[GUIDE] Configure Chrome for Privacy and Security

Just some tips to keep things secure and private. I use Chrome Canary, which is v18 and includes the PPAPI Flash plugin. I don't know if other versions include it. I would suggest that if you want a separate private Chrome that you consider Canary*, since it is a separate installation and will not share about:flags preferences. You can also try Chrome portable:
http://portableapps.com/apps/internet/google_chrome_portable

*Canary is "bleeding edge" Chrome - it is not always stable. Sometimes it flat out won't work for a day or two. It may be preferable to just use a portable version.

Using Tor with Chrome

http://lifehacker.com/5614732/create-a-tor-button-in-chrome-for-on demand-anonymous-browsing



Disable anything that may "leak" information (recommended if you use TOR):


Block 3rd Party Cookies and set plugins to "Click to Play" (Not shown: Block tracking of physical location):




Some privacy/ security oriented extensions:


Links for those extensions:

Adblock Plus:
https://adblockplus.org/en/development-builds#installation

Adblock Plus Beta/ Experimental use the WebRequestAPI to block ads within plugins. It also provides Do Not Track functionality.

PasswordFail Extension:
https://chrome.google.com/webstore/detail/ockgeenjbijlgilppfieaklfopnbdpge

PasswordFail informs you when a site uses weak or no encryption when you're entering your password.

KB SSL Enforcer:
https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof

KBSSL Enforcer is an attempt at "HTTPS Everywhere" for Chrome.

Proxy Switchy!
https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj

Allows switching proxies - this is how you get your TorButton working.

TrafficLight
https://chrome.google.com/webstore/detail/cfnpidifppmenkapgihekkeednfoenal

BitDefender's tool that informs about tracking on pages and blocks malicious content.

View Thru
https://chrome.google.com/webstore/detail/jkncfnbcgbclefkbknfdbngiegdppgdd

View Thru shows shortened urls as their full counterpart.

ScriptNo Experimental
https://code.google.com/p/scriptno/downloads/list

Allows referrer/domain spoofing, browser spoofing, blocking unwanted content, blocking social widgets, blocking tracking, and of course blocking various scripts/tags.


Miscellaneous:
You can disable WebGL in about:flags.
Canary users can use the PPAPI Flash, which is more secure than the NPAPI version.


about:flags

Disable HTML5 interactive form validation Mac, Windows, Linux, Chrome OS
Disable showing validation messages and preventing form submission.
Enable


Disable hyperlink auditing Mac, Windows, Linux, Chrome OS
Disable sending hyperlink auditing pings.

Did I miss anything?

 

Nice guide, haven't seen some of those extensions before.

 

Thanks for the guide. Are there any ramifications to running extensions in incognito mode?

 

Yes. If you run an extension in incognito it will have access to your incognito tabs/ whatever the sandbox allows it to.

So if Adblock plus need "Acess to all data on all webpages" it can now access that in incognito. If an extension is compromised or is malicious and you allow it to run incognito it will be able to see what you're doing.

 

OK, thanks. Sometimes the obvious escapes me.

 

I hadn't heard of Canary Chrome. Thanks for the heads up. What are "about:flags preferences"?

 

Type "about:flags" into the chrome URL bar and it will show some experimental features.

 

I'm not sure that I understand why you have all of these unchecked? Prediction services etc...

 

Because they're communicating with Google. Normally I have no issue with that - they provide a great service. If you're using something like TOR you want to limit any communications with any service to avoid data leaking.

As I said

There are also privacy implications in general with these services - that's why Google has listed them in the "Privacy" section.

 

Thanks for explaining that. And thanks for recommending Canary. I just downloaded it. Is there a portable version of it that you recommend?

 

great guide Hungry Man

my chorme doesn't want to install TrafficLight , is there a component that could be incompatible with it?

by the way , it's off topic is there a PasswordFail Extension for firefox
i use both

thanks for the guide
cheers

 

It's explained here:

Thus, Canary can be rather problematic whereas Dev has undergone at least some testing. I'd prefer the latter.

 

Canary is definitely not as stable as developer. The reason I would suggest it is purely because it allows a separate install.

In retrospect I think a portable version would actually be the superior option so I will link to that in the first post.

 

What version of chrome? What error comes up?

 

Nobody has mentioned cookies so far, I use chrome here is cookie editor https://chrome.google.com/webstore/detail/iphcomljdfghbkdcfndaijbokpgddeno?hl=en

 

Well all cookies should be cleared once the browser is closed + no 3rd party cookies can be set.

 

No..not all, for example not for wilder's or other forums, other wise you would have to login again.

 

True. Just the third party ones I suppose.

 

Can't you make a whitelist of cookies that should last for more than a single browser session? That's what I do in Firefox (with the help of "Cookie Whitelist, With Buttons" extension).

 

Wise decision. I have a Chrome Portable here that I sometimes "play" with. It's the Dev build:

From: http://portableapps.com/apps/internet/google_chrome_portable

Download Google Chrome 18.0.1025.7 Dev
for Windows, Multilingual
1+24MB download / 76MB installed

 

Yes, you can whitelist.

 

I thought it was impossible to whitelist cookies in chrome. I use vanilla for keep some cookies and i've configured chrome for deleting all cookies at close (vanilla protect which i choose to keep)

EDIT : cookies is really better than vanilla !
But what's the advantage of encrypted storage ? It protects from a cookie stealing ?

 

If your cookie is encrypted it can't be spoofed by things like FireSheep to gain access to accounts or information.

You can whitelist cookies - I don't have access to windows right now or I'd explain.

 

Do you use it ? Or other ?
I don't understand how to access to options panel for the extension cookies.

 

Under The Hood -> Content Settings -> Manage Exceptions

You can then whitelist and blacklist.