What stops Google from saving all the information on my computer through Google Chrome?

Question

I noticed that in Google Chrome, if I type in file:///C:/Users/MyUsername/Desktop/ it shows me all of the folders on my Desktop, and I can type open up PDFs and such in chrome just by typing in the file path.

What processes and systems are in place so that Google is not able to copy data stored on my computer? What processes and systems are in place so that someone who writes a Chrome extension is not able to copy files stored on my computer?

And would we even know if Google started pulling little bits of information from our computers here and there? Or already are? — Apollys supports Monica, Jun 11 '18 at 18:55
Might be interested in reading about [Qubes OS](https://en.wikipedia.org/wiki/Qubes_OS). A more practical workaround might be to install a web browser in a virtual box, e.g. in Hyper-V on Windows 10. — Nat, Jun 11 '18 at 20:18
I don't think this is limited to chrome, pretty much any web browser can do the same thing ... file:/// just says the URI is local to the computer it's installed on. — aslum, Jun 11 '18 at 20:34
@aslum Agreed, Chrome was just my particular example. In the answers and other [comments](https://security.stackexchange.com/questions/187556/what-stops-google-from-saving-all-the-information-on-my-computer?noredirect=1#comment368741_187558) it appears as though it's not even restricted to web browsers. — Pro Q, Jun 11 '18 at 20:42
@ProQ the pithy, answer that isn't an answer is: The same thing that keeps any other program from doing so: If it did, it would rapidly become known as malware/virus and blocked by AV programs. — aslum, Jun 11 '18 at 20:44
@aslum Chrome's already [been caught scanning files](https://www.engadget.com/2018/04/07/chrome-cleanup-download-scan/). But, dunno if most folks really care that much. — Nat, Jun 11 '18 at 20:48
Storing the contents of everyone's hard drive would take a lot of storage space and cost a lot of money ...and what, if anything, would they stand to gain from that? Do basic business sense and a desire not to be sued out of existence qualify as process and systems? — HopelessN00b, Jun 11 '18 at 21:30
News flash: Any exe (not just Chrome or other browsers) has basically unrestricted access to your computer. They can also connect to other computers on the local network (or Internet). I thought this was common knowledge. — gre_gor, Jun 13 '18 at 17:23
@gre_gor Not common knowledge at all. I'm planning on majoring in computer science, and I had no idea this was possible. I assumed everything was sandboxed by default. I was talking to my dad about this question and learned about the local network connection. (If you could provide a link on how that connection works, that would be wonderful.) I think computer knowledge is being taught at a very different level nowadays, and very few people know that this is how they work. (Me included until I asked.) — Pro Q, Jun 13 '18 at 18:42
@Nat That really does sound like a bug though, if you already downloaded the files through Chrome then it could have examined them while writing it to your hard drive, it wouldn't make much sense from an espionage perspective to do it again later. — MrLore, Jun 13 '18 at 18:54
@MrLore it was going through files that had nothing to do with Chrome (not even downloaded using Chrome). I still think it was a bug, but a weird example that fits this question quite well. — Pro Q, Jun 13 '18 at 18:57
On a side note, Windows, Word, Excel, Paint, Freecell, and World of Warcraft can all scan your files and make changes to your computer in a manner commensurate with your user permissions. Chrome is no different. It's just another program. — John Wu, Jun 13 '18 at 23:15
@Pro Q Sandboxing is a thing with certain *mobile* devices, and with desktop apps that use a non-native framework like Java, and with special OS setups (eg Linux with apparmor). An .exe (or .scr or .dll for that matter) on a Windows PC or server is only restricted by the user permissions and UAC. — rackandboneman, Jun 14 '18 at 07:16
Actually, google already knows enough about you (us) because they track every link you click on a google search. Nowadays, that's pretty much all you need, since a lot of people don't type the website address anymore but look for it on google. They also usually have all the e-mail addresses (and typically phone numbers) of your contacts, they scan the content of your e-mail, so they know about both you and the sender/recipient of the e-mail, they know which videos you watch and so on. Copying the data on your pc is not going to be worth the effort. — ChatterOne, Jun 14 '18 at 10:48
As an aside, there's plenty of tooling available (albeit not necessarily anywhere near free-of-charge) for analyzing what an application is up to -- if Chrome were accessing content it couldn't be expected to, and then doing network transfers of a comparable size, that's not a hard pattern to detect from endpoint reporting that any big corporation with a large security budget will have deployed across their infrastructure. — Charles Duffy, Jun 14 '18 at 17:07
If you want more security, you typically run programs in a virtual machine, such that they have no access to the "outer" system. — Willem Van Onsem, Jun 15 '18 at 09:35
If you don't trust a software publisher, don't install their software on your machine. — IanF1, Jun 16 '18 at 14:04
I agree with @gre_gor that this is common knowledge that native desktop software you run normally has the same privileges as your file browser. In fact, this question is damn silly. Downvoted. — Greendrake, Jun 17 '18 at 09:55
ANY browser will do that, though the way the data is displayed will be different. The desktop is just a directory on your hard drive, and browsers can see and display those, they've always been able to do this. — jwenting, Jun 19 '18 at 08:55

