Comments on: Google's Omnibox could be Pandora's box

If you are not careful with your privacy settings, Google has the right to log every keystroke you type into Chrome's address bar.

[SnidleyWhiplash]

But, but, but... but their motto is "do no evil"... so that must mean that even though they're doing these things in less than transparent ways, it must all be for the greater good, right? The good of the shareholders, anyway. Why is anyone still surprised that Google is going to snarf all your data and make money off of it... it's the entire purpose of the company! What' *is* still surprising is that any individual or business with confidential or proprietary data would ever make use of -- or allow its employees to make use of -- any Google App or this new browser.

[The_Decider]

Any company that has to explicitly state that they aren't going to do evil is one to doubt.

Just like some brainless pop singer saying she is going to "keep it real".

If people are dumb enough to use this, then they deserve everything that can happen to them.

[Hardcode]

I really want to see some of the spin that the fanboys come up with to defend Google on this. Come on guys, get creative.

[skiwithpete]

Do you use NoScript in Firefox? Otherwise Google already collects so much information about you that a few search keystrokes ain't gonna make no difference no how.

[kojacked]

No need to get the privacy advocates' undies in a bunch. Entering text for a search is akin to walking in to a public space shouting "anyone here that knows how much Google's stock rose today". People hear each word as you utter them (i.e. like typing in the search or address bar) and can turn and look towards your blow hole (i.e. knows your PUBLIC IP address) to see who making the request. Ok so your are shouting from your bedroom window; you are still making it a public matter.

Besides it's not like Google is browsing your hard drive for data and uploading useful information for it's business when you use their browser.

[The_Decider]

I see you didn't read the article, it will also log any keystroke, even if you didn't enter it. That means it is logging your thoughts as well and your "shouts"(which is a fairly poor analogy).

If you are going to support this, at least understand it.

[Vegaman_Dan]

If you use the browser to view a website, directory listing, or even a list of files on your own local machine, those results are recorded and sent to Google for them to use however they wish. Their EULA gives them the right to do whatever they want with it.

It gets even better with one line in their standard services EULA which this falls under:

"By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."

So... be careful in viewing artwork online. If you can see it on the screen, Google now reserves the right to do whatever they want with it, including selling it, modifying it, etc. Your continued use of the product is all the permission they need. Now I expect that has yet to be tested in court, but it's a dangerous thing indeed.

[kojacked]

"Google will have access to any keystrokes that are typed into the browser's Omnibox,"

They track just the Omnibox, not every textbox. Looks like I read just fine. People see Ina talk down "auto-suggest" and forget that he/she is speaking in context of the Omnibox. If google wants to know where I want to go or thought I might want to go that's fine by me. Hell they already know what I search on when I use their search engine.

[Vegaman_Dan]

Well, Google *has* stated publically that they don't care about your privacy and fully expect to use any information they get for commercial purposes. If they get a hold of your bank account information because you didn't quite hit that enter key, then that information should be available online for others to search for.

Good job, Google. You just made it even easier for identity theives to steal information- you'll let them search for it.

[timber2005]

That is actually a very very very good point. Kind of like that issue with teh Google Toolbar allowing access to cached private data, if you made a change to a URL that had a unique ID tied to your account, that would be cached by google and allow them (potentially) to have access.

Not good at all.

[The_Decider]

I hate to agree with you, but I have to.

It is pretty scary what Google hacking and normal searches can bring up right now. With people using this browser, even more info will be available to anyone.

[gagahput3ra]

Lots of things smell fishy on this Chrome release, the box, the "send your usage statistics" checkbox which is already checked when installation, then now this omnibox case....

Google needs to clean up this trace if they want to continue become an angel that's always watching people and tracking what we do. If not, then bye2 Google, i'm moving to Cuil. (Which already wants to kill me anyway)

[Galphanore]

I don't know what you installed, but the box isn't checked by default in chrome.

[The_Decider]

So much for this not being pure spyware.

Open source or not, that doesn't mean it isn't malware. Google seems to believe that its users will accept any privacy or invasion, sadly they are correct.

[The_Decider]

Its policy of forcing users to choose to opt out of privacy violating features puts Google squarely in the do evil category.

If they had any ethics or morals, everything, including web spiders would be opt-in.

