Google Sign In & Security

Working with some new client computers I ran into some VERY annoying problems with the Google Chrome Internet Browser. There is an initial Sign In which seems hard to turn off.

Browser Market Share

Browser Market Share

In my search to find out how to turn off the annoying Sign In I learned several things about Chrome and Chromium. If you don’t know, The Chromium Projects according to Chromium’s home page are:

The Chromium Projects include Chromium and Chromium OS, the open-source projects behind the Google Chrome browser and Google Chrome OS, respectively. This site houses the documentation and code related to the Chromium projects and is intended for developers interested in learning about and contributing to the open-source projects.

While I knew about Chromium being the open source side of Google’s Chrome browser, it had not dawned on me that this was the place to get information about Chrome. Duh! Well… we all have our stupid moments… and I didn’t even have to go blond. It is not the end-all-be-all source and Chrome often does not work as Chrome does, has files in different places, and different or missing registry entries at least they have some information that can help. It is very much like Linden Lab viewers and Third Party viewers… the same but different. 

Why Chrome?

The most important aspects of the Chrome browser are security and privacy. Browser security is becoming a bigger and bigger issue. The black hat hackers (crackers) have learned that it is often easy to enter computers by the browser, whether desktop or mobile device. The result is more and more drive-by download exploits. According to Microsoft’s Tech Net:

A drive-by download site is a website that hosts one or more exploits that target specific vulnerabilities in web browsers, and browser add-ons. Malware distributors use various techniques to attempt to direct Internet users to Web sites that have been compromised or are intentionally hosting hostile code. Users with vulnerable computers can be secretly infected with malware simply by visiting such a website, even without attempting to download anything themselves.

This technique usually involves posting exploit code to a legitimate website, either by gaining access to the site through intrusion or by posting malicious code to a poorly secured Web form, like a comment field on a blog. In most cases, the exploit code itself is hosted on a different website and is exposed through the compromised webpage using a technique like a URL embedded in malicious script code or an inline frame, called an IFrame for short. An IFrame is an HTML document that is embedded in another HTML document.

A significant part of the current round of Trojan and Virus attacks comes from Browser Extensions embedded in web pages, which are unknowingly downloaded and installed by visitors. As of Chrome version 20 released mid-year 2012 (I’m currently using version 25.0.1364.2) the Chrome browser does not allow extensions to be installed from any web page other than the Chrome Web Store.

However, it was only sometime in the latter half of 2012 that Google woke up and started screening the Apps submitted to the Chrome Web Store… as I wrote, we all have our blond moments.

Also Adobe’s Flash is completely sandboxed, which is why Facebook’s Flash games run so poorly on Chrome. [On a side note – I’ve dropped out of all my Facebook games because performance is so bad in Chrome, Firefox, and IE9] So, while Chrome is safer, it can be a pain.

Again in 2012 Chrome was rated the safest browser because of its sandboxing.

Privacy?

While the Chrome/Chromium BROWSER does a good job of protecting your privacy, logging into Google via the Chrome/Chromium sign in gives Google your information. So, in some ways their theory seems to be to keep everyone ELSE from knowing your business. But, do all they can to get you to give them your information via their secure browser, which they can then use and sell. So while Chrome and Chromium browsers make every effort to SHOW respect for your privacy don’t expect Google to be doing the same.

Sign In

One signs into Chrome or Chromium to have one set of bookmarks/favorites, settings, and Apps across all the devices they use. This lets you have the same information on your desktop and all your mobile devices, at least those that use Chrome.

You are warned by Google:

Don’t sign in to Chrome if you’re using a public or untrusted computer. When you set up Chrome with your Google Account, a copy of your data is stored on the computer you’re using and can be accessed by other people using the same computer. To remove your data, delete the user you are signed in as.

They don’t point out the risk of having your data stored on Google’s servers. You are given the option to encrypt the information being uploaded to Google’s servers. (Reference – How To) You can use a pass phrase for the encryption key.

A pass phrase is the latest in passwords. A password is a word like: mySecret. A pass phrase is harder to crack and may look like: This is my 5th pass phrase. All six words and the period are used as a password/pass phrase. They are a handy way to remember long passwords. Now if we chould just get banks to allow us to use them.

The phrase I used is 27 characters worth of password. Pretty strong for a password, but it is weak for an encryption key where 128-bit (16-character) and 256-bit (32-character) keys are considered weak and 1024-bit (128-character) keys are common. That is sort of a pass paragraph…

Along with all your other data go your passwords to sites, like your banking password if you save it in the browser, which is a bad idea.

Being able to encrypt your data is something to give you a sense of safety. But, your life is in Google’s hands and subject to subpoena. Since you cannot be forced to testify against yourself, in America, your records in your passion are safe from casual law enforcement investigation. Probable cause and a judge’s signature are required to take them. However, there is less protection for records not in your possession, like data within Google’s servers. Plus, you do not always have to be informed when records outside of your possession are taken, thank you Anti-Terrorism laws.

The news is full of articles of companies and government agencies being compromised. Identity theft is publicized as an amazing growth industry. So, giving your data to another company and one where all your stuff is in ONE PLACE should raise red flags. (Google Hacked)

Avoiding Sign In

The problem with a new computer is the Google Sign In pops up with each opening of the Chrome/Chromium browser. Turning it off is an obtuse task.

Since Google has now taken over (Nov 2012 46%) from Microsoft (Nov 2012 15%) as the most used browser on the Internet, they seem have adopted some of Microsoft’s ideas on how they can MAKE users do as THEY want because users are a commodity rather than customers. (Browser Market Share) The result is there is no easy way to avoid a handy service THEY think you should use. But, if YOU don’t want to use the service then what?

The best solution to the problem, I’ve found, is on this page: How does one stop Google Chrome from asking to set up Chrome with you Google Account when Chrome is opened?

Settings Icon Chrome

Settings Icon Chrome

The simple fix is to open Chrome Settings and set your start up options. Set the browser to use: Reopen the pages that were open last. Also set a home page. You can even set Google.com as your home page.

If that is failing you, and Google may change things so it will, try editing or adding the registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] “SyncDisabled”=dword:00000001

If you are not familiar with editing the Windows Registry then don’t.

Summary

It seems to be a constant battle to remain safe or have any privacy.

Leave a Reply

Your email address will not be published.