Arminius · Accepted Answer · 2018-06-12T00:20:28.997

228

What processes and systems are in place so that Google is not able to copy the data on my computer?

None. Google Chrome usually runs with the permissions of your user account. The application can then read and modify local files to the same extent your user account can. (These permissions apply to most of the programs you're using.) So you need to trust Google in that they don't ship a malicious update that spies on you, or keep sensitive files inaccessible to the account you're running the browser with. Alternatively, there are most likely sandbox implementations for your OS that let you run Chrome in an isolated environment with restricted access to the filesystem.

What processes and systems are in place so that someone who writes a Chrome extension is not able to copy files on my computer?

Chrome extensions have limited privileges by default. An extension needs to explicitly request (declare) a permission to interact with documents on the file:// scheme.

Also note that your browser disallows ordinary websites to read or even redirect to file:// URIs. So while your local files are accessible to the Chrome process, they are not exposed to the web.

edited Jun 12 '18 at 00:20

answered Jun 11 '18 at 15:51

Arminius

43,922
13
140
136

1

How would I go about making files inaccessible to the account I'm using to run the browser? – Pro Q Jun 11 '18 at 16:11
8

@ProQ That depends on the access control mechanisms of your OS. Simply speaking, have a separate account and set the permissions of sensitive files so that other users can't access them. – Arminius Jun 11 '18 at 16:17
6

Chrome being able to access your hard drive is why you can upload files by dragging and dropping the filename into a webpage window. "You need to trust Google in that they don't ship a malicious updates that spies on you" Or have vulnerabilities that can be exploited. – Acccumulation Jun 11 '18 at 18:01
@Arminius wow why isn't this known by many others? I knew that google knows stuff, but this is a completely new level. – watchme Jun 11 '18 at 18:28
284

This is also true of almost any other software you run on your PC. Just because it doesn't expose a "file://" browse function, your music player, video player, your Steam games... any or all of them are "trusted" to not scan your stuff and log it. This isn't just a "google" thing. – JesseM Jun 11 '18 at 18:39
27

@watchme - Don't conflate Google with Chrome. *Your* browser, sitting on *your* system can access your files. But (barring anything malicious) Google itself has no access to any of them. – Bobson Jun 11 '18 at 19:16
78

@Bobson Well, "barring anything malicious" kind of bypasses the point of the question. – David Z Jun 11 '18 at 19:28
14

"ordinary web sites are never allowed to read or even link to file:// URIs" - of course no standard (of HTML) prevents a website from containing the character sequence ` – Hagen von Eitzen Jun 11 '18 at 20:47
2

@DavidZ especially since Google's Code of Conduct motto is no longer "Don't be evil". ... – BruceWayne Jun 11 '18 at 22:18
4

@JesseM And sometimes, this trust gets abused. There's this Flight Sim plugin developer who has repeatedly been caught installing password thieving software and malware executable alongside the software, ostensibly as a way to combat piracy. – Nzall Jun 12 '18 at 08:30
2

@BruceWayne Wait, seriously? That's a bit [worrying](https://en.wikipedia.org/wiki/Warrant_canary). – Nat Jun 12 '18 at 19:34
3

@JesseM - While "also true of almost any other software you run", you can block data transfer with outbound firewall whitelists. Which is not something you can do to a web browser (without losing all its functionality). – Nigel Touch Jun 12 '18 at 20:21
1

