[ga] Re: [ PRIVACY Forum ] Quickie Privacy Analysis of Google's New "Chrome"Web Browser

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Lauren et., al.,

  Interesting analysis.  We are currently actually testing
Chrome, not speculating on it.  What even more interesting
in respect to privacy considerations regarding Chrome, is
as we all know, Google has never been even remotely
concerned for users privacy, and that as you rightly point
up, any lookup used with Chrome is transmitted to Google,
who has a history of tracking/stalking users and retaining that
data than later selling it to spammers and phisers.  So as I
was saying what's more interesting is Calif. new strict data
security law that will likely impact Chrome.
See:
(August 31, 2008)
State legislators in California have almost unanimously approved a bill
that would require retailers to employ stringent data protection methods
if they retain customers' personal information.  The bill refers
specifically to credit and debit card numbers, verification codes and
personal identification numbers (PINs).  Firms choosing to retain the
financial data would be required to follow security guidelines set by
the credit card industry.  These include limiting access to the data to
only those who need it to do their jobs. Firewalls would need to be
bolstered and all data would need to be encrypted when it is sent over
public networks.  A similar bill was vetoed by the governor last year.
The new version has removed a provision that would have held the
companies liable for the cost of replacement credit and debit cards in
the event of a breach.  The new version requires that the companies bear
the cost of notifying customers affected by breaches.
http://www.mercurynews.com/breakingnews/ci_10351650


privacy@xxxxxxxxxx wrote:

>         Quickie Privacy Analysis of Google's New "Chrome" Web Browser
>
>                 http://lauren.vortex.com/archive/000420.html
>
> Greetings.  Google's new "Chrome" Web browser beta
> ( http://www.google.com/chrome ) hasn't been generally available for
> more than a few hours, and already I'm getting queries regarding its
> associated privacy policy
> ( http://www.google.com/chrome/intl/en/privacy.html ).
>
> So here's an "instant" quickie analysis, based solely on the info
> Google has provided as linked just above.  Please note that I have
> not yet looked into any possible privacy or security issues that
> people have asked me about associated with "borderless" applications
> (e.g. pages displayed without URL bars, etc.) -- nor do I at this
> time presuppose that issues of concern exist in that area.
>
> Cutting to the chase, it appears that -- with one exception that
> I'll discuss below -- Google's Chrome (no affiliation with
> "chrome.vortex.com" of course) by and large is defined to behave in
> a conventional manner when it comes to handling of privacy-sensitive
> data, including the provision of a "private browsing" mode similar
> to that in the latest version of Internet Explorer.
>
> In particular -- to answer the most frequently asked question --
> there is no evidence that your routine Web site browsing URLs are
> transmitted to Google as you traverse the Net (I'm making the quite
> reasonable assumption that such data isn't somehow included in the
> default sending of "usage statistics" -- for which I did not find a
> precise definition).
>
> Chrome's anti-phishing system appears to be the same well designed
> Google-based mechanism -- using primarily hashed URLs -- employed by
> default in Firefox 3 as well.  No problems there as far as I'm
> concerned.
>
> The only really new privacy-related aspect that may concern some
> users in Google Chrome appears to be its "Google Suggest" feature
> tied into the URL address bar. By default this will send information
> to Google regarding the URLs that you enter directly, to enable URL
> suggestion data to be returned to the browser from Google.  This
> feature is somewhat similar to Firefox 3's new URL suggestion
> mechanism, however Firefox's lookup system operates using only local
> data in a much more limited fashion, without transmitting URL data
> off of your system during the lookup phase.
>
> So, again by default, if you entered:
> "http://www.yetanothersecretsite.com"; in the Chrome URL bar, that
> URL would apparently be transmitted to Google.
>
> Whether or not this represents a problem for any given user is up to
> them.  Obviously it is impossible for Google to provide a broad URL
> suggestion capability without knowing what you're typing on the URL
> line.  Note though that -- as described on the relevant Google
> pages -- virtually all of these related features can be disabled by users
> if they choose to do so.
>
> For now, based on the information that I currently have to go on,
> I'd give Google Chrome a thumbs-up from an overall privacy
> standpoint, with the proviso that individual users may not wish to
> accept all of the provided default privacy settings and should avail
> themselves of the ability to disable (or enable) any specific
> features as they feel appropriate.
>
> My "day one" summary for Google Chrome (as Arte Johnson used to say
> on "Rowan & Martin's Laugh-In"): "Very Interesting ... "
>
> --Lauren--
> Lauren Weinstein
> lauren@xxxxxxxxxx or lauren@xxxxxxxx
> Tel: +1 (818) 225-2800
> http://www.pfir.org/lauren
> Co-Founder, PFIR
>    - People For Internet Responsibility - http://www.pfir.org
> Co-Founder, NNSquad
>    - Network Neutrality Squad - http://www.nnsquad.org
> Founder, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
>
> _______________________________________________
> privacy mailing list
> http://lists.vortex.com/mailman/listinfo/privacy

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827