Skip to main content

Google Chrome sketchy policy change may expose your personal information

(Image credit: Jeramey Lende/Shutterstock)

The market-dominating browser, Google Chrome, is a favorite for many surfing the web, but privacy-concerned users may want to reconsider a new internet crawler as their personal information may be at risk, according to a report from The Register.

Google removed a statement reassuring users that a Chrome tracker -- used to internally to track experimental features and variations -- does not contain users' personal information.

Google's "oops, nevermind" security saga began when Arnaud Granal, a developer who works on a Chromium-based browser called Kiwi, revealed that the X-client-data header -- which Chrome sends to Google when a website is requested -- represents a one-of-a-kind identifier that could be used to track web users. 

In response, the tech giant told The Register that this was not true.

“The information included in this header reflects the variations, or new feature trials, in which an installation of Chrome is currently enrolled," Google said. "It is not used to identify or track individual users.”

Google backed up its claim in last month's Google Chrome Privacy Whitepaper by adding the following statement: "This Chrome-Variations header (X-client-data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation."

With the latest version of the paper, though, which was published on March 5, Google's pledge that the X-client-data does not contain personally identifiable information was removed, which raised eyebrows.

Security researcher Sean Wright told Forbes that it would behoove Google to be "open and transparent" about the header containing user-related data. "When they are not, it only helps to fuel speculation as to how this header is being used," he said.

If Granal's revelation is true, Google could land in hot water with the EU's General Data Protection Regulation.

With Chrome leaving its users in the dark in regards to the level of privacy (or lack thereof) with their tracker, concerned users may need to consider making a switch to Firefox, which is taking big steps to conceal their users' sensitive data.

Last month, we reported Mozilla's move to implement DNS over HTTPS (DoH) by default for the Firefox browser. DoH protects users' browsing history by using an encrypted HTTPS connection instead of a plain text one.

With Chrome slipping in the privacy arena, Firefox has been looking a lot more appealing these days.