Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth

www.theregister.co.uk | 2/4/2020 | Staff
Click For Photo: https://regmedia.co.uk/2020/02/05/shutterstock_google_chrome.jpg

Analysis Google is potentially facing a massive privacy and GDPR row over Chrome sending per-installation ID numbers to the mothership.

On Tuesday, Arnaud Granal, a software developer involved with a Chromium-based browser called Kiwi, challenged a Google engineer in a GitHub Issues post about the privacy implications of request header data that gets transmitted by Chrome. Granal called it a unique identifier and suggesting it can be used, by Google at least, for tracking people across the web.

Others - Europe - General - Data - Protection

He and others argue this violates Europe's General Data Protection Regulation, because the identifier could be considered to be personally identifiable data.

Google did not respond to a request for comment, but its description of the header suggests it would argue otherwise.

Browser - Page - Server - HTTP - Request

When a browser wishes to fetch a web page from a server, it sends an HTTP request for that page, a request that contains a set of headers, which are key-value pairs separated by colons. These headers describe data relevant to the request. For example, sending the header accept: text/html tells the browser what media types it will accept.

For years, since 2012 at least, Chrome has sent a header called X-client-data, formerly known as X-chrome-variations, to keep track of the field trials of in-development features active in a given browser. Google activates these randomly when the browser is first installed. Active trials are visible if you type chrome://version/ into Chrome's address bar. Under the label Variations, you're likely to see a long list of hexadecimal numbers similar to 202c099d-377be55a.

Line - Chromium - Source - Code - File

Referenced on line 32 of this Chromium source code file, the X-client-data header sends Google a list of field trials available to the Chrome user.

"This Chrome-Variations header (X-client-data) will not contain any personally identifiable information, and will only describe the state of the installation of Chrome itself, including active variations, as well as server-side experiments that...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!