Your browser has a big impact on your overall online privacy. Websites are constantly trying to collect information from you and they’re tracking you well after you leave their site. Websites also let other companies in the advertising, marketing, analytics, and social media space embed elements that track site visitor across the internet. In some cases, hackers and scammers might leave malicious code on websites to steal your information or consume your devices’ computing resources for their own gain.
The browser you use (including any installed extensions) can defend against these privacy intrusions. But not all browsers block trackers equally well by default, and even if there are helpful settings, most people don’t change defaults. You also have to be aware that sometimes browsers themselves collect data from its users for their own use, and potentially to share with other companies.
Below we look at Google Chrome from a privacy perspective, to see how well it protects its users.
Chrome— a Google Product
The most important privacy factor for Chrome is that it’s full name is Google Chrome. Google is incentivized to collect data to feed the advertising revenue that funds the company. It does this in two major ways:
- It collects data to help advertisers better target their audiences. Google helps companies advertise on Google search results and on most websites. If you see an ad on a site, there’s a good chance it was served by Google. The data it collects is used by advertisers to ensure people with the right income, in the right location, and with the right preferences are seeing that ad. Those are just a few examples of the targeting that’s available—the more data is collected, the more targeted they can be.
- It helps advertisers analyze their ads’ performance. This isn’t a Google-specific behavior – most ads leave some form of tracking code on a site to gather information about the ad itself. Companies want to know whether users saw the ad, clicked on it, or made a purchase after seeing or clicking on an ad. There are ways to measure this without compromising users’ privacy but some ads collect even more personal data, contributing to the overall loss of privacy people encounter online today.
This is why Google collects so much data on its users. It does so via its various products and services as the core of their business model. Our focus here is on the role Chrome plays in their overall data collection, and how much of it you can prevent.
Synced or Signed In?
Chrome collects and uses data differently depending on whether you’re signed in with your Google account and if you have the ‘sync’ feature turned on. When you’re signed in and ‘syncing’ it’s easier to share data and features across your devices and under a single account, but it also gives Chrome, and as you’ll see, Google, free reign to access more of your data.
Generally speaking, when considering privacy, you’re better off not signing into your browser though you may be giving up some convenient features. If you use Chrome on multiple devices, want to access bookmarks, saved passwords, and sync your other Google services (for example, you’ll automatically be signed into Gmail, YouTube, and other services), you may find the privacy tradeoff worthwhile. You can stop your Chrome data from being used this way, but Google notes that it will still be used to personalize your experience after it’s anonymized and aggregated with data from other users. As we cover Google’s different features and options, we’ll also describe what changes if a user is signed into their browser.
What Chrome collects
According to Google’s Chrome Privacy Notice, Google collects your browsing history, personal info, passwords, website permissions you’ve allowed, cookies, cached data, and a record of what’s been downloaded from websites. This is all stored on your system locally, not Google’s servers, unless you’re signed in and have sync on. If that’s the case, the data is stored on Google’s servers as part of your Google account. However, whether or not you’re signed in, that data doesn’t stay on your system long—by default, Google will send any website you visit your IP address, cookie data, and “standard log information,” which includes device-specific details.
We’ll go over how and what that data is used for later.
Chrome and location data
On desktop versions of Chrome, Google will ask for your permission before sharing your location with a site. However, on mobile devices, if you’re already sharing location data with the Chrome browser app, it will share that location with websites as well, without asking for your permission.
It doesn’t seem like your location data is kept locally on your system. According to Google, users’ location is estimated using Google Location Services, a service Chrome feeds the following data to:
- The Wi-Fi routers closest to you
- Cell IDs of the cell towers closest to you
- The strength of your Wi-Fi or cell signal
- The IP address that is currently assigned to your device
Google notes that your general location data is used to show personalized ads but that your location history is used, in an anonymous and aggregated way to help measure ads’ performance only if users opt-in.
However, Google notes that even if your location history is turned off, your Google Location Services settings aren’t changed and it’s unclear how Google uses the data collected via that service.
Incognito Mode doesn’t do much
Incognito Mode, which we covered in more detail here (LINK) doesn’t do much in terms of keeping your information private. Essentially, it stops your browsing history and cookies from staying on your computer or on your browser. The information is still collected during your browser sessions, but it’s deleted when the session is finished.
However, this doesn’t affect other party’s capability of collecting your data. Sites and trackers will still collect your information and your ISP still sees your browsing activity so there’s not much to gain from being in Incognito Mode.
Safe Browsing is on by default
By default, Chrome opts users into their Standard Protection suite of features.