@BruceWayne & Nat: My understanding is that that provisor, whilst a fun addition that a couple college kids decided to add to their company, doesn't have much legal standing ("evil" not being a legal term), and it's inclusion was becoming a growing concern for much the same way. i.e. Is Chrome version 66.6r... going to be considered evil? Not to most, but some may take issue. It's not about what we think of as the big evils, but the nuisance caused by the differing concept of evil, to each person. – Shane Gadsby Jun 13 '18 at 00:43
7

Not sure where that "don't be evil is no longer Google's motto" story comes from, @BruceWayne. Just open up their [Code of Conduct](https://abc.xyz/investor/other/google-code-of-conduct.html). It's still there, at the very bottom. – Just a student Jun 13 '18 at 09:27
2

@Bobson Actually, Chrome for Windows actively scans your computer and sends info about suspicious files to Google (and ESET, I assume). So, with that amount of orders from the mothership, it's hard to not assume that whatever Google wants from your computer, Chrome will deliver. – Agent_L Jun 15 '18 at 12:44
3

@Justastudent They [removed most references to it](https://gizmodo.com/google-removes-nearly-all-mentions-of-dont-be-evil-from-1826153393), except that single one at the bottom. – molnarm Jun 15 '18 at 15:28
1

@NigelTouch "_you can block data transfer with outbound firewall whitelists_" But then the program could just use the installed mail agent to send the information as attached file to some address. Or if no such agent is found, to open the browser and the file to a file sharing service. It might be slightly more complicated, but not much. (In may even be easier if you don't know how to use the socket API but know how to launch and interact with other programs.) – curiousguy Jun 18 '18 at 09:18

score 86 · Answer 2 · edited Jun 11 '18 at 18:58

86

A piece of unsandboxed software running on a PC/Mac has (generally) the same privileges as the user running it and therefore can access any data that can be accessed by the user.

You are trusting Google (and any other software vendor whose code you execute) not to do anything malicious with that access.

If you don't trust Google, your only option as a general user of software is not to run their code.

The situation with Chrome extensions in somewhat different. Google places restrictions on what the extension vendor is able to do, and when you install an extension it will tell you what permissions you are providing it.

Obviously you are still trusting Google to have coded these restrictions correctly, and you are still potentially trusting the extension authors with some permissions that could be used to take malicious actions.

edited Jun 11 '18 at 18:58

Kevin

202
2
10

answered Jun 11 '18 at 15:51

Rory McCune

60,923
14
136
217

1

If you consider implementing simple sandboxing measures (eg running chrome with different user account, or in a VM, or encrypting critical files and not having them open while chrome is running) out of scope for a "general user", yes. – rackandboneman Jun 14 '18 at 07:21
You can also run the open-source equivalent of Chrome, Chromium. – Nonny Moose Jun 15 '18 at 23:35
@NonnyMoose If you have automatic updates, it doesn't matter if you compiled one version from source, as the update system inherently trust a signature of a provider (assuming the system is correctly designed), and the signer can make you download and run any code he wish. – curiousguy Jun 18 '18 at 08:25
I'ld have expected a "run your browser in a secured container" hint instead of "If you don't trust Google, your only option as a general user of software is not to run their code." — or wouldn't a containerized browser provide appropriately secure separation between OS and program (assuming correct container configuration)? Or was that what "unsandboxed" was meant to exclude? (which would render this comment to being superfluous noise.) – e-sushi Jun 18 '18 at 10:37
@e-sushi A secure container looks like a description of "sandbox". – curiousguy Jun 18 '18 at 17:58
1

TBH I was keeping this answer at a level of general computer user, rather than diving in to the technical details of possible mitigations. If you want to get technical there's loads of stuff you can do , from VMs, to containers to specific OS like Tails. Although all that said every time you do that you're adding a new set of trusted parties (the people who write the isolation software) to your list :) – Rory McCune Jun 19 '18 at 06:27

mattdm · Answer 3 · 2018-06-11T22:42:28.140

40

If you are running a Linux distribution with SELinux, it is possible to have an additional layer of security. SELinux is an OS-level technology which allows tight restrictions on what processes — like your browser process — can access. In fact, in Fedora and in Red Hat Enterprise Linux (disclaimer: I work for Red Hat, on Fedora!), there is a light confinement by default for Firefox and Chrome. This turns out to be difficult and inconvenient to make more strict for most users — see this blog post by SELinux guru Dan Walsh for more.

