> We want to build features that users want, so a subset of users may get a sneak peek at new functionality being tested before it’s launched to the world at large. A list of field trials that are currently active on your installation of Chrome will be included in all requests sent to Google. This Chrome-Variations header (X-Client-Data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.
> The variations active for a given installation are determined by a seed number which is randomly selected on first run. If usage statistics and crash reports are disabled, this number is chosen between 0 and 7999 (13 bits of entropy). If you would like to reset your variations seed, run Chrome with the command line flag “--reset-variation-state”. Experiments may be further limited by country (determined by your IP address), operating system, Chrome version and other parameters.
Everybody imagine going back 15 years and tell yourself that you're using a web browser made by the parent company of DoubleClick. Your 15 year ago self would think you're a moron (assuming that 15 years ago you were old enough to know what DoubleClick was).
TL;DR I think whoever posted that is trying to bury the UA anonymizing feature by derailing the discussion.
What I'm seeing is an RFC for anonymizing parts of User-Agent in order to reduce UA based fingerprinting, which improves everyone's privacy, that's a good thing!
Then I see someone comments how that could negatively impact existing websites or Chromium-derived browsers, comments which are totally fair and make an argument that may not be a good idea doing this change because of that.
Then someone mentions the _existing_ x-client-data headers attached to requests that uniquely identify a Chrome installation. Then a lot of comments on that, including here on HN.
To me that's derailing the original issue. If we want to propose that Chrome remove those headers we should do so as a separate issue and have people comment/vote on that. By talking about it on the UA anonymizing proposal we are polluting that discussion and effectively stalling that proposal which, if approved, could improve privacy (especially since it will go into Chromium so then any non-Chrome builds can get the feature without having to worry about x-client-data that Chrome does).
As long as web developers continue to create (app-)sites that only work in the latest versions of Chrome(and Chromium-ish) browsers, giving users little effective choice over what browsers they can use, this sort of abusive behaviour will continue. The sort of "feature-racing" that Google engages in is ultimately harmful for the open web. Mozilla struggles to keep up, Opera surrendered a while ago, and more recently, Microsoft seems to have already given up completely.
I feel like it's time we "hold the Web back" again. Leave behind the increasingly-walled-garden of "modern" appsites and their reliance on hostile browsers, and popularise simple HTML and CSS, with forms for interactivity, maybe even just a little JavaScript where absolutely necessary. Something that is usable with a browser like Dillo or Netsurf, or even one of the text-based ones. Making sites that are usable in more browsers than the top 2 (or 1) will weaken the amount of control that Google has, by allowing more browsers to appear and gain userbases.
Credits to the ungoogled-chromium project [0] for the patch [1] which is also used in Bromite since 15 February 2018 to prevent this type of leaks; see also my reply here: [2]
If you strace chrome on linux it also picks up /etc/machine-id (or it did back when I looked), which is a 32 byte randomly generated string which uniquely identifies you and on some systems is used as the DHCP ID across reboots.
First I thought reading /etc/machine-id would be expected if Chrome uses D-bus or pulseaudio libraries which depend on D-bus, and /etc/machine-id is part of D-bus. But no, they really use it for tracking purposes.
And in a sick twist they have this comment for it:
std::string BrowserDMTokenStorageLinux::InitClientId() {
// The client ID is derived from /etc/machine-id
// (https://www.freedesktop.org/software/systemd/man/machine-id.html). As per
// guidelines, this ID must not be transmitted outside of the machine, which
// is why we hash it first and then encode it in base64 before transmitting
// it.
When puppeteer first came out I was nervous to use it for scraping because I could totally see Chrome pulling tricks like this to help recaptcha in identifying the bots. I’m still not convinced they aren’t.
