My Data Zero

Chrome’s Privacy Failings, According To Proton

Written by

My Data Zero Team

in

A new privacy post by Proton on Substack has sounded the alarm on Google’s Chrome browser. While most people assume clearing cookies, using ad blockers, or switching to incognito mode keeps them safe online, the report has claimed that Chrome leaves users vulnerable to deeper, more invasive forms of tracking.

From fingerprinting techniques that identify your device without cookies, to hidden storage systems that survive even after you wipe your history, the newsletter details how Google abandoned its six‑year promise to fix these issues, leaving millions of users vulnerable to surveillance built directly into the browser.

🔎 What’s Happening, According to Proton:

  • Fingerprinting instead of cookies: Websites can identify your device using tiny details like your graphics card, audio system, fonts, and even your keyboard layout. These signals combine into a unique “fingerprint” that can’t be erased.
  • Your GPU and audio give you away: Chrome allows sites to read subtle differences in how your computer draws images or processes sound, creating a permanent ID. Competing browsers like Brave and Firefox add protections; Chrome does not.
  • VPNs don’t work much: Chrome’s WebRTC feature can leak your real IP address even if you’re using a VPN.
  • Tracking starts before a page even loads: The way Chrome connects securely to websites (TLS handshake) can itself be used to identify you.

🍪 Broken Promises

  • Google pledged to remove third‑party cookies — the classic tracking tool — but after six years of delays, cookies remain fully active.
  • In 2024, Google shifted its stance: fingerprinting was suddenly “acceptable if disclosed.”
  • By 2025, the entire Privacy Sandbox project meant to fix these issues was scrapped.

🕵️ Hidden Infrastructure

  • CNAME cloaking: Trackers disguise themselves as part of trusted sites, bypassing cookie blockers. Chrome doesn’t stop this.
  • Persistent storage: Even if you clear cookies, trackers can hide IDs in localStorage, IndexedDB, or Service Workers that survive browser restarts.
  • Other tricks: Favicons, bounce redirects, and tracking parameters in links all help rebuild your profile.

Now, we await Google’s response to these allegations, which had not come in till the time of the writing of this post.

Heads Up: Chrome, built by Google, and Proton, developed by Proton AG, stand as rivals in the privacy and security space — embodying two very different philosophies about how the internet should work.

Here’s the post for those interested:

https://substack.com/home/post/p-194499648

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts