing.

I can choose where to draw the line. I care more about privacy than most of my friends, so I use a browser that helps that while they use Chrome because that's their choice. Google isn't preventing that from happening, so what they're doing isn't unethical, evil or wrong.

so in the beginning Google has declared to have valued such things as customer privacy (the "don't be evil" motto seems to indicate that), my guess is that this was a deliberate strategy in order to gain trust and influence.

Nowadays all that seem to be less of a priority for Google; now what happens with the shareholder value when a large proportion of the customers again start to value their privacy over convenience ?

If that happens, then they will either change or go out of business. But so far, it doesn't seem to be happening (though I wish it would).

do you know the meaning of opt-in? because it is clearly opt-out.

When I look at this ad settings page, it has a list of topics Google thinks I'm interested in. I've heard of half of them and am interested in none. I would be worried about Google collecting my data only if they were competent enough to misuse it.

Never mind if they are competent enough to misuse it today; giving Google data assumes they won't *become8 competent enough to misuse it in the future.

Collection isn't what you should be worried about. The problem is that the collected data is persistent and combined with other data in the future. Just timestamps from the browser can paint a surprisingly fine-grain picture of your pattern-of-life. I'm sure far more interesting interpretations can be found with the many machine learning techniques and other analysis methods that are currently being invented.

You can't go to Google and say "I want to buy a dataset (anonymous or otherwise) of males aged between 18 to 34 who likes cars and drink beer".

You can go to Google and say "here's an ad I want you to show to a group of people, none of whom will ever be identifiable to me in any way, who are male aged between 18 to 34 who like cars and drink beer."

That's what I don't understand about all this outrage - nobody, not Facebook or Google or Amazon or Apple, is selling your personal information to anyone for any reason, all they're doing is providing a platform that lets advertisers specify broad categories of people to show ads to. What's the problem with that? Ads will be slightly more relevant to my interests? So what?

To be clear, I completely understand why people don't want Google collecting their data in the first place, and that's a perfectly legitimate concern, I'm saying that once the data is collected, what difference does it make if that data is used to refine which adverts you see?

For me the reason is that things change. They find new and innovative ways to use that data. Ways that I may not agree with. Ways that I may not be asked about.

But what doesn't change is they have the data. So my preference is they don't have it in the first place. Then I don't have to be concerned about the changes.

I guess the issue is that many people did not know Google was already collecting their history.

Also, in my opinion there is a difference between collecting data and exploiting said data. You can store items at your friend's place, but you might not want your friend to look into the stuff you stored (for instance, your high school diary).

So you might be fine with Google storing your history (it's better for you when you want to retrieve the website you visited last week), but you might have concerns with this data being actually used by Google.

Even if the data is anonymized, isn't there a risk of a data leak, someone inferring your identity based on your browsing preferences? Like imagine someone who lives in a small town who's really into model railroads, and nobody else around is. Whoever from xyz location has done lots of browsing about model railroads, is likely that person and now we can see what else he/she's been browsing.

The data's being collected regardless of whether they use it to target ads at you, the risk profile doesn't change at all.

It seems that there's a split between people who are complaining because the ads are "relevant" to only one aspect of their history, and do not change often enough, and people complaining that the ads are not at all relevant to their history. I can get how the first category would be frustrating - it's a primary motivator for my own not using hulu video for a while. I got very sick of seeing the same 3 commercials over and over again. I use adblock, save for certain websites, but when I have it off, as long as the ad makes no sound, I tend to mentally filter it out, but if I was unable to do that, I would probably be frustrated by constant repetition, as well. The second category confuses me, though. These are ads. If they're not relevant to you, they are easily ignored. Sure, it's strange that they suck at targeting you, and maybe that just means you're hard to target, but why is it so bothersome to just look away?

I do have my own concerns about bulk data collection. I've mentioned in other posts that I used to do everything I could to avoid being tracked online, but have since changed course to allowing google to track as much as they want. My reasoning is that if I am at risk of being deanonymized in a way that would make me uncomfortable, it's the service that gets the most information from me that is going to notice first. If that is a service that is responsible in its reporting (e.g. I can look at what is tracked about me and make my own conclusions), I'm better able to protect myself from harm. I am, of course, concerned with giving even a responsible corporation all of that information for the bare reason that even responsible corporations hire people who are not quite so responsible. But I would rather have knowledge of what can be known from my history, than fight off everyone who attempts to track me online. At least, as long as there is a strong incentive to track people who do not want to be tracked.

because it is very annoying to see everywhere on your computer ads for pillows for a month only because you've searched for pillows on google shopping. and i'm not talking only about browser, but every app that has ads, like skype.

I was going crazy. never search on google shopping again on chrome.

This isn't meant to be snarky, but what ads do you want to see? If you don't care for ads in the first place, does it even matter what is advertised? NSFW and personal material withstanding of course.

Edit: To better explain, I also don't care for ads. Thus, I don't care if all my ads are from products that launched 5 years ago. Or for a new Hotmail account. Or a new PalmPilot. I would eventually notice, but I'd just shrug and continue browsing.

So don't opt in to targeted ads. Google, Facebook, etc all provide ways for you to opt out completely.

Also, from what I can tell, the parent post is about a Google program that's opt-in rather than opt-out so it's not even on by default anyway, I can't see what's so bad about it.

There's Chromium Inox[0] which is just a patchset on top of the Chromium build to remove much of the mothership home-calling. Inox seems to be much closer to Chromium than many of the other Chrome-privacy spinoffs. Contrary to popular belief, Chromium still has a lot of Google in it.

I always feel like artificially patching a project that doesn't care about your concerns natively to be plugging holes in a sponge boat, but I realize sometimes you need to use that boat because reasons.

I installed it from the AUR and it seems to work pretty well for the testing I do in it anyway. I don't daily driver it or Chrome.

[0] https://github.com/gcarq/inox-patchset

"a project that doesn't care about your concerns..."

Unless the concerns are always "more features"... forever. Any new features will do, so long as the project keeps growing. The more changes and updates the better.

I could put Microsoft Windows in this category along with hundreds of other projects. Chrome is deceptive because it has some useful features... but ultimately this browser is the tool of advertisers. Because they are the only hand that feeds the Google.

These folks are not aligned with my concerns. They cannot be. It is a conflict if interest. Will Chrome use my DNS server instead of Google's? Why should it? It's not my browser to control.

At one point the Googlers put a resolver into Chromium. I think they removed it but just the idea they considered this was enough to scare me away permanently.

I enjoyed the spongeboat analogy. One can use a patched alternative. One can write extension after extension to modify default behaviour. At some point it becomes a losing battle and a waste of time. The browser is designed and maintained by an advertising company.

Avoiding mothership home-calling is a wonderful way to navigate a world with too many software choices. It makes choosing software much easier. Because not many projects today consider home-calling a legitimate concern.

When you do find a project that fits your values, that you know will not change to suit advertisers, it can be a software you can stick with as things and times change. At least this has been my experience.

inox is good stuff! You need to install plugins from source though.

If you have the time, try Firefox Developer Edition[1]. It's one of the first edition of Firefox to have the per-tab sand-boxing enabled (called Electrolysis).

Some plugins can interfere with Electrolysis. To check if it's enabled go to about:support and look at the "Multiprocess Windows" entry, it should be 1/1 or higher.


Be warned, e10s is still very green and it's easy to run into bugs. If all your tabs turn black for no apparent reason disable it.

e10s rollout will begin with the next release next month.


I saw this screen this week. I recently reinstalled Windows and Chrome, that might have been when. It was asking me to opt in, not opt out, before sharing this data.

Why is it that most developers use Chrome when we have Firefox? If the devtools are better, use Chrome for that and use Firefox for browsing.

I don't know, but it's pretty annoying that more and more often I encounter sites that run well in Chrome but poorly in FF. We should know better than this; we've been here before with IE.

Chrome feels faster, and speed matters.

While I am able to switch to another browser (I already did a long time ago), I don't believe I can avoid visiting sites "that show ads from Google". How much can Google collect from those sites?

There's also Privacy Badger by EFF: https://www.eff.org/privacybadger

Firefox has a “tracking protection” setting which blocks these types of third party trackers.

Which is default-enabled in Private Browsing, and you can enable it for normal browsing as well by setting "privacy.trackingprotection.enabled" in about:config to true. A GUI-toggle for this should make it into Stable in the next few releases...

> While I am able to switch to another browser (I already did a long time ago), I don't believe I can avoid visiting sites "that show ads from Google".

You can block those ads, and the scripts that serve them and collect data.

The simple setting, most seem to be overlooking, is don't allow third party cookies. Voila.

Am I correct in assuming that chrome is now a keylogger in regards to your url bar, and perhaps clipboard?

Chrome sends things you type in the URL bar to Google to do prediction:


From that page it sounds like it is on by default.

