Saijo George

Curated by Saijo George

Read more

friday7 Feb 2020

Google denies Chrome tracking allegation, explains use of ‘X-Client-Data’

https://9to5google.com

Last month, Google proposed a plan to move the web away from using the “User-Agent” string, which freely gives every site you browse or even connect to information about your browser and computer. As part of this proposal, Chrome would begin to “freeze” and eventually “unify” the User-Agent string to keep the more in-depth info away from prying eyes without asking for explicit permission.

In a longer discussion about the potential merits and drawbacks of freezing the User-Agent, some have spoken out about the consequences of this change for smaller ad networks that try to compete with Google’s multi-billion dollar ads business. Google Chrome currently has dominance in the web browser market, which means this move would have an immediate damaging impact on any ad company that relies on the User-Agent as a factor for fingerprinting.

Meanwhile, Arnaud Granal, the developer of Kiwi Browser, a Chromium-based alternative browser for Android — and thus someone who has a deep understanding of Chrome and Chromium — has pointed out that Chrome creates its own special bit of data called “X-Client-Data.” Granal claims this could be used by Google to bypass any fingerprinting restrictions that Google Chrome would add.

Google Chrome’s privacy whitepaper explains that X-Client-Data is used to describe the various experiments and Chrome Flags that are enabled in your browser.

Because of the randomized seed, X-Client-Data is, by default, theoretically more than enough to uniquely identify you from other people who use Chrome.

However, any server you connect to is given your IP address. Because of that, the X-Client-Data would still be unique enough to potentially identify your device as different from any other device in your home or office.

The X-Client-Data header is only sent by Chrome when connecting to a Google-owned domain. As a significant part of Chrome is open source as Chromium, we can actually see precisely which domains are given your X-Client-Data header. Among those, you’ll see “doubleclick.com” and “doubleclick.net,” both of which are domains used by the Google Marketing Platform, which was previously known as DoubleClick. That means any ad served up by Google’s ad platform will receive your X-Client-Data header.

In fact, this same ID is sent to those Google servers regardless of whether you’re logged in with your Google Account or not, which could theoretically tie your logged-out browsing back to your Google Account. The only time X-Client-Data is not sent to Google’s servers is when you’re browsing in Incognito mode.

However, a Google spokesperson speaking fully denied those claims, explicitly stating that the X-Client-Data header “is not used to identify or track individual users.”

The X-Client-Data header is used to help Chrome test new features before rolling them out to all users. The information included in this header reflects the variations, or new feature trials, in which an installation of Chrome is currently enrolled. This information helps us measure server-side metrics for large groups of installations; it is not used to identify or track individual users.

That said, if you’d like to change your X-Client-Data header every time you open Chrome, you can add the command flag “–reset-variation-state” to your Chrome shortcut, which is relatively easy to do on Windows and macOS. This tells Google Chrome to delete your old “seed” and generate a new one — in turn giving you a new X-Client-Data header — every time Chrome restarts.

If you do this, just know that Chrome’s many ongoing experiments will be randomly enabled and disabled each time you reopen Chrome.

Alternatively, you can switch browsers to Mozilla Firefox or the new Chromium-based Microsoft Edge, neither of which sends any kind of X-Client-Data header to Google servers.

General
No Media


I love tl;dr Marketing because I can get all the latest SEO news and trends in one spot without having to read lengthy articles. I really look forward to the daily emails to see what's new in our industry!

Twitter Expands Test of TikTok-Like Display Format in its Explore Tab 1 - Social Media News

Ryan Mews SEO Manager Merkle