It all started when Microsoft recently announced that its Edge browser used less battery power than Google Chrome, Mozilla Firefox or Opera on Windows 10 devices. It also measured telemetry – what the Windows 10 device was doing when using different browsers.
What it found was that the other browsers had a significantly higher central processing unit (CPU), and graphics processing unit (GPU) overhead when viewing the same Web pages. It also proved that using Edge resulted in 36-53% more battery life when performing the same tasks as the others.
Let’s not get into semantics about which search engine — Google or Bing — is better; this was about simple Web browsing, opening new tabs and watching videos. But it started a discussion as to why CPU and GPU usage was far higher. And it relates to spying and ad serving.
Windows Club found a lot of CPU power went to supporting Chrome push notifications. And it wasn’t just notifications from Google’s productivity software but any company paying Google to allow notifications to be pushed to you – advertising.
It recommended that if you use Chrome you turn them off but there was no intuitive way to do it – the option was either all or none. It found that by copying the following text chrome://settings/contentExceptions#notifications into the Chrome URL bar you could see the hostnames and allow or block the push notifications.
That led to privacy discussions and a host of recommendations about turning on the “Do Not Track” Option (under Settings) but it found that CPU cycles were still being used. It recommended that under “Settings and Privacy” all boxes except “Do Not Track” be unticked.
We Are Anonymous has cautioned about using Chrome’s default settings for search but has added cautions against using OK Google as well as it has wider powers outside the search function – email, calendar, personal information, data, device storage, Google productivity, and cloud, etc. It says OK Google opens up new issues as via its “HotWord” extension it continually ‘listens’ without express permission and may use a web camera to determine if you are in front of the device. But more concerning was that OK Google builds a profile of the user that is used for advertising purposes. It also warned that many of the third-party extensions for Chrome could spy on the user as well.
MalwareBytes has warned that some third-party extensions are a security issue. "Chrome extensions are very much like Android Apps as they require certain permissions (access to your contacts, microphone, camera, etc.) and unfortunately more often than not, they require more rights than they ought to have. Additionally, a lot of people don't understand what those mean and will install these extensions and forget about them. This makes it an ideal situation for threat actors to aggressively push bogus apps and use a little bit of social engineering to coerce end users into downloading malware-laden extensions."
Google blacklists known bad extensions but not those that may spy on your browsing habits. Some of the most popular Chrome extensions like Emoji Input, Speakit, and SuperBlock Adblocker are aggressively tracking their users – with Google’s blessing, as they pay for the privilege.
By installing third-party tracking scripts, some extensions are spying on every page a user visits making it possible to “fingerprint” a specific user’s browsing history and gain access to any pages that include tokens used for authentication like Facebook Connect and shared links from sites such as Dropbox.
The extensions do this by including default permissions that allow access to view all websites a user visits. That browsing data is then put up for sale by third-party analytics services, available for viewing by anyone who pays for a monthly subscription fee.
According to Detectify Labs hackers can disable Chrome’s security features. This is at the level of proof of concept at this stage, but that simply means hackers will utilise it sooner rather than later, and it would enable a hacker to see everything you are doing in Chrome.
I have not looked into other browsers, and that will be done when time permits.
A simple search “Google Chrome spying on you” yielded over 48,000 results. A similar search on Mozilla Firefox yielded over 39,000 results and Opera Browser about 28,000. By comparison, Apple’s Safari has 20,000 results. Any reports mentioned in the article were limited to the last 12 months.
I was unable to do a similar search purely on Edge as it appears to be lumped into Windows 10 as part of its ecosystem rather than a standalone browser.