Why you should never use Google Chrome on your iPhone, iPad, or Mac
If you’re one of the billions of Chrome users, Google just gave you a really good reason to quit. The exhibition of austere data collection and the silent introduction of “sinister“The new tracking has been the best reason for years to switch browsers. Now, for Apple users, there are even more reasons why you should make a change.
With Chrome, as with Pictures, Gmail and Plans, you have to remember that Google is in the advertising business, not the apps business. Its entire business model is designed to generate revenue from you and your data. And now security researchers have released a simple demo – featured here first – on why iPhone, iPad, and Mac users should never use Chrome instead of Safari.
Google enables “Incognito” browsing in Chrome, telling users “if you don’t want Google to remember your activity, you can browse the web privately.” Even this has not escaped controversy, with claims that the data has still been collected, but Google’s new FLoC tracker will likely see many more users flipping the incognito switch.
In Incognito mode, your browsing history and everything you enter on websites are forgotten at the end of the browsing session. There are still cookies in the background, but these are also deleted at the end of the session. And the dreaded third-party cookies are disabled by default. This is all good. But there is a nasty little trap.
There are two pieces of data when we browse the web these days. First, we all tend to use LOTS of tabs, often keeping dozens of websites open while we search, work, or research. And second, maybe because we have such an array of websites on the go, and because our devices are always on, we rarely leave all of those tabs and close our browsers.
Safari also offers private navigation. Just like with Chrome, “your browsing details aren’t saved, and websites you visit aren’t shared with your other devices.” With Safari, “browsing launched in one tab is isolated from browsing launched in another tab, so websites cannot track your browsing over multiple sessions.”
But Chrome does not works like that. With Incognito Mode running, all the tab you open joins the even, single session. As Google explains, there is no separation between the tabs, “if you have one incognito tab open and you open another, your private browsing session will continue in the new tab.” To end the session and delete your information, you must close ALL private browsing tabs. Since we manage many tabs and keep our browsers open for long periods of time, this is a hidden privacy risk.
Security researchers Tommy Mysk and Talal Haj Bakry (@mysk_co), the duo who exposed Apple’s clipboard problem, have put together a video showing how these private session leaks create privacy breaches. “While third-party cookies are blocked by default in incognito mode,” they warn, “third-party iframes such as Twitter and Facebook integrations can, under certain conditions, still track users.”
It’s not as bad as direct tracking in normal navigation, “but if the user has signed in, a service can associate some referral information in the link with their account. Chrome is not alone. Other browsers work the same, but “this won’t happen in Safari because it provides a separate session for each private window and tab.”
Safari’s private browsing is truly private. But such navigation has drawbacks and can be painful: not being remembered when you revisit the sites, logging in each time. And so, for most of us constant private browsing is too much like hard work.
And that gives you even more reasons to ditch Chrome for Safari. Mysk and Haj Bakry provided a second video showing how Chrome and Safari handle third-party tracking cookies out of the box in their normal browsing modes. By watching this video, you can see exactly where the different philosophies come into play. Privacy is not a marketing concept – it is a philosophy behind the way technology is designed.
If you are using Safari, you can browse in normal mode, remembering when you return to sites, logging in automatically as you do. But there’s a difference between these user-friendly “remember me” cookies and the dreaded third-party cookies that follow you from website to website, reporting your behaviors to ad companies and data giants.
Safari blocks these third-party cookies by default in its normal mode. Considering Google’s business model, it’s hardly surprising that Chrome doesn’t do the same. “Not only does Safari block third-party cookies by default,” explain Mysk and Haj Bakry, “it also removes first-party cookies for websites that have not been visited within seven days … Safari treats cookies with more than care than Chrome. “
So, whether it’s normal browsing or private browsing, Safari has some clear advantages over Chrome. And you can see the difference in the data everyone collects by comparing their privacy labels. Since Safari is the base browser on every Apple device, there’s really no excuse for using Chrome.
This browser battle is about to escalate dramatically as Chrome progresses on its FLoC track and then moves on to full deployment. This will set it apart from Apple even more, as the nuances of algorithmically categorized users identified by common navigation links will become apparent. The private lobby is appalled by this concept. There are far too many potential issues as FLoC is combining with other tracking and fingerprinting techniques to be comfortable with it anytime soon.
There are also deep potential issues with the one-party nature of FLoC, run by Google and deployed on its dominant browser. And so, while the nuances of private browsing sessions aren’t an issue, FLoC certainly should be.
In this pivotal year for privacy, it behooves all of us to reward those apps – like Safari, in this case – that compromise the breadth of their own aspirations to preserve our privacy. If we continue to use products and services that have sprawling privacy labels, that aren’t private options by default, that aggressively monetize our data, we’ll send a message that we’re fine with it.
Please don’t do this.