Google has retracted a claim that an identifier it uses internally to track experimental features … [+]
SOPA Images/LightRocket via Getty Images
Google’s Chrome browser still dominates the market, with over 2 billion users. But Chrome has come under increasing scrutiny over recent months, with some even ditching it altogether in favor of privacy-focused alternatives such as Firefox.
Today, if you are a Google Chrome user, you could have another reason to switch. According to esteemed tech site The Register, Google has retracted a claim that an identifier it uses internally to track experimental features and variations in Chrome doesn’t contain personally identifiable information.
Personally identifiable information is data that could reveal who you are, such as your full name, social security number, or passport number. Due to its value to you as an individual, this information is safeguarded under regulation such as the EU General Data Protection Regulation (GDPR).
Google’s X-client-data header–a unique identifier?
The news that Google has removed the claim follows an investigation by the Register in February, after a software developer challenged a Google engineer in a GitHub Issues post. The developer, Arnaud Granal, said the request header data transmitted by Chrome could be a unique identifier and as such, would be in violation of the EU’s GDPR regulation.
The X-client-data header is what Chrome sends to Google after a Google webpage has been requested. But Granal told the Register that even if you use a proxy, VPN, or Tor, Google (including DoubleClick) might be able to recognize you using the X-client-data.
Google certainly has a reason to want to know more about its users so it can target them with relevant advertising–its entire business model is based around this. That is why Google’s changes to Chrome that affect the way ad blockers work, dubbed Manifest V3, have raised suspicions among many users already.
Google says the X-client-data header doesn’t contain a unique fingerprint; it contains information about the variation of Chrome being used. The Register did say it has “no reason to believe the X-client-data header was ever used to track and identify people across websites–Google has better ways of doing that,” and I have to agree. However, the fact that Google has removed the claim that the header does not contain personally identifiable information has of course set alarm bells ringing.
In February, the Google Chrome privacy whitepaper said: “This Chrome-Variations header (X-client-data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.”
The latest paper, published March 5, doesn’t contain this claim. When asked why, Google told the Register the whitepaper is updated regularly “as part of the Chrome stable release process.”
Security researcher Sean Wright says it “appears” the x-client-data header may contain user related data. “It’s not apparent what that data is, but you would hope Google would be open and transparent about it. When they are not, it only helps to fuel speculation as to how this header is being used.”
I have contacted Google for a comment and will update this story if it replies.
Time to switch to Firefox?
What you make of this is up to you. Google may or may not be using this data to track users, says Wright. But he points out that this case “highlights the importance of companies being open and transparent when it comes to user privacy and the features that they implement which may impact it–whatever the reason.”
As people become more aware of their privacy, tech giants such as Facebook, WhatsApp and Google are coming under scrutiny. And as a number of off-putting Chrome moves come to light, many users are looking for easy-to-use Chrome alternatives.
Personally, I use a mix of Firefox and Apple’s own Safari browser, which I feel offer me the privacy-focused experience I need. Firefox is certainly a great alternative, and the browser maker even offers a guide to help Chrome users to switch.
Making the switch can be an arduous task, but if you care about your privacy, you’ll thank yourself later for putting the time in.