[skurewu]

So Google knows what you're searching for and what URL's you're typing in the address bar, so what? Unless they can connect the dots on who is the user (which involves mapping an IP to an ISP customer) and the information they've typed, an individual's privacy has not been violated. ISP's have much more power when it comes to privacy and Internet history trails. The only thing to get mad about is the fact that Google is profiting off a users regular use of a web browser URL box, but it's not like any of us were going to make any money selling that information independently. The only people who have to fear this feature are people going to illegal sites that can prompt an ISP to reveal a customer. The bottom line is that the ISP is the gate keeper, Google cannot determine any user's identity alone.

[Vegaman_Dan]

Their EULA allows them to capture whatever is on your screen as well for use however they wish. This includes your bank account information, social security information, children's information, etc. Anything you see on the screen is now theirs to use as they see fit. It's an incredibly bad idea. The EULA is standard for all their services, and that has applied to Gmail too for years now without any issue, but just because they haven't done anything with it doesn't mean they will not later. It's just a bad setup from the beginning.

Imagine the chaos this could cause if you worked at a health care company and used the browser to search for internal sites. Those sites and names may not be publically available normally outside the company, but with this they now are. It's a HIPAA nightmare right there alone. As a result, corporations may have no choice but to ban any and all Google usage on their systems and that would include search and email.

Granted, a lot of this is 'the sky is falling' sort of thing, but with Google's blatant policy that there is no such thing as privacy, it becomes a bit more scary.

[Vegaman_Dan]

UPDATE: Google has announced the will be modifying the EULA to remove the content language that has people up in arms. They will still continue to collect anything you type in the address/search bar however. You will need to change the security settings to prevent that from going back to them.

So not as bad as it could be, but privacy is still an issue.

[fogr4]

If you use google mail, google knows your email address and your URL. Now you decide to search from the same URL, and google knows what email address did the search.

[fogr4]

Sorry, that last posting was slightly incorrect. It should say:

If you use google mail, google knows your email address and your IP. Now you decide to search from the same IP, and google knows what email address did the search.

[The User]

One of the reasons I'd never use Google products outside of their search engine. Similarly, I wouldn't use MS web products, aside from Messenger.

[Galphanore]

Typing in the omnibox is exactly like typing in the search engine. They receive the same information, they just receive it before you hit submit. Honestly, what are you typing to your address bar/omnibox that you wouldn't type in a search engine?

[bruceone]

I wonder what wouldnt feel someone accessing porn having incognito off, and then days after the girlfriend receiving tons of ads related to dolls and such...haha

[onlyauser]

TRIED Chrome and I liked it, however, if this is the case I will NEVER EVER use CHROME AGAIN and Google can BURN in Internet HELL!

[Shoogle2]

Wow, the tinfoil hats have been donned in record time for this one! Until this thing stealthily installs itself and begins sucking your passwords dry, let's not go over the malware cliff just yet.

[The_Decider]

The EULA is the very definition of malware.

[graceinhim]

If you don't believe that what ever you do no matter what browser or ISP you use on the internet is being logged then you are kidding yourselves.

[The_Decider]

That excuses it? Firefox doesn't do this. Neither do Opera, Safari, or Seamonkey.

My ISP is legally bound to keep what I do private except if a warrant is produced. My ISP(Qwest) has proven its commitment to privacy. Google is different, they are looking to trace what you do and say for its profit.

If you can't see the difference, then don't come here crying when Google has a cached page of your bank account records with your name, account number and SSN on it.

[smist08]

Google seems to have turned plenty evil:

I received this from a security officer of another organization, and I believe it to be worth consideration.

?The Google Chrome Browser has been put on the banned software list. If you have it installed please remove it from your system. Google has included some extremely harsh terminology in their user license that gives them ownership of content you view through the viewer. In our environment that could include source code, proprietary information stored in pdf?s viewed on line and other [companyName] property. Until we can research the impact, this browser will remain on the ?do not install? list.?

The section of the license agreement in question is:

?"By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services."

[Vegaman_Dan]

Google has backed off this and will be making up a new EULA that will address these issues. They haven't *yet*, but they do plan to and make it retroactive. That said, it doesn't address the text entered on the search/address bar at all, which *is* keylogging what you are doing. I can see why corporations might want to think twice about allowing this on their system.

