◐ Shell
clean mode source ↗

Welcome to the Botnet

<< Or, The Case Against Google Chrome

Google Chrome...

  1. Sends the name of the file you're downloading to Google for whitelist checking; stores your IP address associated with the file for a few weeks.[1]

  2. Every URL you even begin to type in the address bar is sent to Google, in whole or in fragments, for auto-completion purposes.[2][3]

  3. Connects to Google every 30 minutes to download a list of malicious URLs, so the fact that you even have Chrome open is transmitted to Google.[1]

  4. Asks you to login to your Google account, so your browsing tabs, history, etc. is stored on Google servers.[4]

  5. Connects to websites in the background before you are even finished typing them in, without your explicit instruction.[5]

  6. Contains an RLZ identifier, an encoded string sent together with all queries to Google.[6]

Summary: There is nothing, nothing, you can do in Chrome that isn't transmitted to Google through some channel.


Welcome to the botnet.

Recommended Alternatives

  • GNU IceCat
    A fully free, libre, open-source (FLOSS) fork of Firefox without its built-in DRM support and Firefox Hello. Comes with LibreJS, an add-on which blocks out any non-free javascript on webpages.
  • Pale Moon
    A fork of Firefox optimized for modern CPU architectures. Does not include Firefox's Australis GUI.
  • Qupzilla
    A WebKit based browser aimed towards GNU/Linux users. Sports a cleaned up GUI that integrates better with most desktop environments, a built in ad blocker, and a unified history/bookmarks/RSS reader window.
  • Midori
    A lightweight WebKit based browser. Features a built-in ad blocker and cookie manager.

If you're thinking of switching to Chromium (Google's open source version of Chrome) instead, think again.
It still phones home to Google,[9] and for some time, snuck in a binary blob for voice recognition whenever you started it up.[7] This has been removed by the project maintainers,[8] but it should raise some concern over what else could be lurking in the code.

However, if you absolutely must use a Chrom* based browser, Iridium would be the best choice, as it is a FLOSS fork of Chromium stripped of as many botnet features as possible.

[1] https://archive.today/H2tsP (http://blog.chromium.org/2012/01/all-about-safe-browsing.html)
[2] https://archive.today/5Hcbk (https://support.google.com/chrome/answer/95656)
[3] https://archive.today/AVQ7N (https://support.google.com/websearch/answer/106230)
[4] https://archive.today/ffoyi (https://support.google.com/chrome/answer/185277)
[5] https://archive.today/7OhFO (https://support.google.com/chrome/answer/1385029)
[6] https://archive.today/RFCHe (https://foliovision.com/2008/12/adwords-ppc-organic-rlz)
[7] https://archive.is/4VijY (http://www.theregister.co.uk/2015/06/17/debian_chromium_hubbub/)
[8] https://archive.is/2C86X (http://www.theregister.co.uk/2015/06/26/googles_not_listening_binary_blob_banished_from_chromium_build/)
[9] https://archive.is/hcpdY (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580)