Security News > 2020 > March > Google: You know we said that Chrome tracker contained no personally identifiable info? Yeah, about that...

Google has seemingly stopped claiming an identifier it uses internally to track experimental features and variations in its Chrome browser contains no personally identifiable information.

In February, Arnaud Granal, a software developer who works on a Chromium-based browser called Kiwi, claimed the X-client-data header, which Chrome sends to Google when a Google webpage has been requested, represents a unique identifier that can be used to track people across the web.

The specific language appeared in the Google Chrome Privacy Whitepaper, a document the company maintains to explain the data Chrome provides to Google and third-parties.

The Register asked whether the change was made to avoid liability under Europe's GDPR for claiming incorrectly that the X-client-data header contained no information that could be used to personally identify the associated Chrome user.

"As a user, in the current state, it's important to understand that no matter if you use a proxy, a VPN, or even Tor, Google may be able to identify you using this X-Client-Data. Do you want Google to be able to recognize you even if you are not logged-in to your account or behind a proxy? Personally, I am not comfortable with that, but each person has a different sensitivity with regards to privacy."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/11/google_personally_identifiable_info/