Google Can Track Your Individual Chrome Browser Install ID
As I take steps to extract myself from Google (and others) ubiquitous tracking, I’ve been paying attention to anything related to Google’s Chrome browser. In my news feed yesterday, I came across this threaded discussion in Hacker News: Google tracks individual users per Chrome installation ID.
I was stunned to learn that every install of Chrome generates a unique ID just for you and it’s possible that Google is using this install ID to track us. As soon as you log in to any Google account with that new installation of Chrome, it’s also likely linked directly to your individual Google profile.
Not only is this completely “evil” on Google’s part if true and they’re using this ID for browser fingerprinting, but it also means it is a complete violation of Europe’s General Data Protection Regulation (GPDR) and would result in massive fines for the company.
In order to get a deeper sense of what was going on, I went out and did a bunch of online searching (using my now preferred search engine, DuckDuckGo, of course). There are dozens of developer and tech site articles and posts that helped me fully understand what is going on, and why developers (and those of us who care about security and privacy) are so upset, concerned, and making a huge fuss to get an answer out of Google.
“On Tuesday, Arnaud Granal, a software developer involved with a Chromium-based browser called Kiwi, challenged a Google engineer in a GitHub Issues post about the privacy implications of request header data that gets transmitted by Chrome. Granal called it a unique identifier and suggesting it can be used, by Google at least, for tracking people across the web.”
Even the adblocker software company, Magic Lasso, shared this insight on their blog about the controversy and explained the problem and how this potential tracking occurs:
“Each and every install of Chrome, since version 54, have generated a unique ID. Depending upon which settings you configure, the unique ID may be longer or shorter.
Irrespective, when used in combination with other configuration features, Google now generates and retains a unique ID in each Chrome installation. The ID represents your particular Chrome install, and as soon as you log into any Google account, is likely also linked directly to your individual Google profile.
The evil next step is that this unique ID is then sent (in the “x-client-data” field of a Chrome web request) to Google every time the browser accesses a Google web property. This ID is not sent to any non-Google web requests; thereby restricting the tracking capability to Google itself.”
Google needs to address this and quickly. Just about every developer I know has abandoned Chrome and are using Firefox exclusively (as am I).
3 Comments
Leave a Comment
About Steve Borsch
Strategist. Learner. Idea Guy. Salesman. Connector of Dots. Friend. Husband & Dad. CEO. Janitor. More here.
Connecting the Dots Podcast
Podcasting hit the mainstream in July of 2005 when Apple added podcast show support within iTunes. I'd seen this coming so started podcasting in May of 2005 and kept going until August of 2007. Unfortunately was never 'discovered' by national broadcasters, but made a delightfully large number of connections with people all over the world because of these shows. Click here to view the archive of my podcast posts.
Everyone knows that google is an advertising company and a very good on at that. They got to be that good by understanding there target market which is where things like this come in. As I use google for anything I use them for I dont mind so much if they know who I am or what I last searched for etc. What bothers me more is the information they share with their clients. Ever noticed if you search for say refrigerators then the next couple of days will see your email full of fridge advertising and so will your facebook feed.
Many years ago Firefox was accused of much the same thing but I cant remember what happened.
I haven’t used duckduckgo in a while but I just retried it. Before it seemed to come back with far fewer results. Ive just retried it and the first thing I noticed was the ads. Someone has to pay the piper and I would rather it was a rich advertiser than me. Problem is though that the ads may have been relevant to my search but they were not relevent to me. Retailers in America are not useful to someone living in New Zealand. Googles use of profiling does result in me seeing ads that might be of use.
To me privacy might be the price of convenience. Others might disagree
“To me privacy might be the price of convenience. Others might disagree.”
I’d be one of those disagreeable types.
The thing that troubles me the most, even more so than Google, are the third party data aggregators like Acxiom (now called LiveRamp).
The data they harvest, much of it from Google and Facebook, means that every single thing you do online is tracked and you are targeted. For me, not worth the price of convenience. NOTE: I often have this discussion with family and friends and more people are in your camp…they cannot be bothered to figure this all out and change their habits.
So I ask, “I’d know more about if you’d give me a key to your house so I could figure out your tech and set up new stuff, all the logins for your bank, brokerage, as well as your social media accounts so I could streamline your access to each of them. Would you give all that to me?” Of course they won’t, even if I could make their life easier and more convenient (and A LOT more convenient as I setup networks, internet of things, and more).
Just look at what Acxiom/LiveRamp collects!
[…] Google Can Track Your Individual Chrome Browser Install ID – Connecting the Dots […]