"'Watch a demo on how Google Chrome collects every keystroke you make and how Internet Explorer 8 keeps your information private through two address bars and In Private browsing.'
[Install Microsoft Silverlight logo]"
I'm using Linux. There's something a little off about that pitch. "Come, let us show you how evil our competition is. Please install our massive runtime with which we intend to completely take over the web." Yeah, I know it's not all directly comparable, but still... off.
Well, what is your preference then? "Please install this other bloated runtime from Adobe that actually DOES have a chance of taking over the web"? Or how about "here's the video that only 10% of the web users can see, runtime or not"?
I'm not sure how I feel about the first claim (having just read the article) but the author misses the point. Whether it sends the information to Google or Bing it's still the violation of privacy is the fact that everything you type is being sent somewhere. In fact it's made worse by you being able to use other search engines because it means other companies could abuse the information even if Google doesn't.
Again I'm not saying I agree with Microsoft. In all honesty anyone who uses Chrome should realize this is happening (since it uses the Google auto complete when you start typing and so would have to send keystrokes back). But it's something to think about.
The problem with Microsoft's accusation is that IE8 does the exact same thing, just not when you type in the address bar. You have to type in the search bar in IE8 for every stroke to get sent to Bing.
Not sure what the downvote is for. From the article:
"The same behavior occurs in IE8, but only in the search bar. LePage is only correct in his assertion that IE8 does not send information to anyone when the user types into the address bar."
Well, when you put it in the search bar, your intention is to send the information to the search provider, after all, that's the whole point of the search box. However, with Chrome, as the two boxes are merged, the autocomplete function sends every keystroke to the search provider even when you wanted to go to a website directly, information that the search provider doesn't need at all and that is maybe private.
Why do you actually need two separate text boxes? If you don't type a valid URL, your text becomes a search. You can easily pick which search engine to use, if you don't want Google logging your searches.
Does the combination search/URL bother you for some reason?
Edit: If you're worried about the silly auto-suggestions issue, just uncheck the setting in the "Under the Hood" options tab: "Use a suggestive service to help complete..."
This was the whole point of the first half of the video. I want auto-suggest on for web searches and off for everything else, as explained in the video.
Either they stuff an address in the bar and it 'works', or they mistyped it or didn't type a valid URL, and it shows them the google results, and they click on the thing they wanted.
So I think yours is a niche usecase. In any event, probably best for you to just disable auto-suggest, and bookmark http://google.com :/
"Most users don't see a real distinction" is why Microsoft's design is so smart. It protects the user's privacy more often, without the user having to really think about it. And, at the same time, it lets users use auto-suggest for web searches, which is very useful.
I do agree that I am in a niche, in the sense that I care about maximizing online privacy enough to discuss it and try to improve it. But, privacy is not a niche feature, and people who don't know about privacy problems/solutions still deserve privacy.
It's been a while since I first installed Chrome, so I don't remember exactly, but doesn't it prompt you to let you know about this? Despite some of the privacy allegations against Google in the past, I've found they've always been very clear about privacy implications with using their downloadable desktop software. The Google toolbar, for instance, warns you explicitly when you enable features (like Page Rank meter) that would result in information being sent to Google.
Interesting. I hadn't noticed that, but you are right. I only get suggestions for searches I've made during my incognito session (so stored locally in the browser's memory) or for pages in my history for that session.
Of course it sends information back to google, that's how autocomplete works!
The real question is, do they still store urls typed if you disable 'Collect usage statistics' ? I would hope not, but this article doesn't address that.
The point of the video is that IE8 separates the address bar from the search box, so that nothing gets sent over the network when you are just typing in a URL or searching your history. Some might argue that the IE8 design is worse from a usability standpoint, but it seems clearly better from a privacy standpoint.
Back around IE4 or so, everybody was bashing Microsoft on privacy, because if you typed something that wasn't a URL and pressed ENTER in the address bar, IE would do a MSN search automatically.
Knowing the type of information someone searches for on the internet will tell you WAY more about them than the URLs they TYPE. To access specific sites, many people use bookmarks\links anyway.
Microsoft's argument is akin to saying: Beware of using the new electrical mixer! It includes the option to use electricity, and electricity can cause electrocution. Use our hand operated mixer instead, it does not have that risk.
For this article to bee considered to have any substance, Microsoft would need to claim 'This specific electrical mixer causes electrocution' aka 'Google circumvents it's option to disable submitting usage statistics by exploiting the auto-complete feature to store a copy of your browsing history'. They are not making that claim.
More importantly, is something that Microsoft could do to make IE's phishing filter work better at protecting users' privacy? After all, you can disable it if you don't like it, but having it off just increases your vulnerability to another kind of privacy problem.
It is a similar problem to OCSP vs. CRLs for X.509 (SSL/TLS) certificates. CRLs are better for the end-user's privacy in the sense that the protocol doesn't tell the CA what websites the user is actually browsing, while OCSP (as implemented today) does. But, OCSP allows something more like real-time certificate status checks, and CRL information will almost always be more out of date.
[Install Microsoft Silverlight logo]"
I'm using Linux. There's something a little off about that pitch. "Come, let us show you how evil our competition is. Please install our massive runtime with which we intend to completely take over the web." Yeah, I know it's not all directly comparable, but still... off.