There is ongoing work in Linux in general to run more user-level applications with greater restrictions (see for example Flatpak).

edited Jun 11 '18 at 22:42

answered Jun 11 '18 at 18:26

mattdm

2,731
1
15
17

Just to throw a couple more examples of application-level sandboxing into the mix: snapd/snapcraft (Linux), UWP (Windows) and Sandboxie (Windows). – Bob Jun 12 '18 at 06:00
1

Also AppArmor, a competing technology to SELinux. (Both SELinux and AppArmor are building-blocks in higher-level sandboxing like snap and flatpak.) – mattdm Jun 12 '18 at 12:51
6

@mattdm I just know AppArmor as *that thing I have to work around to get MySQL working properly on Ubuntu, now.* – user1717828 Jun 13 '18 at 00:37
21

And that's generally the problem with strong security - it gets in the way of user convenience. This is not a bug, but an unavoidable aspect of design, the same way locking your front door when you leave the house means you need to pull out your key to unlock it when you get back home. – Shadur Jun 13 '18 at 07:18
8

@Shadur It's probably more correct to say that it's a consequence of trying to add strong security to a legacy system that doesn't currently have it. If desktop and server apps had always had to explicitly enumerate the permissions they need (in the way that mobile apps do now), there would be a lot less friction. – James_pic Jun 13 '18 at 11:55
You can also run Chrome inside an Linux Container, with limited access to the filesystem. This is what I do. – Josh Jun 13 '18 at 14:08
1

@James_pic agree, but just enumerating permissions is only a (good) first step. Users generally need to be educated to understand what the are granting permission to. Most non-technical people would just accept the enumerated permissions asked for by an app - pretty much like the end user agreements whilst installing software. – Sudhanshu Mishra Jun 13 '18 at 22:53
@Shadur finger print scanning and eye recognition etc are all more user-friendly means of unlocking a locked door that don't involve the user remembering to carry a key and then require them to take it out. Would there perhaps be a digital equivalent? – ESR Jun 18 '18 at 05:06
1

@EdmundReed Even if granting temporary permission is as easy as clicking "Yes", users will develop click fatigue and just automatically click on any security prompt, like in UAC case or mobile app permission dialog – Martheen Jun 19 '18 at 03:20

score 23 · Answer 4 · answered Jun 13 '18 at 22:04

Lawyers. You have a contract with Google stating what they will do / you allow them to do. This is called the Google Chrome Terms of Service . And obviously, you have carefully read it before installing it.

This includes¹ excerpts like this (emphasis by me):

By default, usage statistics and crash reports are sent to Google (…). Usage statistics contain information such as preferences, button clicks, and memory usage. In general, usage statistics do not include web page URLs or personal information, but, if you are signed in to Chrome and syncing your browsing history in your Google Account without a Sync passphrase, then Chrome usage statistics include information about the web pages you visit and your usage of them. For example, we may collect statistics to identify web pages that load slowly. (…) Crash reports contain system information at the time of the crash, and may contain web page URLs or personal information, depending on what was happening at the time the crash report was triggered. We may share aggregated, non-personally identifiable information publicly and with partners — like publishers, advertisers or web developers. You can change whether usage statistics and crash reports are sent to Google at any time. Learn more. If Google Play apps are enabled on your Chromebook and Chrome usage statistics are enabled, then Android diagnostic and usage data is also sent to Google.

Thus, by installing Google Chrome (and not disabling these options), you are granting consent for giving this information to Google.

Would they be technically able to gather more information than what they stated? Yes. Are they purposefully doing it? That's unlikely, as it would place the company in a precarious position should they get caught stealing users data. It is preferable for them to add a note in their policy that covers their gathering (probably including an acceptable rationale like "this will allow us to provide you content more suited to your interests", in an attempt to make it less daunting), as legitimates their practice, and few people read the legal terms, anyway.

Although a story about Google Chrome privacy statements wouldn't be complete without telling how, when Google Chrome launched, its terms of use originally made the user

“give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through” ²

a sentence they were using on other services. After an uproar with this seemingly abusive terms, they updated their terms the next day, stating that for whatever content the user produces using Google Chrome, he retains his rights.

