Chrome Private Mode Not Quite Private 234
wiplash writes "Google Chrome appears to store at least some information related to, and including, the sites that you have visited when browsing in Incognito mode. Lewis Thompson outlines a set of steps you can follow to confirm whether you are affected. He has apparently reported this to Google, but no response has yet been received."
Didn't work for me (Score:5, Informative)
using 4.1.249.1064 on Win7.
Persists across restarts, too (Score:5, Informative)
So, since the example in TFA didn't restart Chrome between incognito windows, I decided to see what happened when I followed the steps with "4.5 Exit chrome completely, then restart", and can confirm that even when Chrome fully exits and is restarted, it remembers the zoom level used in a URL only ever visited in an incognito window.
Re:Addicted. (Score:3, Informative)
Do you believe every piece of FUD that comes out of sopssa's mouth? By default yes, everything typed into the address bar is sent to google which is how their autocomplete for searches works. If you just don't want it sent to google, change your default search provider. if you don't want it sent anywhere simply uncheck 'use a suggestion service to help complete searches and URLs typed in the address bar' in the Under the Hood tab of Options.
Reproduced it here just fine (Score:5, Informative)
Exactly as reported.
I'm using 5.0.375.29 beta on an Air running 10.6.3 over wifi.
Went to cheese.com [cheese.com] (the #1 resource for cheese!) and the zoom held.
Additionally, when I opened a new tab in non-incognito mode, the zoom STILL held, so there is definitely some communication between regular and incognito windows.
I'm devastated that my secret cheese browsing is now public.
Re:Not surprised. (Score:5, Informative)
There's always Chromium; I run it on Ubuntu [hyperlogos.org]. For Windows there's SRWare Iron [srware.net]. I'm not sure which is the preferred build for OSX; perhaps Crossover Chromium [codeweavers.com]. TFA doesn't say whether Chromium is affected. Some comments under TFA state that the effect lasts only until Chrome is restarted, suggesting that the information is stored only in the memory cache.
The bug (Score:5, Informative)
http://code.google.com/p/chromium/issues/detail?id=43107 [google.com]
Seems like someone looked at it, prioritized and classified it (eg pri-2, internals-cookies).
What's the big deal? It's just a bug that needs to get fixed, not a huge conspiracy by Google.
Known "feature" from Chrome 5 Beta (Score:1, Informative)
The remember zoom was added to the 5.x Beta / Dev channels some time ago, and isn't a part of the current Chrome stable build. [ Google Blog Link : http://googlesystem.blogspot.com/2010/05/10-things-to-try-in-google-chrome-5.html ] Nevertheless, I doubt this is sending any information to Google. You forget Chromium is open source.
Pitchforks down, please, no story here (Score:3, Informative)
for those that cannot reproduce this... (Score:3, Informative)
Be aware of the version you're using. Chrome v4 *may* not save the zoom level, so it wouldn't show it anyway. I'm on the dev channel, and thus am using the newly-released v6, and it's definitely reproducible.
There always was. (Score:3, Informative)
Did you even look in options? Turn off "search suggestions". That's the feature that relies on this information being sent to Google.
Please, please stop spreading Microsoft's FUD.
Re:this doesn't happen to me (Score:3, Informative)
I just reproduced it in the exact same beta on Ubuntu. Steps are:
And people, please. What happened to "never ascribe to malice"? Chromium is an open-source project -- if you have to, fix it yourself, I have little doubt that patch would make it into the official Google Chrome.
Re:Not surprised. (Score:2, Informative)
That's just a tip of an iceberg (Score:2, Informative)
Run Firefox or Google Chrome for a few days, click "Clear Recent History", select "Forever", exit them.
Now go to a directory where they store profile data and discover SQLite files containing information from all the web sites you've visited (`man strings`).
Both browsers 'forget' to run VACUUM on SQLite databases they are using. However it would be even better to zero fill all the files containing your traces, then delete 'em, then recreate them.
Re:Pitchforks down, please, no story here (Score:4, Informative)
If it remembers zoom levels for particular websites, it must remember the websites themselves. That also means someone can potentially obtain a list of URLs you visited in incognito mode.
That defeats the entire point of incognito mode. It's not supposed to remember anything.
Re:The Phone Company (Score:4, Informative)
The article shows that a per-site setting (page zoom) persists between incognito sessions. That's all. No mention or even speculation that Google is storing that information on their servers.
That said, Incognito was never meant to be private browsing from Google. Your search queries still get send to your search provider (imagine that!) and auto-suggest will still work. What Incognito mode is for is to prevent your wife/brother/sister/boss from seeing the sites you use. This has been discussed to death already.
Re:Addicted. (Score:3, Informative)
You know, that's embedded into most of the browsers.
Firefox was a little more polite about it, but it's still pretty deep in there. I was setting up an embedded machine with Firefox (local web browsing, no Internet connection). I was really surprised how many things were in there on a clean install of it. It's not just url completion. There's "safe browsing", SSL cert verification, updates.. Well, just do an about:config and search for http:/// [http] and then https://./ [.] There are 29 http URL's, and 22 https URL's. That may not include remote resources that may be embedded into the code. I didn't review it to find out, but I did have a packet sniffer running while I was working to make sure there wasn't anything extra going out.
This wasn't looked at because my tinfoil hat was on too tight. These are for offline embedded machines, but they may (just may) be up on some sort of Internet connection occasionally, and that may be ungodly slow. I may not have the luxury of a few extra bytes going over the wire, if that's all I have to work with. (yes, we're talking very slow connections). And yes, it's a Linux platform, so you don't have everything and then some creating unwanted network traffic. :)
Re:The Phone Company (Score:3, Informative)
Actually, according to the developer discussion, this isn't a bug. They did it on purpose. They actually saved all of the sites that you made site-specific settings changes to.
They thought that the "convenience" of a better UI would outway the privacy risk of having the sites you visited after explicitly selecting privacy-mode saved in plain text on the file system.
Re:Addicted. (Score:4, Informative)
Just for the sake of putting this stupid argument to rest, I tested it with wireshark, and yes, unchecking that box immediately causes chrome to cease sending URLs to google. In fact, with all the boxes unchecked, it appears that the only traffic sent is directly to the websites that you are fetching.
I like how your "yet" implies that that hasnt been there from practically the start, though, or that you cant just use chromium if you are really that worried about it.... really some quality FUD there.
Re:Addicted. (Score:4, Informative)
But while I did verify this, and can see some disk writes in ProcMon to a tmp file (which seems to be deleted on close), is it asking too much to have a little more info before running off and declaring it to be some additional nefarious way to collect info? Any packet sniffing, or even seeing if it can be replicated in chromium or Iron? Any effort to see ANYTHING AT ALL of whats going on, or whether that data is stored anywhere except the "magnify websites to this level" database?
I mean come on, I know Google is the new "cool to hate" company, but a 1 paragraph blog entry with NO technical details whatsoever makes REALLY poor outrage material.
This issue has been fixed. (Score:3, Informative)
http://code.google.com/p/chromium/issues/detail?id=43107 [google.com]
Re:Addicted. (Score:4, Informative)