Everyone has a lot of questions about Chrome. Some people say that it is spyware because each and every character you enter is sent to Google. Hundreds of comments like this can be found on the web, like this one that says “Chrome spends nearly as much time phoning home to Google as it does talking to other Web servers.” On the other hand, you can also find on the web the opposite opinion that claims “If you do not wish this data to be sent to your search provider, you have a number of options: Use incognito mode, turn off search suggestions permanently or change your search provider.”
Who is correct? What kind of information is really traveling between Chrome and Google? What data about you is being sent to the web? Is it true that Google’s browser sends details about everything you do? Is it an unsafe browser? What happens behind Incognito mode?
The first thing we want to know is “What information does Chrome send about visited sites to Google”? Many different opinions can be found on the web, and some are really alarming. One person says that toolbarqueries.google.com collects everything the browser sends to it. This is indeed true, and you can see in metrics_service.cc [chromium.org], what information about visited websites is being sent. Although this only happens if you selected it in Chromes ‘Under the Hood’ (Options -> “Help make Google Chrome better by automatically sending usage statistics and crash reports to Google”) this option is not selected by default, you have to specifically select it during the Chrome installation. Using SpyStudio you can be 100% certain about this by checking and un-checking the option, and watching all the ‘send’ function calls. So, does Google Chrome send information about every website you visit to toolbarqueries.google.com? The answer is no, it does it only if you request it to. This doesn’t mean that other information, like the one send to google-analytics, is not being sent anymore.
However it is interesting to notice that this behavior is exactly the same under Incognito mode. This means that if the option of sending usage statistics is checked, it doesn’t matter what mode Chrome is running, the statistics are sent anyway. We know that the only differences between normal and Incognito modes are the logging of websites visited, files downloaded, download histories and cookies. So this feature is local to the machine, and nobody has said that statistics are not sent under this mode. Although I think for many of us, we implicitly assume to be anonymous while running Chrome under Incognito mode. So we better keep the limitations of this feature in mind! Again, this only applies when sending statistics option is selected.
The other feature we want to inspect is the suggestion made by the address bar: “When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for.” This is highly controversial, we want to know about this feature when using Incognito mode (in which the suggest feature seems to be automatically disabled). Again we can use SpyStudio to make sure. You can see that Chrome does not send any information to Google about your key strokes when using Incognito mode. You can also watch calls to GetAddrInfoW function, which provides protocol-independent translation from a Unicode host name to an address.
When you are not running on Incognito, you can turn this off by right clicking on the address bar and selecting “Edit search engines…” Then uncheck the check box at the bottom labeled “Use a suggestion service to help complete searches and URLs typed in the address bar”.
We can now safely stop all the paranoia about Chrome. We can see the information that Google Chrome sends to Google using SpyStudio and we know that this depends on the options you choose. So Chrome is not spyware that sends everything you do to Google. I also believe it is important to understand what features the Incognito mode provides and not assume things about it.
Watch Google Chrome
See for yourself the information that Google Chrome sends to Google. Use Nektra’s SpyStudio to monitor Chrome’s behavior. It is very easy:
- Download SpyStudio from Nektra’s website free of charge and install it.
- Replace the database ‘deviare.fdb‘ with a new version. You will find ‘deviare.fdb’ in the path you installed SpyStudio: SpyStudiobin
- Download the script chromewatcher and then add the path where you saved it to SpyStudio. Edit -> Preferences -> Python
- Run SpyStudio and import the module chromeWatcher by typing “import chromeWatcher” in the Python console. Then start monitoring by calling the Begin() function by typing “chromeWatcher.Begin()”.
- Now watch SpyStudio while using Google Chrome to find out what information is sent by Chrome.
What does the ChromeWatcher script do?
The ChromeWatcher module was specially made to capture calls to the Winsock functions ‘send‘ and ‘WSASend‘. To know where the information is going, a socket connections track must be kept. So it is necessary to hook ‘connect’ and ‘select’ functions too. The idea behind ChromeWatcher is to hook ‘send’ and ‘WSASend’ calls that are made to Google and show them to you.
To understand better this script you can see SpyStudio documentation on: SpyStudiodoc