A new controversy has erupted close on the heels of the Facebook/Cambridge Analytica data privacy issue that grabbed the attention of internet users around the world.
This time, the finger is being pointed at Google’s Chrome browser, which has a tool to scan malware within computers being run on Windows OS.
The tool, called Chrome Cleanup, has been in use since last year. But privacy concerns have only been raised now through an employee in a cybersecurity firm.
This employee, Kelly Shortridge of SecurityScorecard, found that her files were being scanned by Chrome without her knowledge. These files were in her ‘Documents’ folder.
This set her thinking if it was the appropriate thing for Google Chrome to do without having obtained her consent. And once she brought this into the public domain, there has been a flood of opinions and counter-opinions on the issue.
The Positive Factors in the Scan Tool
Those who feel that there is nothing wrong with the malware scanning tool in the Chrome browser argue that Chrome is actually protecting the user from possible breaches in the security of their devices. It is also being clarified from the side of Google Chrome that their purpose and intention in deploying this tool is purely to ensure that any malware in a system does not manipulate its browser.
In that narrow sense, Google Chrome seems to be suggesting that it is only protecting its own software from malware with the ultimate objective of protecting the user.
It cannot be denied that most hackers plant malware through illusive file attachments or downloads, and if the browser settings have a provision to periodically scan the files in the system and identify and isolate malware, some argue that it need not be seen as an invasion of one’s privacy.
The Process Explained
Google first began deploying the Chrome Cleanup tool last year.
The process has been explained this way: Google uses ESET’s antivirus program to scan the computer to check if there is malware that can harm the Chrome browser.
If an undesirable program is found, then the AV program sends a report to Google. Now, at this stage, the user queries if the offending file can be removed from the system. And at the bottom of the window, there is a boxed statement that reads, “Send details to Google.” By default, the box is ticked, enabling such a report being sent.
You are given the option to remove the tick, disabling this command. In view of all these actions, this section of cybersecurity experts feel what Chrome does is totally safe and not a cause for worry.
The Counter Arguments
On the other side of the spectrum are those who question Google and Chrome for having included this scan tool within the Chrome browser without an explicit statement to the users that such a tool exists.
It also possible many people are reacting this way since, as mentioned above, the Facebook and Cambridge Analytica data privacy issues have received extensive media coverage and the major question raised among users is: Who authorized Facebook to share the personal data it had collected from subscribers?
Even if the Chrome browser’s malware scan tool may not receive the same level of scrutiny as the Facebook backlash, the ethical question still remains why an individual’s files would be scanned, unilaterally, without informing/obtaining the consent of the owner of the files.
Clarifying the issue, a representative of Google’s security team wrote on Twitter that a Chrome user’s system will be scanned from time to time by the browser with the objective of detecting any undesirable software. This also appears under Chrome’s Privacy Whitepaper.
So, it is not as if Chrome has introduced this recently or it has not disclosed that the customers’ systems are subject to a scan.
The only conclusion could be that going forward, the Chrome browser setup sequence can have a separate prompt making the above statement and asking the user to “agree” to it. Alternatively, there can be a query just before the scan is activated to make the process known before any further action is taken.