Image: Johannes Eisele (Getty Images)
One of Google’s most recent efforts to promote user privacy has turned out to be a scam. The company has launched a feature designed to clear Chrome browser caches and cookies, but it would be accidentally making an exception for some of its sites.
This loophole was discovered when iOS developer Jeff Johnson realized that after configuring the browser to clear cookies and cache after each session, the feature worked perfectly for all sites. Only two pages were not included in the process: Google and YouTube.
Johnson documented the experience on his personal blog. When closing Chrome, the two Google sites had their cookies removed, but kept the data in what is known as “local storage”.
Although cookies are intended to track your behavior on the web and link this data to multiple sites (especially those linked to shopping and advertising), local storage data for a specific site should only be applied to that page so that it can be accessed Again the next time you visit it.
This difference, from a tracking point of view, becomes smaller when the website and browser are owned by the same company.
Using the Chrome LocalStorage Manager extension, the data that Google and YouTube add to local storage appears to include more, such as device ID and GPS location.
Google has not yet responded to our request for comment on the breach, but a company spokesman told the site The Register that the company is not secretly capturing data from Chrome users. She just answered that it is a bug in the browser that specifically targets “some primary Google sites”.
“We are investigating the problem and plan to launch a solution in the next few days,” added Google.
There is no way to prove whether this was simply a bug, as Google claimed. However, this type of error is very similar to other situations in which the company ignored user privacy requests. Some notable examples include:
- Track users’ locations using Google’s Maps and Search functions, even after those users have chosen to pause sharing.
- Chrome syncs sensitive data when even if users choose not to authorize this feature. This practice was the subject of a lawsuit in July, which claimed, among other characteristics, that the practice violated Google’s own privacy policies.
- To claim that one of your browser identifiers did not contain personal information when, in fact, it possessed that data.
Well, if not even the company’s employees understand the privacy settings of their products, you can’t expect much different from that.