Chrome's Wipe Private Data Feature
Chrome's Wipe Private Data Feature | |
---|---|
Short Title | Google Exempts Its Own Websites From Chrome's Automatic Data-Scrubbing Feature |
Location | Global |
Date | October 2020 |
Solove Harm | Breach of Confidentiality |
Information | Behavioral, Identifying, Computer Device |
Threat Actors | |
Individuals | |
Affected | Google chrome users |
High Risk Groups | |
Tangible Harms |
Chrome browser was found to be still giving access to user data to google websites, such as YouTube and Google.com even after the user setup the browser to delete all site data, which allegedly is supposed to delete user info (such as cookies or site data) previously shared with the sites. This info can be used to identify the user in the future, when they visit the website again.
Description
A programmer noted that if one sets up Chrome, on desktop at least, to automatically delete all cookies and so-called site data when one quits the browser, it deletes it all as expected – except one’s site data for Google.com and YouTube.com. The fact that Google keeps sharing the data with these sites in this case can be seen as Breach of Confidentiality. Users are clearly not expecting this data sharing.
Site data includes, among other things, a storage database in which a site can store personal information about a user, on their computer, that can be accessed again by the site the next time the user visits. Thus, while one’s Google and YouTube cookies may be wiped by Chrome, their site data remains on their computer, and it could, in future, be used to identify them. If Google chooses at some point to stash the equivalent of one’s Google cookies in the Google.com site data storage, they could be retrieved next time one visits Google, and identify the user, even though the user thought they’d told Chrome not to let that happen.
Breakdown
Threat:Chrome sharing user data with Youtube and Google.com even after users set up Chrome to delete all site data that allows sites track users
At-Risk group: Chrome users
Harm: Breach of Confidentiality
Secondary Consequences: not known