I'm surprised this hasn't gotten any mainstream tech press attention. Chrome's Privacy Whitepaper describes a number of privacy-questionable nonstandard headers which are only sent to Google services. Just try searching for X- here:
> On Android, your location will also be sent to Google via an X-Geo HTTP request header if Google is your default search engine, the Chrome app has the permission to use your geolocation, and you haven’t blocked geolocation for www.google.com (or country-specific origins such as www.google.de)
> To measure searches and Chrome usage driven by a particular campaign, Chrome inserts a promotional tag, not unique to you or your device, in the searches you perform on Google. This non-unique tag contains information about how Chrome was obtained, the week when Chrome was installed, and the week when the first search was performed. ... This non-unique promotional tag is included when performing searches via Google (the tag appears as a parameter beginning with "rlz=" when triggered from the Omnibox, or as an “x-rlz-string” HTTP header).
> On Android and desktop, Chrome signals to Google web services that you are signed into Chrome by attaching an X-Chrome-Connected and/or C-Chrome-ID-Consistency-Request header to any HTTPS requests to Google-owned domains. On iOS, the CHROME_CONNECTED cookie is used instead.
PII concept is not the same for everyone/everywhere. For GDPR we have:
> Article 4(1): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
If this chrome browser ID is matched against a (for example) google account, then they can track every single person. And that is just a couple of IDs, let alone all the quantity of data they have.
It's against GDPR to not be clear about this kind of ID. If my browser has an unique ID that is transmitted, then this ID can be coupled with other information to retrieve my identity and behavior, so it should be informed (in the EU).
EDIT: TD;LR, hiding behind "there is no PII in that ID" is not enough.
This is why I consider the GDPR to be unrealistically broad in its definition of PII; it denies even innocuous feature-mode-distinguishing headers intended to allow for bug-identification of massively-distributed software installs.
If I'm given a forced choice between "more privacy" and "better software quality" I'm going to lean towards "better software quality."
This it outrageous. Browsers are user-agents, not advertising accelerators. They should hide as much personal identifiable information as possible. This is exactly why using a browser from an advertising company is not a good idea. They use it to improve their service... The lie gets old...
This comment was sadly written in Chrome, since I need it for testing...
edit: pretty much exactly 10 years ago they already tried their shit with a unique id. We should have learned from that experience.
"We want to build features that users want, so a subset of users may get a sneak peek at new functionality being tested before it’s launched to the world at large. A list of field trials that are currently active on your installation of Chrome will be included in all requests sent to Google. This Chrome-Variations header (X-Client-Data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation."
While this header may not contain personally identifiable information, its presence will make every request by this user far more unique and thus easier to track. I do not see Google saying they won't use it to improve their tracking of people.
One click while logged into any Google property will be enough for them to permanently associate this GUID with your (shadow) account, they know it, and they know you know it too
So, an extremely unique identifier for tracking purposes, that effectively no one knows exists, and no one knows can be changed at all?
With an obscure white paper that allows Google to claim they comply with the law because "they totally offer a way to change that and they even published that information to the web for anyone to find"?
FWIW, it looks like that's a test case -- it is not part of Chrome itself. They most likely just wanted an example of a third-party website, and could have used any non-Google site there.
Don’t forget that even if the number is varying only in an interval of 0 and 7999, this means without cookies a unique chrome installation can be identified if multiple users are using the same IP, like residential houses with families, etc. — that way it is possible to determine the unique amount of devices inside a house.
>that way it is possible to determine the unique amount of devices inside a house.
There are exceptions I guess. Imagine 8000 households in which couples live. Both partners own the same MacBook model. In 1/8000 cases Google would think there is only one person.
It seems like a reasonable time to bring up the reformer project 'ungoogled-chrome' [1]. I have used it and new versions of Firefox for over 3 years and have seldom had to jump back to `Googlified Chrome.` Do know that installing via `brew` [2] means no - standard browser auto-update. Which in this case, makes sense to me.
Aside: It seems to me the realist punk / anti-the-man software one can work on is a user respecting browser. I don't work on these, but I am very grateful for those out there who do.
Is this at the "Chrome" level, or baked in at the "Chromuim" level? And therefore also an issue for Brave, Opera, Vivaldi, new-Edge, and anything else jumping on the browser engine monoculture?
