A proposed class-action lawsuit claims that Google has been tracking users even when Chrome is set for private browsing. The lawsuit is seeking at least $5 billion in damages.
“Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake to protect their data privacy,” the complaint explains. “Indeed, even when Google users launch a web browser with ‘private browsing mode’ activated (as Google recommends to users wishing to browse the web privately), Google nevertheless tracks the users’ browsing data and other identifying information.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
Surprisingly, Google achieves this tracking in part via Chrome’s secret advertising-related functionality.
“When an internet user visits a webpage or opens an app that uses … Google Analytics, Google Ad Manager, … [or] the ‘Google Sign-In button’ for websites (over 70% of all online publishers use such a service), Google receives detailed, personal information such as the user’s IP address (which may provide geographic information), what the user is viewing, what the user last viewed, and details about the user’s hardware,” the complaint continues. “Google takes the data regardless of whether the user actually clicks on a Google-supported advertisement—or even knows of its existence. This means that billions of times a day, Google causes computers around the world to report the real-time internet communications of hundreds of millions of people to Google.”
As the complaint notes, Google’s tracking is a serious violation of privacy and because it’s done secretly, it’s also deceptive to consumers and is both intentional and unlawful. “Federal privacy laws prohibit unauthorized interception, access, and use of the contents in electronic communications, the suit explains.
Because there are likely millions of people impacted—this is just in the United States, as Chrome’s worldwide usage is in the billions—the plaintiffs are seeking class-action status. They are also seeking $5000 in damages per user.
Google has quickly denied the charges, which come amidst heightened antitrust scrutiny of the firm and its biggest rivals.
“We strongly dispute these claims, and we will defend ourselves vigorously against them,” a Google statement reads. “Incognito mode in Chrome gives you the choice to browse the internet without your activity being saved to your browser or device. As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity during your session.”
dftf
<p>Personally I can't see Google not winning this — unless you can prove that most the general-public reasonably expected Incognition Mode to function akin to a VPN, then I can't see any-other argument here. The wording on the page when you start the mode clearly says "Your activity might still be visible to […] websites that you visit". And if you click "Learn more", then click "How Incognition mode protects your privacy" on the next page, under "What Incognito mode doesn’t do" it clearly states "[it does not] p<span style="background-color: rgb(255, 255, 255); color: rgb(60, 64, 67);">revent the websites you visit from serving ads based on your activity".</span></p><p><br></p><p><span style="background-color: rgb(255, 255, 255); color: rgb(60, 64, 67);">If you use Private Browsing mode in Firefox, it gives you a similar warning: "</span>Firefox clears your search and browsing history when you quit the app or close all Private Browsing tabs and windows. While this doesn’t make you anonymous to web sites or your internet service provider, it makes it easier to keep what you do online private from anyone else who uses this computer."</p><p><br></p><p>The only possible way this could succeed, I can reasonably think-of, would be to prove that they maintain a profile of you as a unique user between different Incognito sessions — i.e. it doesn't discard your previous data and treat you as new each time. But if it's simply "Users expected when using Incognito that Google gets no data whatsoever, and does no targeted ads" then I can't see the case progressing very-far, especially since Microsoft, Mozilla and Apple will all still receive personalised data in their respective private modes too.</p>
dftf
<p>If you wanted a genuine case of a browser being misleading, I'd suggest looking at Opera and Opera Mini: they say they have a built-in VPN, but it's actually just Secure DNS — the traffic still goes via your ISP, and non-HTTPS sites are not encrypted in any sort of tunnel, they're still just raw. That to me IS a genuine case of being misleading!</p>
dftf
<blockquote><em><a href="#544655">In reply to MikeCerm:</a></em></blockquote><p>What Opera are doing is providing a secure proxy-server, but they misleadingly label the feature as "VPN" inside the app.</p><p><br></p><p>Here are some quotes from reviews which all say they are wrong to refer to it as a VPN:</p><p><br></p><p>RestorePrivacy.com:</p><p>"Opera VPN is a browser proxy that encrypts traffic between the Opera browser and a proxy server […] in other words, Opera’s "free VPN" is not a VPN at all, but rather just a browser proxy."</p><p><br></p><p>TheBestVPN.com:</p><p>"Calling Opera VPN a VPN is not accurate at all. It’s not a VPN, it’s a proxy."</p><p><br></p><p>GitHub:</p><p>"It's an HTTP/S proxy which requires auth. This Opera "VPN" is just a preconfigured HTTP/S proxy protecting just the traffic between Opera and the proxy, nothing else. It's not a VPN."</p><p><br></p><p>ProPrivacy.com:</p><p>"OperaVPN is proxy, not a VPN service. Connections are secured using HTTPS, the encryption scheme which protects sensitive websites, making OperaVPN an HTTPS proxy."</p><p><br></p><p>ArsTechnica review:</p><p>"Sounds to me like this is more like a pre-configured proxy server than a VPN."</p><p><br></p><p>It's clearly NOT a VPN as if I connect to say a torrent website, my ISP will say "Sorry, a high-court order requires this website to be blocked in the UK". This would not be visible to my ISP were it a real VPN.</p><p><br></p><p>Therefore I stand-by my original post that Opera calling the feature "VPN" is misleading</p>
dftf
<blockquote><em><a href="#544595">In reply to kfriis:</a></em></blockquote><p>If you deploy Google Chrome in an Enterprise, the Group Policy settings do allow some of the data-collection features to be turned-off, plus you can always block them at a proxy / firewall level. Also, as it's the most-popular browser, makes-sense to give users software they are already-familiar in using, to reduce training issues, compared to say introducing Firefox (and I couldn't also say for Firefox whether it's Group Policy support is as-extensive in what you can configure?)</p><p><br></p><p>Brave and Vivaldi are both relatively new, so most enterprises won't bother with them, given they already settled on either Google Chrome or Firefox when deciding how to get users off IE11 or older (plus, do either of them have Group Policy support?)</p><p><br></p><p>One other reason for some companies when choosing software can be whether it is closed-source or open-source: there is still a belief that "closed-source" means "safer", as the code (unless leaked) is never made intentionally public. If you do work for Government or military, open-source stuff, like 7-Zip or LibreOffice, can be an automatic no, and Firefox of-course is open-source.</p><p><br></p><p>I imagine in the future though, you'll see Google Chrome less in businesses as they just use Microsoft's new Edge, especially once it comes built-in (likely in 20H2 or 21H1).</p>