Google Toolbar Tracks Some Browsing When It Should Not

A bug in Google Toolbar has resulted in the search giant receiving information about users' Web surfing in violation of the product's privacy policy, according to an anti-spyware and privacy researcher. In a report to be released Tuesday, Ben Edelman, an assistant professor at Harvard Business School, shows that under certain circumstances the Google Toolbar (versions 6.3 and above) tracks the browser habits of Internet Explorer 8 users who have activated the toolbar's "enhanced features" even when the toolbar is turned off or disabled.

This is problematic since the Google Toolbar is not supposed to transmit your browsing information back to Google when the browser add-on is disabled. The bug does not impact any other browsers such as IE7, Firefox, or Chrome, according to Edelman.

Google confirmed the bug and said that only a tiny number of toolbar users are impacted. A spokesperson for the company said a fix for the toolbar would be pushed out Tuesday and the software would automatically update. Google declined to say how many toolbar users use IE8 and would only estimate the number of all its toolbar users as "hundreds of millions". The Google Toolbar version 6.3 was introduced in September 2009, according to Google.

Behavior Affects a Subset of Users

IE8 users who enable Google Toolbar's enhanced features Sidewiki and PageRank are affected by the bug, according to Edelman. Google confirmed the information. PageRank allows you to see how Google ranks the importance of particular Web pages. The pages with a higher rank are more likely to appear at the top of Google's search results. Sidewiki is a comment system that lets Google Toolbar users discuss any Web page using a browser sidebar.

Edelman began his tests by disabling the Google Toolbar (with enhanced features enabled) using the red "X" found on the left hand side of the browser window (click above image to enlarge). This action triggers a pop-up asking you if you would like to "Disable the Google Toolbar only for this window" (the default choice) or if you would like to disable the toolbar permanently. If you choose to "Disable Google Toolbar only for this window", Edelman discovered by using an HTTP packet sniffer that the toolbar continues to send parts of your browsing history to Google.

If you choose to disable the toolbar by selecting the "permanently" option within the "Disabling the Google Toolbar" dialogue box the software performs as expected.

"A fix that doesn't require a browser restart will be available in an automatic update to Google Toolbar that we are pushing tomorrow," said a Google spokesperson said Monday night.

Disabling the advanced features (Sidewiki and PageRank) via Microsoft's IE8 browser software also does not stop information on your movements from being sent to Google, Edelman found. If you select Manage Add-Ons (Tools>Manage Add-Ons) in IE8 and choose to disable the "Google Toolbar Helper" and "Google Side Bar", your Web surfing habits will still be reported back to Google, Edelman said. However, once the browser has been closed and re-opened the disable request does block future toolbar communication with Google.

Google added the fix available Tuesday would address this issue as well as eliminating the need for a browser restart.

Privacy Concerns

The fact that Toolbar continues to transmit any of your browsing history to Google after you've disabled the add-on contradicts the search giant's own statements about its Toolbar.

By agreeing to use Sidewiki and PageRank, you agree to send information about your browsing habits to Google. If you are using PageRank, for example, Toolbar sends Google browsing information such as domain names, directories, filenames, URL parameters, and search terms, according to Edelman. Google's Toolbar privacy policy also explains this by saying the enhanced features "operate by sending Google the addresses and other information about sites at the time you visit them.

Google clearly states on a help page for Toolbar's enhanced features that if you disable PageRank and Google Sidewiki these features "no longer send URL information back to Google."

What Should Google Do?

Google says it will make a download update for its toolbar available by the time you read this. Another option is to make sure you restart your IE8 browser after making any configuration changes to make sure changes stick.

Edelman says Google should delete any browsing information from its servers that has been collected as a result of what Edelman calls "nonconsensual data collection."

When asked, a Google spokesperson declined to comment on Edelman's request that nonconsensual data be deleted.

Connect with Ian on Twitter (@ianpaul)

This story, "Google Toolbar Tracks Some Browsing When It Should Not" was originally published by PCWorld.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies