Walking away from Google Chrome

September 24, 2018

Despite periodic qualms over Chrome extensions, I've been using Chrome for what is now a long time. However, that's a bit misleading of a statement, because I don't really use Chrome in a conventional way. Basically all of what I do with Chrome is use incognito mode as my 'just make this site work, I don't care' browser, with Javascript and so on all enabled in a way that I don't normally do. For a long time this also had the advantage that for me Chrome was faster than Firefox on Javascript-heavy sites.

In the recently released Chrome 69, Google made a significant change to Chrome's behavior; logging into a Google site automatically logs you into Chrome itself under that identity, leaving you very close to having Chrome sync your local Chrome data to Google whether or not you really want it to. A number of people are very unhappy about this; see, for example, Chrome is a Google Service that happens to include a Browser Engine (via) and Why I’m done with Chrome (via).

In theory, I'm not affected by this behavior. I almost never log into any Google site in the first place and I'm basically always doing so in incognito mode, where this doesn't (currently) apply. In practice, this has pushed me to deciding that this is a bridge too far and I no longer want to use Chrome if I can avoid it, and fortunately I can these days. Modern Firefox Quantum has sped up Javascript significantly, and anyways I have much faster machines now than I used to, and conveniently the last site where I had to use Flash recently finally moved to using HTML5 video. That leaves having Javascript and cookies turned on. In Firefox, the simple approach to get the disabled addons I had in Chrome's incognito mode is to make a new profile with a different set of addons. These days this is a process I'm already quite familiar with, because I already maintain several special purpose Firefox profiles with different sets of addons.

So now I have a new Firefox 'Javascript' profile all set up to allow Javascript and all that but to throw away all cookies on exit, and some new scripts to make invoking it as convenient as my existing ichrome script. My early experience is positive, and in fact the experience is clearly better than Chrome in two respects. First, I don't have my Chrome cut and paste irritation. Second, Firefox will offer to save website passwords for me in this profile; incognito Chrome quite reasonably never saves passwords on its own, so I always had to set them up by logging in once in regular Chrome.

(If I was really determined about this shift, I would change my ichrome script to run Firefox in my Javascript profile instead of incognito Chrome. I'm not quite there yet.)

I'm under no illusions that Google will even notice my departure from the Chrome fold, especially since I use Chrome on Linux (which is already a tiny OS for Chrome usage). But it makes me happier to walk away from Chrome here, and I even seem to be improving my browsing life in various small ways.

(This elaborates on some tweets of mine.)

Sidebar: How I want to set up Firefox to discard cookies and history

When I first set up this Firefox Javascript profile, I picked the obvious option for history of 'Never remember history'. However, this turns out to magically enable Firefox's private browsing mode, which has the side effect of disabling saving logins and passwords for websites. So instead I have it set to 'use custom settings for history', where my custom setting is not to remember downloads or search and form history and to clear history when Firefox closes, ie Firefox should never remember history. Cookies I have set to 'Keep until Firefox is closed'.

(Perhaps Firefox's private browsing would remember passwords if I set a master password, because that option is not greyed out, but in practice I don't do that for reasons beyond the scope of this entry.)

Comments on this page:

By Michael at 2018-09-24 06:36:24:

Not that I am supporting Chromium (never used Chrome) or google but you could create a


with contents

       "DownloadDirectory": "/tmp",
       "DefaultNotificationsSetting": 2,
       "DefaultGeolocationSetting": 2,
       "AutoplayAllowed": false,
       "SigninAllowed": false,
       "RestrictSigninToPattern": "^$",
       "SyncDisabled": true,
       "CloudPrintProxyEnabled": false,
       "CloudPrintSubmitEnabled": false,
       "SpellCheckServiceEnabled": false,
       "TranslateEnabled": false,
       "SearchSuggestEnabled": false,
       "NetworkPredictionOptions": 2,
       "BrowserNetworkTimeQueriesEnabled": false,
       "MetricsReportingEnabled": false,
       "SafeBrowsingEnabled": false,
       "SafeBrowsingExtendedReportingOptInAllowed": false,
       "DefaultBrowserSettingEnabled": false,
       "SavingBrowserHistoryDisabled": true,
       "DefaultSearchProviderEnabled": true,
       "DefaultSearchProviderName": "DuckDuckGo",
       "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}&kp=-1&kd=1&kl=uk-en",
       "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico",
       "URLBlacklist": ["facebook.com", "https://www.facebook.com"],
       "CookiesAllowedForUrls": ["[*.]whatever.com", "[*.]whatevercdn.com", "[*.]whatever.io"],
       "CookiesBlockedForUrls": [
       "BackgroundModeEnabled": false,
       "WPADQuickCheckEnabled": false,
       "VideoCaptureAllowed": false,
       "AudioCaptureAllowed": false,
       "EnableMediaRouter": false,
       "NativeMessagingUserLevelHosts": false,
       "DefaultWebBluetoothGuardSetting": 2,
       "ExtensionInstallForcelist": ["geddoclleiomckbhadiaipdggiiccfje;https://clients2.google.com/service/update2/crx","cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx","kljjfejkagofbgklifblndjelgabcmig;https://clients2.google.com/service/update2/crx"]

For more flags: use chrome://policy https://www.chromium.org/administrators/linux-quick-start

P.S: I do understand your concern. But I see that increasingly google is building for its billions outside of EU/US where people share devices and look at security in a totally different way.

By Matthew at 2018-09-26 00:04:09:

As a privacy preserving alternative to Chrome I can recommend ungoogled-chromium. I'm using it on all my Linux and Windows machines. It takes vanilla chrome, and removes all Google integration.


By K.C. Marshall at 2018-09-26 15:34:19:

It sounds like Google / Chrome actually heard the complaints about the automatic login



"We've heard--and appreciate--your feedback. We're going to make a few updates in the next release of Chrome (Version 70, released mid-October) ... While we think sign-in consistency will help many of our users, we're adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in -- that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome."

Written on 24 September 2018.
« The ed(1) command in the Single Unix Specification (and the SVID)
Why I don't set master passwords in programs »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Sep 24 00:35:08 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.