Ive always assumed that each urn visited in chrome is reported back to google. The data is crazy valuable in a lot of ways.

What good browser is free of this horror?

Firefox prompts you before even turning on search prediction, and it asks you about telemetry at first startup.

For people like me Firefox offer the best of both worlds:

* No google keylogger in the main url bar (but local autocomplete based on previous history, bookmarks etc)

* access to autocomplete in search field next to url bar (I think removing this was one of the simplifications in the original Chrome.)

Ctrl-L: go to url bar

Ctrl-K: go to search field



qutebrowser¹ is fantastic. I just wish it had more ways to block trackers on webpages (other than just completely disabling JavaScript—even being able to whitelist JavaScript on certain hostnames would be a huge start).


¹ — https://qutebrowser.org/


Is it though?

It is, if you don't sign the browser into Google, disable all telemetry and prediction options, and use a non-Google search engine.

Technically anything that displays real-time search suggestions as you type is a keylogger, Firefox's included.

Welcome to the world of context-sensitive search.

Not that it's new, but it appears that the context has now been expanded to include the entire browsing history, just not the session.

[One should really consider using Firefox, and DuckDuckGo for search.]


The benefits could outweigh the cost (of increasing the likelihood of someone subverting Google into a brutally efficient totalitarian surveillance system).

Wait they were not doing it already

Dear 2016,

You haven't figured it out yet, but we consider advertising unethical.

Yours, 2066

Grandpa, I heard you were an activist back in the before-time, what did you do when they were burning the earth?

Oh, I was mostly worried about how an advertising company was using my interests to decide whether to show me an ad for batteries or hair cream.

"And grandpa, what was great uncle vu4374fv18's fight?"

"He snarkily shitposted to the internet whenever someone cared about an issue that wasn't the most pressing societal issue at the time. Even if their profession brought them into closer proximity to one than the other."

Do you have any other ideas of how browsers are going to make money? Without charging their customers?

Nope - we thought that wasn't quite needed since they were being set up as a public service, not a monetization platform.

We need a project like the Linux kernel, except for a good browser.

I don't consider this a good rebuttal - Firefox has done stuff like pocket (not monetary but invasive) and search engine deals (monetary). Though it is pretty close.

Don't we have a couple of "Linux" like browsers already? Like Konqueror? Or are those not good enough?

Nope - they aren't good enough. It's not easy to install. What I would love in a browser:

* An organization set up to oversee it that does not need to care about money (pipe dream part here).

* Easy to install.

* Standards compliant.

* Open source.

All in all, Firefox is the closest (imo). What rubs me wrong about chrome is that originally it was to be monetized - at least I don't remember such.

I can't imagine this will be true. What's wrong with advertising? It's how I know about things!

The depths to which advertisers go to with tracking feels rather unethical at times, however.

I am at a loss for alternatives, but I am skeptical about advertising. Not in a completely general sense, but what bothers me is that much of it is manipulative. It uses images, sounds and movies in certain progressions to influence me, sometimes in a covert or unconscious way. Now, certainly a lot of other communication efforts are aimed at persuasion, but then, you often have to consciously go and find them. It is easier to filter (I can choose not to visit the opinion pages of website or its comments section). Advertising on the other hand crawls into your life from all directions (billboards, video ads that suddenly start playing, popups, street vendors) and is sometimes impossible to avoid. Often it's slick but shallow. It's like, you enjoy eating good food but instead, everywhere you go, you are being force-fed hamburgers. I do not want an information diet that fills up my working memory, costs me energy, manipulates my emotions and yet leaves me unfulfilled.

> What's wrong with advertising?

It is psychological warfare, conducted by corporations instead of States. But the objective is the same; trick you into changing your behavior to benefit them.

I don't know ... thinking selfishly, I'm employed and paid by a a corporation that uses advertises to increase revenues from their products/services. As are almost everyone else here. Even the "altruistic" non-profits and whatever are largely funded by the very same corporations. Will there ever be a time when economic activity is largely carried out by people and organizations that do not seek profit? If advertising increases said economic activity, isn't it a good?

If corruption increases said economic activity, is it a good? If destruction of the environment increases certain economic activity, is it a good? I'm not saying these things are similar to advertising, but the reasoning is flawed. That in the current setup of our economic system something makes economic sense, does not necessarily make it a good thing.

It's psychlogical manipulation.

It uses your fears, your neuroses, your addictions and your need to remain involved and up to date against yourself as a way to extract your hard-earned resources and time.

It will most likely go the opposite direction.

Does this apply to Chromium? Because if not, I'm definitely switching.