These features are geared more towards security than privacy but are still worth mentioning. Standard protection includes the “Safe Browsing” feature, which checks the sites you visit against a list of sites that are known to be harmful. If you end up on one of those sites, you’ll be blocked from visiting it, unless you acknowledge the risks and confirm that you still want to visit it.
If you allow Google to collect your password data, you can opt into a feature that will check your passwords across a list of publicly leaked passwords to see whether or not they’re at risk. In this case, your data is encrypted before it’s processed so no one, including Google, can see the data.
“Enhanced Protection” available
Google also offers an “Enhanced Protection” option for Chrome users, detailed below. This too is effectively security protection, and not privacy protection – they’re not stopping anything simply because it enables tracking or lets Chrome and Google acquire your data.
The language above is relatively vague but according to the privacy white paper, the same real-time checking that stops users from visiting a malicious website will also be used to ensure a user isn’t exposed to dangerous top-level URLs, iframe URLs (embedded elements), and malicious files that are downloaded from a site.
Because Enhanced Protection requires Google to collect your browsing data, this feature isn’t turned on when you’re browsing in Incognito mode. Regardless of your settings, your browsing is conducted as if you were under Standard Protection because your browsing data isn’t collected.
Heavy adblocker on by default
Google recently rolled out its first ever ad-blocker targeting ‘heavy’ ads. This adblocker, on by default, will prevent ads from loading if they take up too much memory or CPU as it would likely affect the performance of the browser and the device. It would also, by design, block crypto miners, which can hide in ads to maliciously take advantage of a device’s resources to mine cryptocurrency. While this is a welcomed benefit, Google estimates that this will affect less than 1% of ads.
It’s better to ignore this “adblocker” as one because it blocks so few elements (mostly video ads) compared to traditional ad blockers which block a large number of advertisements based on several considerations, whether they’re collecting your data, are outright malicious, or disrupt the user experience.
Add-ons and Extensions available
The one way in which Chrome does ‘enable privacy’ is through their support for extensions, and a lot of Chrome extensions are built expressly to add privacy capabilities. These include a wide range of tracker blockers, ad blockers, or other extensions that can add the kind of basic privacy protections that most other browsers build in, as well as more advanced protections.
However, when installing extensions, make sure they’re trusted and reputable. Extensions, by definition, have access to your browsing data and may even be hidden malware so make sure you’re not recklessly installing any extension you find (you’ll see our recommendations later in this article).
Our Verdict: Chrome isn’t a Privacy Browser
Chrome wasn’t built for privacy. It doesn’t inherently offer any dedicated privacy protections (although it does have many security features which do protect your privacy as a byproduct). And this lack of privacy functionality is clearly out-of-step with other modern browsers – including Apple’s Safari and Microsoft’s Edge – that have dramatically stepped up their privacy protections. In addition to not having solid basic privacy protections, the browser adds to your personal data sharing by pumping data into Google for use alongside their already swelling profile of your behaviors.
So Chrome doesn’t actively protect your privacy, but it does actively undermine it. Given this, we recommend anyone using Chrome switch to another browser – preferably FireFox or Brave – if you can. To learn more about the browser options you have and how they help with privacy, check out our article here.
If switching is not possible, or it will take some time until you can switch, the addition of one or more strong privacy extensions is even more strongly suggested.
Extensions are needed to keep Chrome users private
If you’re going to keep using Chrome, we recommend installing a privacy extension like DuckDuckGo, Ghostery, Disconnect, or uBlock Origin for more advanced users. However, we should note that this set up isn’t as good for privacy compared to using a core privacy browser. However, depending on the extensions and settings, you can get pretty close.
These tracker blockers will stop ads, cookies, and other tracking elements from following you around while also giving you a faster browsing experience. To learn more about these tracker blockers, check out our overview here.
Chrome’s Time Is Over
Google first released Chrome over a decade ago, when our online world, our lives, and our demands were very different. It achieved spectacular success in the way Google did in other markets back then, with an innovative product that had feature and performance advantage unleashed on a world that wasn’t yet suspect of the companies hidden methods or motives.
Today, Chrome is not the fastest browser, it offers few if any significant features that set it apart, there are much stronger competitors than there were a decade ago, and we know how Google operates and why they do so. Chrome exists to get your data and share it with Google; this is why they’re the very last popular browser to implement a long list of now common privacy features.
Switching browsers has some inconvenience, although far less than most people imagine. It’s something you can do in an hour or so, importing your bookmarks and other elements so the new is at least 85% the same as the old. In a few days, you can get used to the fact that a few buttons will be in new places. But the benefits of this switch accrue all day every day, and compound over time. If you care about your privacy, don’t use Chrome as your browser.