Todays post will be a little more offensive then normally.

This morning I've got an e-mail from my beloved one with a link to an article on WP (PL, sorry), which title I used (after translation) as the title for this post. Let me translate a piece of the article which is summing up the article pretty good (no info about the author I'm afraid):

Every copy of Chrome creates an unique id number, which is send to every Google service, and which is used to identify while using the Google search. Chrome connects to home even when typing an address in the address bar, it's for our own good. It checks if the address is on the phishing list. Many browsers do it, including IE and Firefox. However they do not have unique identifiers. Thanks to them [the IDs] it's possible to create an 'Internet profile' for each Chrome user.

I must admit that I haven't read such BULLSHIT in quite a while.

Let's start from the beginning. When downloading Chrome from the official site, under the EULA there is a small, unchecked by default, checkbox with something like "Optional: Help make Chrome better by automatically sending user stats and crash reports to Google" (it's my translation of the Polish version, ignore the differences). We can check it or leave it as is (unckeched). Let's say that we check it anyway. In that case Chrome indeed sometimes 'phones home' and transfers some statistics. And some more information is sent to Google when Chrome crashes (about:crash is good for testing it). But who cares since we agreed to it at download?!

OK, let's now pretend we didn't check that checkbox. I spent about a half hour with a sniffer, and didn't see Chrome send ANYTHING that would look like as even a piece of a user id. Really, nothing. I crashed Chrome, restarted it, walked on some websites. Nothing. Oh, there were some cookies sent while the address bar search took place, but those cookies were generated server side, which is about normal nowadays, and is very common (including WP).

So I would like to congratulate the article author for writing about something he agreed on while downloading Chrome.

At the end of the article there was a "hack" made by the autor:

One has to shutdown the browser, and change the file "Local State" in the Google installation directory (User Data), the changes are to be made in "client_id" and "client_id_timestamp". The values needed to be put in are FA7069F6-ACF8-4E92-805E-2AEBC67F45E0 and 1220449017. After that operation Chrome should introduce itself with a fake id.

Coooool..... But I would recommend just using "reporting_enabled": false which is set by default anyway (that is it we didn't check the checkbox), and which can be set without a problem from the menu - Options\For advanced\Help make Chrome better...

There is one more article (PL again) about Chrome Conspiracy I should add to my collection. I don't know who first wrote about it, but I have that link written down. Anyway, the articles title is 'Chrome installs a backdoor', and I think it's written by Patryk Szlagowski:

Google Chrome installs additionally a backdoor in the system. For Firefox and Safari the Google Update registers itself as a plugin npgoogleoneclick5.dll. For IE it's a BHO goopdatebho.dll.

OK, a few things then. First, I test Chrome from it's release on a few different machines, I reinstalled it a few time now and then, and each time I checked for the evil registered-someplace plugins (I have a few different browsers, including Opera, Safari, FF and IE), and I think Google like me very much or sth, because I couldn't find any of these registered plugins (however the files in fact exist in the Google Chrome directory).

Well maybe I have strange machines. Let's pretend that something automatically registers, and the One Click "backdoor" indeed is in the system. No we get to "secondly".

Secondly... what the hell of a kind of a backdoor is a one that works like this: When the user clicks under the EULA "Accept and install", then the installer gets downloaded and starts to install. Well, we just clicked it to INSTALL ITSELF! Why then are we writing news about "oh my, I clicked install, and it indeed started to install". Its bullshit. This "backdoor":
1) doesn't allow Google to access our system anytime they want
2) and it doesn't work with too many apps... Chrome.. and what else ? Maybe some Picassa ? What ? No FormatYourHarddisk? Sucks.

Concluding, Chrome isn't a backdoor. Yes, it gathers stats if the user tells it to gather stats. Yes, it has plugins that start installing Chrome when the user clicks Install. If someone has problems with understanding "install" and "automatically send stats", then create some petition for the Ministry of Education.

Thats all.

Comments:

2008-09-10 16:56:53 = Whatever
{
Hmmm. I just hopped in to regedit did a search for googleoneclick and it was right there under computerhkey_usersuidsoftwaremozillaPlugins. Doubt it is a backdoor. Rumor has it that it just sends all your url clicks from Firefox back to the google mothership. What was google's slogan again. Do no evil or something like that?
}
2008-09-25 16:45:27 = Gynvael Coldwind
{
@Whatever
Hehe yeah, it was 'do no evil' all right ;> Google is close to cross the privacy line of the user.

As for url clicks... I think these are sent to check if the site is on a blacklist - its done in Firefox too. I think You can disable it in the options, however I didn't check if it halts the url sending. It's not really an evil thing... well, as long as there is no extra bonus under the hood that is ;>
}

Add a comment:

Nick:
URL (optional):
Math captcha: 7 ∗ 8 + 4 =