Why not move to Firefox? They actually want what's best for us. Check out the Developer Edition.

Because it is slow. For me, just scrolling on the fb news feed is slightly janky, with missed frames all the time. Just can't stand it.

Check out Vivaldi. It uses Chromes blink engine and packs lots of nice features. My subjective impression is that it's also faster and consumes less memory.

Chromium is mostly unencumbered by Google bloatware, honestly it's the version most people should be using.

"Features that communicate with Google made available through the compilation of code in Chromium are subject to the Google Privacy Policy."

from https://www.chromium.org/Home/chromium-privacy

Any idea what specifically they are referring to?

There is at least some "communication with Google" that could be considered innocuous. For example - accessing their Safe Browsing API (also used by Safari and Firefox).

Probably signing in with your Google Account on Chromium.

One reason I have to use Chrome (over Chromium) is so I can use Netflix due to DRM plugin required: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+...

Otherwise I agree, Chromium is faster and has less suprises

I use Netflix in Chromium via chromium-widevine (in the AUR if you use Arch.)

What are the practical differences? (Most of my searches come up with 2014ish stuff..)

You can also opt out (or maybe even just not opt in), or don't sign in to Chrome.

I hadn't seen your post before I posted, but there's Chromium Inox which tries to remove the Google from Chromium you might want to check out.

Also Iridium browser.

You can tell Google not to save your chrome browsing info at myactivity.google.com in the Activity Controls tab.

I recommend Opera. Same rendering engine as Chrome, but faster and with built-in ad blocking.

And is in the process of being sold to a chinese consortium. So probably not a better option for long :/


Say it ain't so Opera...

So you rather give your data to Chinese gov than to Google

The Chinese gov is far less likely to care about a US citizen than a US company/govenment

Wasn't Opera sold to a unknown company?

Oh the company is very known... for its crapware.

If you like Opera, go with Vivaldi. ;)

I don't think this is just Chrome. They will likely also track you through other browsers as long as you are signed into your account. Many sites have your browser reach out to Google through things like adsense advertisements and google-analytics.

I thought Chrome allocated a unique identifier to each browser install anyway meaning that changing this setting still allows them to track you regardless.

Edit: Turns out that the Unique Id is an install-only thing and is gone after the first update [1] (look at "Identifiers in Chrome" section) but it appears they can conduct "Field Trials" without your knowledge (certainly appears to be without your knowledge from what I can see)

Edit 2: removed pointless text

[1] - https://www.google.com/chrome/browser/privacy/

Whenever I see these things I wonder, are there any plugins or any automated tools that would help fuzz search results.

So for example, send search requests to google randomly for items like "ducks", "fishing ponds", "banana leaves" etc, totally unrelated nonsense that will skew these tracking giants provided enough people install and run these tools.

I know of http://ruinmysearchhistory.com/.

That however searches more for things like "how to appear funny", "why are my thumbs uneven", "am i lack toast and tolerant" or also "your youre difference".

Friendly warning to others: Do not blindly click on the link above without first reading what it does. Relevant thread: https://news.ycombinator.com/item?id=11880008 TL;DR It may put some undesirable things in your search history and/or temporarily block you from Google.

Lordy, thanks for the warning. That's incredibly irresponsible of them.

OTOH when I got the opt in page I took the opportunity to opt out of everything.

I think a Chrome sync passphrase will protect you against that. Because (theoretically and I hope also practically) only you know your passphrase Google will not be able to analyze your history etc.

Time for another opensource browser but this time which does not drink all the ram. Probably with the same dev tools.

Ad ? What's that ? Oh that thing before "block".

I head about that.. it's a TV stuff no ?

Brave and Vivaldi. They do not get that Google crap :D

I can't actually find this screen anywhere.

An opt-in message is being displayed to some Gmail users. Not sure if this is related, but if you try and open a new google account there is a small section on sharing of information between services, though it doesn't specifically mention chrome.

Incognito mode?

Google is straying from its Don't Be Evil path...

That ship sailed the moment they had to actually state it as a goal.

Vivaldi is an excellent replacement

Not real big on closed source browsers. Firefox would be my suggestion.

Vivaldi feels like the old Opera 12, so great. But it's partly closed software, especially the nice HTML5 based UI. I am waiting until they release everything under open source license.

I would say they have the right to protect their UI creation. Vivaldi UI was created by Vivaldi guys.

Open Source is just an excuse to be able to fork others work and damage the source project with this.

Where's the man bites dog?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact