Why I’m dumping Google Chrome

I’ve been a Google Chrome user for so many years, I can’t remember when I switched. It’s been my favorite browser for a long time — I remember being blown away by how fast it was compared with Firefox, and while Mozilla has improved its browser significantly since 2008, Chrome still feels faster in many cases. I’m going to miss Chrome — but I’m no longer willing to tolerate the way Google handles the update process. It’s incredibly user-hostile and it’s based on a myth of infallibility.

Up until January 2014, I never gave a thought to Chrome’s frequent auto-updates. Then I got hit with version 32.0.1700, and my experience went straight to hell. Chrome began crashing upwards of 20x a day, typically without the option to recover the previous session. In some cases, I’d initiate recovery and the browser would crash before finishing the process. I tried all of the troubleshooting techniques I could find online and a few standard solutions, like disabling GPU acceleration. Nothing worked.

That’s when I discovered that Google monitors the Internet and forbids anyone from offering old versions of Chrome to download. File aggregation sites like OldVersion.com and FileHippo don’t archive Chrome. FileHippo has a notice that states Google’s policies disallow the site from offering downloads. I found a few downloads for the early version of Chrome, but all I wanted to do was step back to version 31 — and at the time, I couldn’t find it anywhere. In the end, I downloaded a beta version of Chromium.

AutoUpdate

After my experience with Chrome 32, I wanted to make certain I wasn’t caught by surprise again. Unfortunately, Chrome’s auto-update policy is deliberately difficult to use. Originally, you could disable Chrome’s Auto-Update via registry values. Google felt this was insecure, however, and mandated that you have to be able to edit group policies in Windows in order to make these changes. By default, that restricts auto-update control only to Windows 7 or Windows 8 Professional. Luckily, I have Windows 7 Pro, so I disabled the update process and went on my way.

Google Auto-Updates anyway

Last August, I logged into my system and found that Chrome had been updated. It turns out that Google had made changes to its own update process. It was no longer sufficient to set the “Auto-Update Check Period Override” to 0, as it had been. Now, the company’s help pages contained the following: “Warning: To prevent abuse of this policy, if a device is not joined to an Active Directory domain, and if this policy has been set to 0 or to a value greater than 77 hours, this setting will not be honored and replaced by 77 hours after August 2014. If you are affected by this, and still want to disable Chrome updates (NOT RECOMMENDED), you may do so by using ‘Update policy override’ as described.”

In other words, Google was still able to reach into my machine and forcibly update my software. I made the appropriate additional changes described above and again went about my business. It turns out, Google really hates it when you do that. I began to see pop-ups, at least once a day, telling me that I needed to update Google Chrome manually. Google services like Gmail or Google Drive would embed a yellow banner (shown below) when I attempted to use them. The banner would pop up every single time I used a Google service, and apparently can’t be dismissed or blocked.

chrome_not_supported

Then, last week, I stopped getting the errors. I checked my Google version and discovered I’m now running 44.0.2403.89. My policy settings haven’t changed. The only way to set them is by manually editing gpedit.msc, and that’s not a command you enter accidentally. My Downloads folder indicates that I haven’t downloaded Chrome’s installer for more than a year. Somehow, and entirely not by choice, I’m running a new browser version.

I’m aware, of course, that the trend in software is to force users to install security updates by default, and if Google had only made security patches mandatory, I’d have little issue with the company. My problem with Chrome isn’t that Google pushed out a broken software version that crashed 20x a day on my primary system — my problem is that Google has made it virtually impossible to actually choose not to update your browser. You can’t opt out. You can’t install an older version. You can’t shut Auto Update off unless you own the professional version of the Windows OS (though there are hacks to allow gpedit.msc to run on other versions of Windows). Even once you’ve jumped through the hoops required to shut off Auto Update, Google retains the ability to turn it right back on. Windows 10 at least allows users to uninstall updates if they cause a problem. In Google’s world, every version is better than the last for everyone, period, without exception.

I still like Chrome, but I’m no longer willing to put up with Google’s lockdown and willingness to override its own update policies. Back to Firefox for me.