¹ Actually in the Google Chrome Privacy Notice, incorporated by the eula.

² https://www.mattcutts.com/blog/google-chrome-license-agreement/

score 19 · Answer 5 · answered Jun 12 '18 at 16:09

What processes and systems are in place so that Google is not able to copy the data on my computer?

There's not anything in place that makes it so they can't but there's something in place that makes it unlikely that they would: trust.

Google's product is you. They want to know everything about you and be able to predict every single decision that you will ever make. If they can do that then they can encourage you to buy Ford instead of Chevy when it comes time.

They have a social contract with us that says that they'll provide useful tools (and then kill them), like Google Drive, Chrome(ium), Blogger, Gmail, Google Photos, Maps, YouTube, Search, etc., and in return we'll let them mine our information about us with the understanding that they won't do too many terrible things, and that they'll try to make the web a more pleasant place, with more relevant advertising and none of the annoying things that make us want to break someones fingers very, very slowly for putting one of those stupid audio ads online.

Part of that trust is that if we install one of their programs that they won't put code in it that will compromise our systems, or allow them to be.

Because if we don't trust Google, then we won't give them access to the product that they are so incredibly interested in - us. The more we trust Google, the more valuable their product is (us) that they can sell to advertisers. It's in Google's best interest to do things that will enhance that trust - because the more we trust Google, the more they can charge advertisers, because they can say, "Look, we know these people, and they are willing to buy/read/listen/watch the things that we recommend. If your product matches their needs and interests then we will recommend your product to them and they will probably buy it because we were the ones who endorsed it."

That's the system that's in place to make it a very very bad idea for Google to do any kind of badness with Chrome, or any of their other software. Trust is something that's difficult to earn back once it's lost, and Google most certainly knows that.

Then please explain to me: No one I know really trusts Microsoft, yet everyone installs Windows. Why should it be different for Google/Facebook/Amazon/... — Alexander, Jun 14 '18 at 14:56
@Alexander easy - people are lazy and comfortable with the familiar even if it's worse for them. And Microsoft subsidizes the purchase of some hardware, which is why it's usually cheaper to get a computer with Windows installed than with no OS and install Linux yourself. Obviously we put up with a certain amount of Google screwing us - taking away Google Reader, turning more and more into a walled garden (no GTalk/jabber interface anymore, etc.) - Same goes for Microsoft. As long as we can pretend it's not a problem, we'll put up with it. — Wayne Werner, Jun 14 '18 at 15:25
I would disagree about people trusting Microsoft. People gripe about Microsoft, but they don't expect them to be using Windows to record their password keystrokes on purpose, to keep profiles of their porn habits, to try to build a database of their medical history, and then to use all that data against their users. There are degrees and kinds of trust. Also, I think people complain about Microsoft at least in part because it's become fashionable to complain about Microsoft. But I digress. — xdhmoore, Jun 14 '18 at 22:28
@WayneWerner I wouldn't say that Google is necessarily "screwing us". If a third party wants to give you something for free they have an absolute right to in the future not give it to you for free. It would be entirely different if we paid for their services. — dotnetengineer, Jun 15 '18 at 19:49
@dotnetengineer Sure - but as I mentioned, it's technically not *free* - it's just an exchange with an implicit value. — Wayne Werner, Jun 15 '18 at 20:01

Grant Gryczan · Answer 6 · 2021-11-18T20:43:47.443

6

Extending off of Arminius's answer, which is completely true, I would like to make it very clear that the value of trust between Google and the end users is not the only effective value in determining whether your trust in their integrity is fair.

Chrome's base (Chromium) is open-source, so developers can check on that (and do all the time) to see whether Google is implementing anything malicious. Additionally, if Google is to send your personal data/files to their own servers, you would be able to tell using a network log, which is a tool that tracks internet activity through your computer. There's also always good ol' decompilation, for if something like malware in Chrome is implemented and not in Chromium where the source is already open.

I believe it is important to understand that trust is not the only factor to be considered here. There are objective ways to find out whether Google, or anyone else, does these things, and they are checked by others all the time, so there isn't as much reason to worry about Google implementing such malware.