This 'organization' you got this email from woudln't happen to be in Redmond or Cupertino, would it?

[Galphanore]

Let your security officer know they've changed the license agreement, that section now reads "11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services."

[HighlySuspicious]

Hasn't all this same information been logged in 'Google Web History' for years now? What makes it any different other than they are doing it THROUGH THEIR OWN BROWSER now?

[The_Decider]

No, this is information that would never otherwise touch Google servers.

Using a Google browser means that EVERYTHING you do online can be cached and used in any way, including making it public.

This is a significant difference.

[kaibelf]

Huge HUGE difference. This one is logging your information as you type, before you actively implement a search at all! It's essentially a keylogger, which is WAY out of bounds for a sensible person. One typo and you could end up on the bad end of legal action, for example.

[drbasic]

I downloaded and intalled Chrome and then came here, I am back on Firefox . Firefox was snappier at loading the news.com and a few other sites I tried. I did not try and do just plain java script. Just normal website rendering with plenty of images and firefox is still the best browser out there. Feel free to try it yourself. There is a weird lag in Chrome where it is downloading web pages, it is real apparent when it is not cached maybe it's not properly threaded.

After reading this article there is another good reason not to switch.

[dmole]

I will admit I am not the smartest person when it comes to browsers but... the whole blurb about having rights to what you submit.... Doesn't that just cover their rears in regard to displaying their search results and how they come to those results based upon your searches?

[Galphanore]

It does, and they've clarified it. Read the current (As in updated three hours after chromes release, two days before this article was written) license.

[jsutaguy]

1. Your ISPs are not only logging your search terms, they are logging the content of email that you send and receive. It's called Deep Packet Inspection, and it makes Google's logging look like little bo peep. By ISPs, I mean AT&T, Comcast, Verizon, Charter, etc. As someone above pointed out, if you think that your web activity is not being monitored, you are out of your mind. Specifically, the "Patriot Act" gives the FBI the right to, without a warrant, monitor all your 'electronic transmissions'. This includes all your internet activities. This is NOT tinfoil hat stuff, it is well documented. Of course, once the FBI had this 'right', they reasoned that it was a good idea to monitor ALL interenet traffic, in case they ever needed to go back and see what somebody was doing last week, or last month. Google "Carnivore". Real program, supported by real hardware that has been installed in AT&T....one of their engineers discussed the installation of a secret server room which used NSA equiv dead man traps to enter/leave, and which only US government agents were allowed to access. Installed in AT&Ts main router room.

The ONLY way to surf anonymously is via an anonymizer like Tor, and the use of a VPN to an anonymized server. Even then, I'd bet the government has figured out to track you (maybe the built in NSAKEY in the Microsoft security DLL?) Google NSAKEY for THAT info.

*Sigh*...whatever happened to the USA I once knew?

[4score20]

*Sigh*...whatever happened to the USA I once knew?

It never existed. It was a self-perpetuating myth; a dream. The natural consequences of waking up from it is disapointment, which is probably what you're feeling. Welcome to the waking state!

[Foggy]

I read most of Google's EULA and I immediately set it up so it won't get my information legally. First look gives me zero need to use it. It's home page is bland and uninspiring, like Firefox. I'll try it out some more but will probably delete it. I'm writing this comment while in Flock. the premier Netscape inspired Browser. This browser could be a big problem for Google down the road, nobody likes Big Brother recording your every move.

[TV James]

So how often do we type something incriminating into our address bar and then not do anything with it? It's not like I'm typing "I'm going to steal a car from the Google parking lot at 3 pm today." and then erasing it and going to CNN.com.

Or type "playboy.com" and think "oh, wait, I meant playskool.com"

Of course people are going to raise a stink, and yeah, I'm sure people more paranoid than myself are going to flame me with responses, but frankly, I'm not sure I understand all of the hullabaloo.

Granted, I will concede that it doesn't sound entirely "not evil" and do they really need my IP address? But I'm not ready to go running around "The sky is falling."

Especially for a browser that doesn't do true full screen, doesn't offer searching inside fields, doesn't do Firefox add-ons and pretty much fails to run Remember the Milk. It's a shiny new toy that stole the Pokemon logo, but it's not something the world is going to be turning to any time soon.