This looks great. However for a document that is so hyper vigilant about preventing little phone-home-to-Apple behaviors, isn't there some cognitive dissonance in the fact that it recommends installing Google Chrome? What am I missing?
The fact that, much like Mac OS, all of the phone-home-ness of Chrome can be turned off (regardless of how much doing so might be more of a threat to you)
Chrome sends every URL or key stroke in the URL bar home in the guise of checking if they are search terms, and nothing short of not using Chrome helps that.
In addition, installing Chrome created a situation where every few minutes something is connecting to Google's servers. I disabled updates, uninstalled Chrome, and removed everything Google, followed instructions for removing the updater - and something is still pinging Google every few minutes.
If there is a way to shut these off, then the author should detail this, as much as he has detailed how to fix Apple's phone-home behaviour.
> Chrome sends every URL or key stroke in the URL bar home in the guise of checking if they are search terms, and nothing short of not using Chrome helps that.
I believe you're referring to DNS prefetching [1], which is mentioned in the guide. I'm curious to know how you're determining that something is "pinging Google every few minutes". Maybe you could open a Github issue and I'll investigate it for the guide. It's definitely good to enumerate Chrome's behavior w.r.t. privacy.
> The amount of bad faith people ascribe to basic usability functions utterly astounds me.
I think most of it comes from how Google (and the industry in general) has evolved. There was a day[0] when things were labeled clearly and the default behavior wasn't to vacuum up as much data about users in the name of basic usability functions.
The amount of trust people have in companies to keep their private information safe from prying eyes is what's truly astounding.
For me, it's mostly because I believe that bad press is enough of a motivator for companies to not turn completely evil. We know the damage that Snowden did to the public image of the NSA. Imagine the NSA being a publicly traded company, it wouldn't have been pretty.
I'm sure some company will turn evil and abuse the trust that their users have given them. (I assume it will be Facebook.) But I also, maybe naively, assume this will not impact my life in a significant way.
I have all those boxes unticked, and yet Little Snitch shows me it still keeps trying to connect to Google's servers, around every 15 minutes and on start up at the very least. I asked it not to store passwords too, and it still pops up the password box to access my keychain.
Apps need access to the system keychain to do things other than store passwords, (accessing certificates for authorization is a common one), and those connections sound like the automated update checks based on their behavior. (Which I don't think you can disable- but why the hell would you?)
If you want to test that, temporarily disable the little snitch rule and keep an eye on the top right hamburger menu - it'll turn green or orange if updates are pending.
It sounds like you've decided to treat Chrome as a hostile app and are going to evaluate everything it does negatively in that light. If that's the case, why not just uninstall it?
It's not asking for access to the system keychain. No, those aren't the automated update checks because I already dealt with those. Yes, I'm treating it like a hostile app - it's an app I didn't write, has recent history of sneaking in sneaky things, ignores the settings I've chosen, and repeatedly phones home even though I've disabled every single available setting that would need to do anything other than get me the webpage I ask for. My evaluation is based on those reasons alone, not your straw man.
It has a better version of Flash, that's the only reason I keep it around.
You really don't know why anyone would turn of automatic updates? Really?
Really? I got rid of Chrome when I saw Google-stuff constantly connecting to different servers even when Chrome wasn't running. And I was kinda surprised what a bitch it was to uninstall. Google put stuff everywhere :-/
I keep Chrome around just for the occasion that I ned to use Flash.
Chrome happily installs from an OS X standard account, it does not need to be installed by an administrator. As such, it probably isn't able to put stuff "everywhere".
BTW, maybe it's just me, but I have installed Chrome as its own user. That makes it more difficult for it to spy on my day-to-day activity.
2) Frankly, Google is far more trustworthy than almost any randomly selected software company. (Don't forget that there are far more software companies out there than either of us are aware of.)
3) Unless you've taken the time to configure a MAC system, software that runs as you can access any data and transport mechanism that you can access. That's a fact of life. Anything you run on your computers can also act as a little snitch.
1) Agreed. As soon as I hear about any software doing similar even by mistake I consider whether to stop using it.
2) I sort of agree with this. Google certainly don't want to sell my keystrokes on the black market. However, they do want to store them and learn more about me and my personal autonomy and privacy mean that I don't want them to have all my data.
3) Which is exactly why one should be careful what software one installs!