[+] [-] janpot|6 years ago|reply
> We want to build features that users want, so a subset of users may get a sneak peek at new functionality being tested before it’s launched to the world at large. A list of field trials that are currently active on your installation of Chrome will be included in all requests sent to Google. This Chrome-Variations header (X-Client-Data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.
> The variations active for a given installation are determined by a seed number which is randomly selected on first run. If usage statistics and crash reports are disabled, this number is chosen between 0 and 7999 (13 bits of entropy). If you would like to reset your variations seed, run Chrome with the command line flag “--reset-variation-state”. Experiments may be further limited by country (determined by your IP address), operating system, Chrome version and other parameters.
[+] [-] bsharitt|6 years ago|reply
[+] [-] d1zzy|6 years ago|reply
What I'm seeing is an RFC for anonymizing parts of User-Agent in order to reduce UA based fingerprinting, which improves everyone's privacy, that's a good thing!
Then I see someone comments how that could negatively impact existing websites or Chromium-derived browsers, comments which are totally fair and make an argument that may not be a good idea doing this change because of that.
Then someone mentions the _existing_ x-client-data headers attached to requests that uniquely identify a Chrome installation. Then a lot of comments on that, including here on HN.
To me that's derailing the original issue. If we want to propose that Chrome remove those headers we should do so as a separate issue and have people comment/vote on that. By talking about it on the UA anonymizing proposal we are polluting that discussion and effectively stalling that proposal which, if approved, could improve privacy (especially since it will go into Chromium so then any non-Chrome builds can get the feature without having to worry about x-client-data that Chrome does).
[+] [-] userbinator|6 years ago|reply
I feel like it's time we "hold the Web back" again. Leave behind the increasingly-walled-garden of "modern" appsites and their reliance on hostile browsers, and popularise simple HTML and CSS, with forms for interactivity, maybe even just a little JavaScript where absolutely necessary. Something that is usable with a browser like Dillo or Netsurf, or even one of the text-based ones. Making sites that are usable in more browsers than the top 2 (or 1) will weaken the amount of control that Google has, by allowing more browsers to appear and gain userbases.
[+] [-] csagan5|6 years ago|reply
[0]: https://github.com/Eloston/ungoogled-chromium
[1]: https://github.com/bromite/bromite/blob/79.0.3945.139/build/...
[2]: https://github.com/bromite/bromite/issues/480#issuecomment-5...
[+] [-] gcb0|6 years ago|reply
[deleted]
[+] [-] ec109685|6 years ago|reply
Previous discussion: https://news.ycombinator.com/item?id=21034849
[+] [-] tbodt|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] AlphaWeaver|6 years ago|reply
[0]: https://chromium.googlesource.com/chromium/src/+/master/comp...
[+] [-] nornagon|6 years ago|reply
[+] [-] currysausage|6 years ago|reply
[+] [-] Ndymium|6 years ago|reply
[+] [-] carlsborg|6 years ago|reply
[+] [-] xfs|6 years ago|reply
And in a sick twist they have this comment for it:
[+] [-] throwaway8941|6 years ago|reply
[+] [-] chatmasta|6 years ago|reply
[+] [-] commotionfever|6 years ago|reply
[+] [-] JdeBP|6 years ago|reply
* http://jdebp.uk./Softwares/nosh/guide/commands/machine-id.xm...
[+] [-] augustk|6 years ago|reply
[+] [-] om2|6 years ago|reply
https://www.google.com/chrome/privacy/whitepaper.html
And for ease of reading, a few others:
> On Android, your location will also be sent to Google via an X-Geo HTTP request header if Google is your default search engine, the Chrome app has the permission to use your geolocation, and you haven’t blocked geolocation for www.google.com (or country-specific origins such as www.google.de)
> To measure searches and Chrome usage driven by a particular campaign, Chrome inserts a promotional tag, not unique to you or your device, in the searches you perform on Google. This non-unique tag contains information about how Chrome was obtained, the week when Chrome was installed, and the week when the first search was performed. ... This non-unique promotional tag is included when performing searches via Google (the tag appears as a parameter beginning with "rlz=" when triggered from the Omnibox, or as an “x-rlz-string” HTTP header).
