Microsoft criticises privacy in Chrome 3.0

The latest version of the browser logs every search keystroke and sends it back to Google, a Microsoft executive has pointed out
Written by Tom Espiner, Contributor

The latest version of Google's Chrome browser presents a privacy risk through its search-term tracking, a Microsoft security executive has said.

Microsoft general manager Amy Barzdukas, who heads up Internet Explorer and consumer security for the software company, said on Wednesday that Chrome 3.0 sends packets of information to Google every time a character is typed into its search box.

"With Google Chrome 3.0, every keystroke you type is sending a packet to Google," Barzdukas told an audience at the RSA conference in London. "Browser vendors need to be careful with privacy."

Google's browser has already come under criticism from Microsoft over privacy. In September, the software maker said Google Chrome Frame — an Internet Explorer plug-in that replaces IE's rendering engine with Google's — doubled the attack area of the Microsoft browser.

Microsoft is engaged in a competitive battle with Google, which in July introduced Chrome OS, a web-focused operating system that goes up against desktop-focused Windows. Microsoft itself has launched its own search engine, Bing, to compete with Google's market-leading product.

Google has said it is taking a fresh look at the security architecture in both the Chrome browser and operating system so users do not have to deal with viruses, malware and security updates — all of which have affected Microsoft's products.

In her keynote speech, Barzdukas used an HTTP debugging proxy called Fiddler to demonstrate that IE8 does not send data back to Microsoft following each keystroke into its address box. She then contrasted that with the Chrome 3.0 browser, which sent data packets back to Google following each keystroke.

Several of Google's products monitor user activity and aggregate the data collected, with this information being used to serve contextual ads and other features.

Google on Wednesday denied that its Chrome browser compromised user privacy. In an email statement, a Google spokesperson said that Chrome sent typed letters to a web service so that users would have predictive functionality in search.

"In order to offer suggestions of URLs and queries based on what you type, Google Chrome must send the letters you've typed to a web service for relevant suggestions," said the spokesperson. "Google Chrome always uses your default search provider for suggestions so if your provider of choice offers a suggest service, you can use that service and nothing is sent to Google."

The spokesperson said that in Chrome, users can turn off the Suggest feature in Options, under the Basics tab. Furthermore, people can use "incognito mode", where Suggest is automatically disabled.

If the information is sent to Google, the company doesn't log data in 98 percent of cases, said the spokesperson. In 2 percent of cases Google anonymises its logs within 24 hours, the spokesperson added.

Editorial standards