Update: Multiple readers have questioned how I knew my problem in January 2014 was caused by a Chrome update. I didn’t just troubleshoot my browser installation — I manually deleted all associated files and reinstalled from scratch, ran stress tests and evaluations on all of my hardware including both RAM and CPU, switched from an Nvidia to an AMD GPU, confirmed that the browser would crash with just one tab and one window open (meaning not a memory leak issue), manually monitored Chrome’s memory use through Process Explorer, and tried the standard troubleshooting techniques like removing all plugins and disabling GPU acceleration. None of it worked. I didn’t include all this in the initial story because the point was to focus on the inability to disable auto-updates, not the scenario that led me to do so in the first place, but since folks have been asking, there it is.

Why I’m dumping Google Chrome

I’ve been a Google Chrome user for so many years, I can’t remember when I switched. It’s been my favorite browser for a long time — I remember being blown away by how fast it was compared with Firefox, and while Mozilla has improved its browser significantly since 2008, Chrome still feels faster in many cases. I’m going to miss Chrome — but I’m no longer willing to tolerate the way Google handles the update process. It’s incredibly user-hostile and it’s based on a myth of infallibility.

Up until January 2014, I never gave a thought to Chrome’s frequent auto-updates. Then I got hit with version 32.0.1700, and my experience went straight to hell. Chrome began crashing upwards of 20x a day, typically without the option to recover the previous session. In some cases, I’d initiate recovery and the browser would crash before finishing the process. I tried all of the troubleshooting techniques I could find online and a few standard solutions, like disabling GPU acceleration. Nothing worked.

That’s when I discovered that Google monitors the Internet and forbids anyone from offering old versions of Chrome to download. File aggregation sites like OldVersion.com and FileHippo don’t archive Chrome. FileHippo has a notice that states Google’s policies disallow the site from offering downloads. I found a few downloads for the early version of Chrome, but all I wanted to do was step back to version 31 — and at the time, I couldn’t find it anywhere. In the end, I downloaded a beta version of Chromium.

AutoUpdate

After my experience with Chrome 32, I wanted to make certain I wasn’t caught by surprise again. Unfortunately, Chrome’s auto-update policy is deliberately difficult to use. Originally, you could disable Chrome’s Auto-Update via registry values. Google felt this was insecure, however, and mandated that you have to be able to edit group policies in Windows in order to make these changes. By default, that restricts auto-update control only to Windows 7 or Windows 8 Professional. Luckily, I have Windows 7 Pro, so I disabled the update process and went on my way.

Google Auto-Updates anyway

Last August, I logged into my system and found that Chrome had been updated. It turns out that Google had made changes to its own update process. It was no longer sufficient to set the “Auto-Update Check Period Override” to 0, as it had been. Now, the company’s help pages contained the following: “Warning: To prevent abuse of this policy, if a device is not joined to an Active Directory domain, and if this policy has been set to 0 or to a value greater than 77 hours, this setting will not be honored and replaced by 77 hours after August 2014. If you are affected by this, and still want to disable Chrome updates (NOT RECOMMENDED), you may do so by using ‘Update policy override’ as described.”

In other words, Google was still able to reach into my machine and forcibly update my software. I made the appropriate additional changes described above and again went about my business. It turns out, Google really hates it when you do that. I began to see pop-ups, at least once a day, telling me that I needed to update Google Chrome manually. Google services like Gmail or Google Drive would embed a yellow banner (shown below) when I attempted to use them. The banner would pop up every single time I used a Google service, and apparently can’t be dismissed or blocked.

chrome_not_supported

Then, last week, I stopped getting the errors. I checked my Google version and discovered I’m now running 44.0.2403.89. My policy settings haven’t changed. The only way to set them is by manually editing gpedit.msc, and that’s not a command you enter accidentally. My Downloads folder indicates that I haven’t downloaded Chrome’s installer for more than a year. Somehow, and entirely not by choice, I’m running a new browser version.

I’m aware, of course, that the trend in software is to force users to install security updates by default, and if Google had only made security patches mandatory, I’d have little issue with the company. My problem with Chrome isn’t that Google pushed out a broken software version that crashed 20x a day on my primary system — my problem is that Google has made it virtually impossible to actually choose not to update your browser. You can’t opt out. You can’t install an older version. You can’t shut Auto Update off unless you own the professional version of the Windows OS (though there are hacks to allow gpedit.msc to run on other versions of Windows). Even once you’ve jumped through the hoops required to shut off Auto Update, Google retains the ability to turn it right back on. Windows 10 at least allows users to uninstall updates if they cause a problem. In Google’s world, every version is better than the last for everyone, period, without exception.

I still like Chrome, but I’m no longer willing to put up with Google’s lockdown and willingness to override its own update policies. Back to Firefox for me.