Anybody as a practical company wouldn't have any real reason to insert such malware anyway, since doing so obviously wouldn't cause a net benefit (objective distrust among users, profit loss, things corporations typically don't like). Wayne Werner's answer covers this well.

I am not saying that such a situation would be impossible, but that it is extremely unlikely. The chance of getting caught would deter them.

edited Nov 18 '21 at 20:43

answered Jun 12 '18 at 01:04

Grant Gryczan

185
5

20

Note that analysing Chromium source to determine that it does not contain malicious code does not really help you prove that Chrome itself does not. It doesn't even help you prove that precompiled Chromium builds do not. (Even compiling it yourself doesn't necessarily prove that, if someone has been able to compromise your compiler.) It's generally not practical to verify _everything_ so at some point you have to rely on trust. But there *are* people whose job and/or hobby involves searching for these sorts of things, especially in browsers, which can give you a certain amount of confidence. – Miral Jun 12 '18 at 03:24
@Miral if you use the Chromium package from trusted repositories like Debian, Fedora etc. you can know that someone has at least had a chance to check and remove malicious code (like proprietary binary blobs). If you use Google's Chrome binaries you're completely in the dark. – Nemo Jun 12 '18 at 08:39
About the network log, *you will have a hard time* telling from a log, because Google enforces cryptography almost everywhere and regularly sends analytics information to their servers. I mean, you won't likely have **certainity** of Google misbehaving by just seeing traffic to servers they own. However, research has done a lot of progress on statistical analysis on network traffic so I prefer to keep your statement about the network log in a *grey area* – usr-local-ΕΨΗΕΛΩΝ Jun 12 '18 at 10:05
6

This feels a bit like the idea that "many eyes make all bugs shallow". Whilst that is true in theory, it really isn't likely to be true in practice. security flaws have survived in very well used open source software for *decades* and that was without any attempt to hide them. A well executed attacker would lilkely be able to hide malicious code in something the size of chromium (several million lines of code) without much chance of being detected. – Rory McCune Jun 12 '18 at 19:04
To put malware into Chromium would have to be a team effort at Google. People would have to check each other's commits before letting them be made public. – Grant Gryczan Jun 12 '18 at 23:00
3

Not really; it's actually trivial. Pull Chromium code, merge to malware-containing branch, build. It's the exact same process they're already using (presumably sans malware) since there *is* some non-public code in Chrome. Again, though, this is unlikely to actually happen as it would be trust-suicide if caught, and for an app this high-profile there are people analysing and decompiling the final binaries looking for security flaws and exploits all the time -- which doesn't guarantee it's not there, but it would have to be pretty subtle. You're more likely to get malware from any other app. – Miral Jun 12 '18 at 23:42
That is also true. – Grant Gryczan Jun 13 '18 at 01:02
oh I'm not saying it would be easy, but by using chrome you are effectively trusting that Google are not malicious (whether you trust that 'cause you trust them or trust that 'cause you think it would be bad business practice to inject malware to chrome doesn't make a difference here). the point was that external code review of a codebase the size of chromium a) probably doesn't happen and b) would be unlikely to find an intentionally hidden back door even if it did. – Rory McCune Jun 13 '18 at 08:34
The point that such a case is _extremely_ unlikely is the value I'm trying to convey in my answer. Plus, if people find an objective reason to distrust Google, I highly doubt Google would benefit from it, and thus I also highly doubt Google would have any real reason _to_ insert malware. Again, my answer is based on that the situation is unlikely, not that it can't happen. It absolutely can, but only if there's an unchecked, rogue Google employee free of all logic, or if Google suddenly becomes against the idea of profit. – Grant Gryczan Jun 13 '18 at 18:17

score 3 · Answer 7 · answered Jun 13 '18 at 14:06

3

Arminius's answer of "None" is the most correct answer... I just wanted to add an answer which was too large for a comment:

What processes and systems are in place so that Google is not able to copy the data on my computer?

If you have one, and it's properly configured, your Outgoing Firewall can hold this responsibility... the problem is, since there;s so much traffic when you're browsing the web that it quickly becomes infeasible to set up the rules properly.

