Why you shouldn’t use Google Chrome

Until now I used Chrome with a few settings tweak like disabling sending usage statistics, uBlock origin, no crash reports and so on.

Then, when checking why one my newly installed WordPress themes was using some Google fonts, I came upon Chrome sending this with a GET request:

x-client-data: CJW2yQEIpLbJAQjEtskBCKmdygEI67jKAQisx8oBCPbHygEItMvKAQjc1coBCJeaywEYisHKAQ==

If you check with Chrome’s own Network analyser tool, it’ll automatically explain what it is:

message ClientVariations {
  // Active client experiment variation IDs.
  repeated int32 variation_id = [3300117, 3300132, 3300164, 3313321, 3316843, 3318700, 3318774, 3319220, 3320540, 3329303];
  // Active client experiment variation IDs that trigger server-side behavior.
  repeated int32 trigger_variation_id = [3317898];
}

If you type about:version into Chrome’s URL bar, it’ll display something like:

Which is a long list of “variations”. Google claims this is used to allow rolling out features from their servers to only a small subsets of users (so they do need a kind of unique ID for that). So for example if you’re watching Youtube, you’d get the new UI refresh only if your ID is included.

Can that ID be used to track you? Yes it can. And if it can, you can be 99% sure that Google is doing it.

You cannot remove that feature. The suggested workarounds are to disable “send usage statistics” which restrain that ID to 13-bits (which, with your IP address is still more than enough to track you) or run Chrome with some obscure flag that makes it generate a new ID on startup, which is useless if your browser is running all the time.

As for me, I’m switching to a better browser.

Author: David Gerber

CEO of Zapek Software Engineering

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.