Microsoft slings mud at Google Chrome

Accuses browser rival of 'stealing privacy'


Microsoft has publicly attacked Google Chrome, accusing its arch web rival of compromising user privacy with the browser's data-gathering address bar.

In a video posted to Microsoft's TechNet site and tagged with the title Google Chrome Steals Your Privacy, Internet Explorer product manager Pete LePage uses a web traffic logger to show Chrome sending data back to Google as he types a url into browser's more-than-an-address-bar, dubbed Omni Box.

"As I start to type an address into the address bar, [the traffic logger] shows that for nearly every character I type, Google Chrome sends a request back to Google," he says.

"I haven't even hit enter yet to visit the website and Google is already getting information about the domain and sites I'm visiting.

Then, of course, he fires up IE 8 and uses the same traffic logger - the Fiddler web debugging proxy - to show that IE 8's address bar behaves quite differently. "As I start to type an address into the address bar, Fiddler shows that nothing is sent to Microsoft and that traffic list remains empty until I hit enter," LePage continues. "Then Internet Explorer only pulls the information from the website I requested and nothing is shared with my search provider."

Unlike Google, LePage says, Microsoft keeps the address bar completely separate from the search box.

After the video received some less than favorable press coverage, Microsoft has pulled it from TechNet. But site search still turns up the original title and description - "Watch a demo on how Google Chrome collects every keystroke you make and how Internet Explorer 8 keeps your information private through two address bars and In Private browsing" - and you can also still see LePage take it to Chrome below (naturally, it's a Silverlight video).

Get Microsoft Silverlight

Yes, Google Chrome combines address bar and search box into a single "Omni Box" where users can either enter urls or key in search terms, and yes, this means that by default, individual characters are sent back to Google before you actually visit a webpage. Google uses this information to suggest urls and search terms, painting the setup as a user convenience. But you can bet that first and foremost, it was designed to provide the company with additional data on the habits of web users - and funnel more web navigation through Google's search engine.

The trouble is that the situation is a bit more complicated than LePage lets on. After being hit with privacy complaints when Chrome first launched as a beta, Google now says it stores only a random two per cent of data keyed into the Omni Box and that it anonymizes this data after 24 hours. Plus, if you choose to use someone other than Google as your default search provider, Chrome sends your Omni Box keystrokes to that provider instead. And you can turn suggestions off.

Of course, we all know that most people just stick with the defaults. And Google likes to play games with the word anonymize.

Though it has removed its video from TechNet, Microsoft at least stands by its position that IE 8 is a browser that puts privacy in the hands of the user. "Browsing the web is the number one thing Windows customers do when they boot up their PCs - Microsoft believes people should be in control of all of the elements of how they want to browse," the company tells us.

"Microsoft believes your browser is yours and that you should know how you’re sharing information and how to opt-out of that experience. With a billion customers using Windows, there are almost as many opinions about each individual’s privacy online and we believe that Internet Explorer puts Windows customers in control of what and how they share their information."

No mention of Chrome then.

What we would add is that however you judge Chrome's effect on privacy, there's another issue worth examining. Omni Box doesn't just provide Google with more data. It pushes users even further into an embrace of Google's search engine and its accompanying search ads. As Harvard professor and noted Google critic Ben Edelman points out, Omni Box has a way of nudging users towards ads for sites they intended to visit on their own.

When you begin to type a url, Omni Box doesn't just suggest urls. It suggests searches too. If you key in the first few letters of "Expedia.com," the first suggestion is "Search Google for expedia." And if you search Google for Expedia, you get an ad for Expedia.com.

"Omnibox makes it so easy to run a search and it makes it somewhat harder to run a direct navigation," Edelman has told The Reg. "Chrome is encouraging you to search. That's in Google's interest. But is that in your interest? Is it in the advertiser's interest?"

You might say that Microsoft's video muddied the waters. But it's not the only one. ®

Similar topics

Broader topics


Other stories you might like

  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading

Biting the hand that feeds IT © 1998–2022