Prevent WebRTC leak.
If you tell Google’s latest version of Chrome to delete all of its cookies – surprise, you may still end up with Google cookies on your computer.
Christoph Tavan, CTO of publishing biz Contentpass, pointed out this week that when netizens tell the browser to remove all cookies from their machines, Chrome 69 keeps users logged into their Google’s online services by, er, not removing their Google-issued cookies. If they weren’t logged into Google’s sites, there are no Google cookies to delete.
Essentially, Chrome will remove session cookies set by other websites, logging people out of those sites, but not for its own, thus keeping folks plugged into its sprawling web empire. Which is a little rude.
The user interface states “you won’t be signed out of your Google Account,” when clearing out cookies, and tech savvy folks will realize this probably means some cookies will be preserved. However, most people won’t know that Google keeps loads of its cookies present, depending on services logged into, such as three for accounts.google.com, seven for google.com, five for youtube.com, and so on.
Crucially, if you dive deeper into the advanced settings – chrome://settings/siteData?search=cookies – and hit “Remove all”, it simply won’t remove all the cookies. The Google cookies remain, which we’ve verified for ourselves.
“Clear all Cookies except Google Cookies”, thanks Chrome. /cc @matthew_d_green pic.twitter.com/tR0UJjtPFL
— Christoph Tavan (@ctavan) September 24, 2018
Tavan clarified today that while Chrome 69 will remove Google’s cookies when the other cookies are deleted, they are immediately recreated and activated to keep netizens signed in.
Brief correction: Cookies seem to get removed and re-created immediately. At least the cookie content and creation date seems to change. Nonetheless: After hitting the “remove all” button you still don’t end up with an empty cookie jar.
— Christoph Tavan (@ctavan) September 25, 2018
Google did not return a request for comment.
The revelations will be concerning to privacy-conscious users who had thought that the “remove cookies” button would wipe all cookies from a user’s computer, and leave them free of fragments of data that can be used to track them around the web.
While this may be the case with cookies from other sites, Chrome apparently makes sure that Google’s own cookies are present in the browser at all times, if the user has signed into a Google service.
On the other hand, the practice does also bring a degree of convenience to users, as it leaves services like Gmail and Google Docs signed in after a cookie refresh.
It should probably be noted that most of the people who don’t want to be subjected to Google’s own app cookies don’t use the Chocolate Factory’s browser to begin with, and instead opt for something like Firefox, Brave, Opera, or Edge.
Either way, this is not a great look for a Silicon Valley giant that just last month said it wanted to get rid of cookies altogether, and has pressured its own advertising clients to be more transparent about their own cookie policies in the past. ®
Antidetect browser mobile.