Update: Multiple readers have questioned how I knew my problem in January 2014 was caused by a Chrome update. I didn’t just troubleshoot my browser installation — I manually deleted all associated files and reinstalled from scratch, ran stress tests and evaluations on all of my hardware including both RAM and CPU, switched from an Nvidia to an AMD GPU, confirmed that the browser would crash with just one tab and one window open (meaning not a memory leak issue), manually monitored Chrome’s memory use through Process Explorer, and tried the standard troubleshooting techniques like removing all plugins and disabling GPU acceleration. None of it worked. I didn’t include all this in the initial story because the point was to focus on the inability to disable auto-updates, not the scenario that led me to do so in the first place, but since folks have been asking, there it is.

Microsoft won’t enable ‘Do Not Track’ in next-gen Spartan browser

Spartan kicking Internet Explorer

Microsoft has announced that it will no longer enable the “Do Not Track” header by default in its next-generation web browser, codenamed Spartan. This move is a sharp reversal for Microsoft, which weathered substantial criticism from industry groups after it decided to enable DNT by default in Windows 8 and IE10.

Microsoft has laid blame for this change squarely at the World Wide Web Consortium’s door. The latest version of the DNT standard states: “The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”

The problem with this thinking is that the overwhelming majority of users in every context never change default settings. That’s why Microsoft enabled DNT by default (well, that’s the idealistic reason), and that’s why putting the standard back in neutral means the majority of people will never use it. The larger issue at hand, however, is that the Do Not Track standard has been watered down to the point of uselessness. Most large companies simply ignore the header, and the entire point of DNT was that it was a voluntary buy-in, a collaboration between privacy advocates and advertising companies facilitated through the W3C itself. Some of the debated proposals would have sharply limited the ability of small advertising firms or businesses to track information, while simultaneously carving out vast exceptions for the likes of Google and Facebook.

IE11 vs. Project Spartan, Microsoft's new browser

IE11 vs. Project Spartan, Microsoft’s new browser

The battle lines were clear in short order. Privacy advocates wanted robust protections that would limit what kinds of data could be collected, how much sites could follow you, and for a majority of high-tech companies to sign on as respecting these restrictions. Advertising firms, and those that make their living on your personal information, weren’t interested in any of these restrictions. Privacy advocates wanted the opt-out to cover all tracking, advertisers wanted opt-outs to be construed as narrowly as possible, or to focus explicitly on specific types of tracking — thereby leaving the door open to the development of new methods that wouldn’t be included in the previous agreement.

Officially, of course, DNT isn’t dead — Microsoft, after all, is making these changes to abide by the standard, implying that there is a standard to be abided to and utilized. But with the project neutered, voluntary, and multiple large companies loudly proclaiming they won’t abide by it, the writing is clearly on the wall. Yahoo and AOL have both opted out, as has Facebook.

Consumer apathy, combined with massive conflicts of interest, have virtually guaranteed that any attempt to create an actual privacy standard is doomed to fail. There’s no way that the massive Internet giants, who make tens of billions of dollars on user information, are going to voluntarily embrace standards that restrict their right to do so — and no privacy standard that kowtows to the rights of such company can possibly succeed in protecting user rights.

For now, the only person respecting your own right to privacy, or to not be ruthlessly tracked across every aspect of your Internet usage, is you — and while browser plugins and anonymous browsing can help in certain areas, even approaching something like anonymity requires a dedicated commitment to the task.

Microsoft won’t enable ‘Do Not Track’ in next-gen Spartan browser

Microsoft has announced that it will no longer enable the “Do Not Track” header by default in its next-generation web browser, codenamed Spartan. This move is a sharp reversal for Microsoft, which weathered substantial criticism from industry groups after it decided to enable DNT by default in Windows 8 and IE10.

Microsoft has laid blame for this change squarely at the World Wide Web Consortium’s door. The latest version of the DNT standard states: “The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”

The problem with this thinking is that the overwhelming majority of users in every context never change default settings. That’s why Microsoft enabled DNT by default (well, that’s the idealistic reason), and that’s why putting the standard back in neutral means the majority of people will never use it. The larger issue at hand, however, is that the Do Not Track standard has been watered down to the point of uselessness. Most large companies simply ignore the header, and the entire point of DNT was that it was a voluntary buy-in, a collaboration between privacy advocates and advertising companies facilitated through the W3C itself. Some of the debated proposals would have sharply limited the ability of small advertising firms or businesses to track information, while simultaneously carving out vast exceptions for the likes of Google and Facebook.