> On Android and desktop, Chrome signals to Google web services that you are signed into Chrome by attaching an X-Chrome-Connected and/or C-Chrome-ID-Consistency-Request header to any HTTPS requests to Google-owned domains. On iOS, the CHROME_CONNECTED cookie is used instead.
[+] [-] RonanTheGrey|6 years ago|reply
[+] [-] scoutt|6 years ago|reply
> Article 4(1): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
If this chrome browser ID is matched against a (for example) google account, then they can track every single person. And that is just a couple of IDs, let alone all the quantity of data they have.
It's against GDPR to not be clear about this kind of ID. If my browser has an unique ID that is transmitted, then this ID can be coupled with other information to retrieve my identity and behavior, so it should be informed (in the EU).
EDIT: TD;LR, hiding behind "there is no PII in that ID" is not enough.
[+] [-] Mirioron|6 years ago|reply
[+] [-] shadowgovt|6 years ago|reply
If I'm given a forced choice between "more privacy" and "better software quality" I'm going to lean towards "better software quality."
[+] [-] nojvek|6 years ago|reply
It really seems fishy and a lot of double speak. I really don’t trust Google here.
[+] [-] bonestamp2|6 years ago|reply
Privacy issues aside, this might not help an antitrust case if one is brought against them.
[+] [-] raxxorrax|6 years ago|reply
This comment was sadly written in Chrome, since I need it for testing...
edit: pretty much exactly 10 years ago they already tried their shit with a unique id. We should have learned from that experience.
[+] [-] jaywalk|6 years ago|reply
[+] [-] iakov|6 years ago|reply
You realize you can have multiple different browsers installed, right?
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] Tepix|6 years ago|reply
"We want to build features that users want, so a subset of users may get a sneak peek at new functionality being tested before it’s launched to the world at large. A list of field trials that are currently active on your installation of Chrome will be included in all requests sent to Google. This Chrome-Variations header (X-Client-Data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation."
While this header may not contain personally identifiable information, its presence will make every request by this user far more unique and thus easier to track. I do not see Google saying they won't use it to improve their tracking of people.
[+] [-] goatinaboat|6 years ago|reply
[+] [-] TheRealPomax|6 years ago|reply
With an obscure white paper that allows Google to claim they comply with the law because "they totally offer a way to change that and they even published that information to the web for anyone to find"?
Gotcha.
[+] [-] c16|6 years ago|reply
[1] https://chromium.googlesource.com/chromium/src/+/master/comp...
[+] [-] jcl|6 years ago|reply
[+] [-] KenanSulayman|6 years ago|reply
[+] [-] KCUOJJQJ|6 years ago|reply
There are exceptions I guess. Imagine 8000 households in which couples live. Both partners own the same MacBook model. In 1/8000 cases Google would think there is only one person.
[+] [-] mooreed|6 years ago|reply
Aside: It seems to me the realist punk / anti-the-man software one can work on is a user respecting browser. I don't work on these, but I am very grateful for those out there who do.
-------
- [1]: https://github.com/Eloston/ungoogled-chromium#downloads
- [2]: Brew install via: `brew cask fetch eloston-chromium && brew cask install eloston-chromium`
Enjoy old school browsing with new school development benefits.
[+] [-] dmtroyer|6 years ago|reply
[+] [-] StevePerkins|6 years ago|reply
[+] [-] robin_reala|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] 98codes|6 years ago|reply
[+] [-] jlgaddis|6 years ago|reply
[+] [-] jakoblorz|6 years ago|reply
[+] [-] aloknnikhil|6 years ago|reply
[+] [-] pier25|6 years ago|reply
[+] [-] MrZongle2|6 years ago|reply
Firefox and DuckDuckGo, folks. Today's Google is no more benevolent than yesterday's Microsoft.