As an example, here's a screen shot of what happens on my computer without a rule allowing Google Chrome network access globally:

If you knew Chrome was contacting a google domain for malicious usage, you could deny that:

The issue is that while browsing the web there's such a wide variety of domains that it would be trivial for Google to "trick" users to allowing content to a domain and bypassing this restriction. But, if you're externally careful and targeted (read: paranoid) this is one method you could employ.

answered Jun 13 '18 at 14:06

Josh

1,096
9
13

3

This is a bit silly though. If you don't trust the domain `google.com` then you shouldn't be using Chrome in the first place! Also, if you just wanted to block access to particular domains, there are easier ways of doing that (one way is to set them to localhost IP address in your hosts file, among other methods). – Muhd Jun 14 '18 at 04:43
Agreed @Muhd regarding if you don't trust Google, don't use their browser... but that was the question. Note that setting `google.com` to `127.0.0.1` or something else in the hosts file does not block applications from accessing google, it just (probably) causes the system's DNS resolver to return that IP. And, this was an example... I use this technique with software that I don't want to call home, or limit outgoing communication to my LAN / my servers, for example... where I don't know what it will talk to but I know what I'll allow it to talk to. – Josh Jun 14 '18 at 12:39
1

Fair enough. It does seem like a useful technique to be aware of. – Muhd Jun 15 '18 at 01:15

score 3 · Answer 8 · answered Jun 18 '18 at 02:47

There are several answers to this, including an accepted answer, but none to my judgement captures the appropriate nuance.

The nuance involves the distinction between "policy" and "mechanism." This distinction transcends technical systems, and, not to put too large a point of it, exists in all areas of regulated human endeavor.

In the large, there is no mechanism preventing your doctor from revealing your sensitive medical data, technically encoded or no. In the small, there is no mechanism preventing the garage where you park your car from giving your car to some other party. In a free society, anyone can do most anything without immediate oversight or ramifications. In other words, there are no direct, immediate mechanisms preventing bad behavior.

Instead there are policies- implicit ones usually called norms that most people learn by kindergarten, and more sophisticated explicit ones called statutes and laws and similar- which have mechanisms of enforcement, to be sure, but under which the vast, vast majority of compliance occurs without those enforcement mechanisms being exercised. This is obviously the trust point mentioned in the other answers. A free society is only possible with a culture of very, very high trust.

In software, we are used to thinking of things in terms of mechanisms- such and such is impossible because of this and that technical difficulty. What is important to understand is in software, even more so than in the real world, ALL mechanisms are transient and fungible. What was impossible yesterday becomes commonplace tomorrow.

So the ONLY thing "preventing" anything bad from happening in the use of a piece of software is ultimately policy- implicit norms and compliance with explicit rules- Privacy Policies, Terms of Service, and so on. And if you read those carefully you realize that no one makes any useful legal promises to not do anything bad.

So be careful out there. The only thing you have is your ability to make informed judgements about trust.

I think [Wayne Werner's answer](https://security.stackexchange.com/a/187632/176607) had a similar sentiment, but I appreciate the clarity on the differences between policies and mechanisms. — Pro Q, Jun 18 '18 at 14:46

score 2 · Answer 9 · answered Jun 13 '18 at 15:34

2

What stops Google from saving all the information on my computer through Google Chrome?

Unplugging your computer from the network will do this. To further secure your computer you can also turn off wifi, bluetooth, etc., and always use only manual input with no removable devices along with RF shielding to protect against EM leakage. That will protect you from everything except physical intrusion.

For that, operate in a SCIF, or encosed secure farady cage with equipment that complies with ICD 503. Require operators to remove all clothing and other objects, and perform physical searches including x-ray before physical access to prevent introduction any bugging device. Also perform the same search on egress to ensure nothing is being removed.

answered Jun 13 '18 at 15:34

ggb667

152
2

4

While this generic answer is a perfect field manual for tin foil hatters, it does not provide an answer to the question asking "What stops Google from saving all the information on my computer through Google Chrome?" – e-sushi Jun 18 '18 at 10:44
In other words you have no idea, right? – SantiBailors Jul 12 '18 at 07:01
Unplugging prevents any information from being removed from your computer. Thats the only thing that works. Google wants ALL your information. What do you think the colud, google docs, etc. is for? – ggb667 Jul 18 '18 at 18:25

What stops Google from saving all the information on my computer through Google Chrome?

9 Answers9