IE11 vs. Project Spartan, Microsoft's new browser

IE11 vs. Project Spartan, Microsoft’s new browser

The battle lines were clear in short order. Privacy advocates wanted robust protections that would limit what kinds of data could be collected, how much sites could follow you, and for a majority of high-tech companies to sign on as respecting these restrictions. Advertising firms, and those that make their living on your personal information, weren’t interested in any of these restrictions. Privacy advocates wanted the opt-out to cover all tracking, advertisers wanted opt-outs to be construed as narrowly as possible, or to focus explicitly on specific types of tracking — thereby leaving the door open to the development of new methods that wouldn’t be included in the previous agreement.

Officially, of course, DNT isn’t dead — Microsoft, after all, is making these changes to abide by the standard, implying that there is a standard to be abided to and utilized. But with the project neutered, voluntary, and multiple large companies loudly proclaiming they won’t abide by it, the writing is clearly on the wall. Yahoo and AOL have both opted out, as has Facebook.

Consumer apathy, combined with massive conflicts of interest, have virtually guaranteed that any attempt to create an actual privacy standard is doomed to fail. There’s no way that the massive Internet giants, who make tens of billions of dollars on user information, are going to voluntarily embrace standards that restrict their right to do so — and no privacy standard that kowtows to the rights of such company can possibly succeed in protecting user rights.

For now, the only person respecting your own right to privacy, or to not be ruthlessly tracked across every aspect of your Internet usage, is you — and while browser plugins and anonymous browsing can help in certain areas, even approaching something like anonymity requires a dedicated commitment to the task.

Microsoft won’t enable ‘Do Not Track’ in next-gen Spartan browser

Microsoft has announced that it will no longer enable the “Do Not Track” header by default in its next-generation web browser, codenamed Spartan. This move is a sharp reversal for Microsoft, which weathered substantial criticism from industry groups after it decided to enable DNT by default in Windows 8 and IE10.

Microsoft has laid blame for this change squarely at the World Wide Web Consortium’s door. The latest version of the DNT standard states: “The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”

The problem with this thinking is that the overwhelming majority of users in every context never change default settings. That’s why Microsoft enabled DNT by default (well, that’s the idealistic reason), and that’s why putting the standard back in neutral means the majority of people will never use it. The larger issue at hand, however, is that the Do Not Track standard has been watered down to the point of uselessness. Most large companies simply ignore the header, and the entire point of DNT was that it was a voluntary buy-in, a collaboration between privacy advocates and advertising companies facilitated through the W3C itself. Some of the debated proposals would have sharply limited the ability of small advertising firms or businesses to track information, while simultaneously carving out vast exceptions for the likes of Google and Facebook.

IE11 vs. Project Spartan, Microsoft's new browser

IE11 vs. Project Spartan, Microsoft’s new browser

The battle lines were clear in short order. Privacy advocates wanted robust protections that would limit what kinds of data could be collected, how much sites could follow you, and for a majority of high-tech companies to sign on as respecting these restrictions. Advertising firms, and those that make their living on your personal information, weren’t interested in any of these restrictions. Privacy advocates wanted the opt-out to cover all tracking, advertisers wanted opt-outs to be construed as narrowly as possible, or to focus explicitly on specific types of tracking — thereby leaving the door open to the development of new methods that wouldn’t be included in the previous agreement.

Officially, of course, DNT isn’t dead — Microsoft, after all, is making these changes to abide by the standard, implying that there is a standard to be abided to and utilized. But with the project neutered, voluntary, and multiple large companies loudly proclaiming they won’t abide by it, the writing is clearly on the wall. Yahoo and AOL have both opted out, as has Facebook.

Consumer apathy, combined with massive conflicts of interest, have virtually guaranteed that any attempt to create an actual privacy standard is doomed to fail. There’s no way that the massive Internet giants, who make tens of billions of dollars on user information, are going to voluntarily embrace standards that restrict their right to do so — and no privacy standard that kowtows to the rights of such company can possibly succeed in protecting user rights.

For now, the only person respecting your own right to privacy, or to not be ruthlessly tracked across every aspect of your Internet usage, is you — and while browser plugins and anonymous browsing can help in certain areas, even approaching something like anonymity requires a dedicated commitment to the task.