undefined | Better HN

0 pointskweingar3y ago0 comments

The host operating system does not give me more or less confidence in the security of a guest user’s web browsing data.

0 comments

3 comments · 1 top-level

cmatthias3y ago· 2 in thread

Then you are either uninformed or willfully ignorant of 1) how operating systems and browsers work and 2) your employer's past actions relating to collecting and storing user data.

kweingarOP3y ago

I am uninformed as to how running a Google search as a guest user on ChromeOS has different privacy implications that running that same search using another operating system.

Sure, if I carried around a privacy-centric Linux box and told my guest to use Tor browser, I could see how that could change the privacy picture. But that isn’t exactly an apples-to-apples comparison.

If you believe that having the guest user run their search on a typical Linux, Windows, or macOS machine would be better for their privacy, I would be interested to hear how.

Also, if they’re running the search in guest mode and they don’t log into a Google account, nobody can know who’s making the search. It’s not like they’re looking through the webcam or something.

cmatthias3y ago

Your scenario is oddly specific -- I didn't say anything about a Google search, or about ensuring that the user doesn't log in. In fact, going to www.google.com in an incognito window pops up a little animated box on the right hand side encouraging me to sign in, so I'd expect there's a good chance that my guest user _would_ sign in if they visit a Google-owned site.

> If you believe that having the guest user run their search on a typical Linux, Windows, or macOS machine would be better for their privacy, I would be interested to hear how.

The main reason is that Google controls the entire environment on a ChromeOS device (kernel, userland, browser), and ChromeOS is closed source so it's not possible for me to easily know what is going on. In addition, Google makes money by collecting data about users, so there is an incentive to collect as much information as they can get away with (and they've shown repeatedly in the past that they do just that). Maybe there's a daemon running in the background shipping URL history off to some Google endpoint in the name of "telemetry", or maybe not. Or maybe it's something more innocuous-sounding like hashed or anonymized data (which could be reconstructed given Google's immense amount of data). But I don't know, and I don't think it's reasonable for anyone to implicitly trust ChromeOS at all given the business model of the company that makes it.

On most Linux distributions, nearly everything is open source and I'm free to audit what's going on. On macOS devices, the software is closed source, but the company's business model does not involve building a dossier on each and every person on the planet, so I trust them more (not fully, but more). In the past I would have said the same about Windows, but lately I'm not so sure and I tend to put them in the same bucket as Google.

edit: Also see my reply to you in a different sub-thread where I explain this in terms of threat models. If you were building a secure OS to protect high-risk individuals like journalists reporting on intelligence leaks, you would be crazy to recommend that the journalists to use an OS built for them by the NSA, MI5, or FSB. Would you feel any better about the recommendation if the government agency said "Don't worry, as long as you use guest mode and don't sign in, we won't collect any data about you"?

j / k navigate · click thread line to collapse