Your privacy is important. While you might be happy with people watching you doing ‘acceptable’ things, what if you change in the future? What if the definition of ‘acceptable’ changes and you don’t agree? What if you live in a country where freedom of speech is restricted? Chromebooks can’t hide you on the internet but they can perform as a clean client from which you can work and walk away knowing that there’s no locally-stored record of your activity.
Elements of ChromeOS Security
Chrome OS has been designed from the ground up with security in mind. The OS is checked on each boot, applications runs within ‘sandboxed’ containers inside the browser and updates are automatic. There’s less code in the operating system compared to other PC operating systems and the open-source code in the OS has often been peer-reviewed in an open way. Chrome OS is easy to reset, easy to re-install and there’s a guest mode that removes everything once the user has logged out. Files stored in the download area are encrypted. (Files on an SD card are not encrypted.) ‘remote kill’ is not currently available. You can find more about ChromeOS and Chrome security here.
Virus and vulnerability reduced
There’s no guarantee that Chrome OS is virus-free or vulnerability-free but given the security controls, lack of attack vectors and the minimal amount of personal data available Chrome OS remains a lower-priority target for hackers and has less chance of vulnerabilities than some other operating systems. Given the amount of data that a single user could store in the cloud, however, it might become attractive as a vector in the future and it must be noted that there are probably more secure, less vulnerable operating systems available if you need them.
Security is not privacy
Security is the process focused on protecting your data and equipment from intruders. Privacy is the process focused on hiding your identity.
Clean Computing with Guest Mode and Power Wash.
It’s under guest mode that you can practice clean computing. Using guest mode you’ll be able to work, using a VPN if you wish, and exit within 1 second, leaving no trace of your activity within 4 seconds. As ChromeOS will have various records of a guest mode being used (and other activity) in its logs you can perform a Power Wash and have a completely clean Chromebook (or Chromebox) within 5 minutes. In a test on a Lenovo N20P I logged out of guest mode and performed a Power Wash in under 60 seconds.
Two keyboard shortcuts will help speed this clean-up for you and are worth remembering as a ‘panic sequence.’ CTRL-SHIFT-Q-Q is the way to quickly log out of any ChromeOS session and at the login screen you simply use CTRL-SHIFT-ESC-R to start the power-was process. After a reboot and confirmation you’ll see the system reset and reboot to a fresh install. Simple.
What’s not cleaned with PowerWash?
A Chromebook or Chromebox can not do everything needed to give you a breadcrumb-free online experience. Here are some further considerations related to online privacy.
- The access point or switch you used to connect to your network will have a record of your PCs unque network ID (a MAC address) and may have logged that with a time and a related IP address. The router you used to access the internet will also have logs of activity and will have tagged it with the MAC address.
- The DNS server used to convert URLs to IP addresses will have a log of the pages you visited while you were browsing (and possibly some that you didn’t visit as Chrome performs look-ahead resolution based on links in the page you are visiting.) You can limit this by using an alternative DNS service or a VPN service that tunnels the DNS request.
- If you use a proxy or VPN or Tor or any anonymity service, the entrance point on that service may have a log of the IP address you used to access the service. The IP address can be traced to a service provider and a clients cable modem. In that modem there may be a record of the device used to access the internet. You may be able to clear MAC records from an access modem/router. Portable 3G hotspots often have a reset button although record of when that hotspot was active on a carriers network will be available. Note that if you use a public hotspot or network you may not have control of the clearing of this data.
- If you use internet servers, which you will, those servers will record your IP address (or the address of an anonymity or VPN service which may, or may not, be recording your use of the service.)
- If you log onto services, the usage of those accounts will be logged.
- Disable the collection of anonymous data and disable Verified Acces (This service is used with Netflix, Chrome Goodies and other services.)
- The use of 3G/LTE services means a unique device identifier is sent to the service provider.
- Note that a Power Wash may leave a record of build-time or uptime that indicates a Power Wash was performed.
Chromebooks can’t make you invisible on the Internet but they can help to ensure you have a clean online experience. A Power Washed ChromeOS is the quickest and easiest way to ensure that you start and finish with as little risk as possible.
Thanks for providing this information Chippy.
Thanks for the feedback Peprita Heart.
From the Novitiate ;
We Oz ‘novices’ light ‘power-wash’ candles for you…
Thanks Chippy for this quick tip!! I also installed the History Eraser app on my chromebook and I launch it in “Dev” option… err… did you know that Google stores your data from the first time your light your Chromebook??? All nasty data are accessible via the “Remove items from your Google Web History”. There you can remove ALL the data related to your Google account, your Chromebook account, etc. BUT, to be sure to never to be tracked again (in a limited way, of course), you must in “Pause” mode ALL the Google trackers. These ones are accessible via the same Google page than “Google Web History”. I also learned that Google+ is a huge “open portal” of your data to all apps linked to your account. I don’t know about you but I do not care to be tracked as long as I am informed of what is tracked. In my case, it’s all my moves via Google, my installed apps, my account syncs, etc. That’s why I have deleted my Google+ account but I can not remove the location tracking history. Any person (administrative, justice, defense, hacker…) can locate my position via my Chromebook and/or when I login to my Google account. Great. In France, all these data can be stored BUT I have a right to ask the organism to delete them all. BUT as these data are not stored in France, the French laws don’t apply there… Frankly, between an “open” system (Chrome OS) and a “closed” system (Mac OSX), I frankly prefer the “closed” one: I have control over my data because of the enterprise policies to give the user his rights. With Google, if I had never installed this History Eraser app, I would never be informed that I was tracked from Day-1…
“did you know that Google stores your data from the first time your light your Chromebook???”
If you use your Chromebook under a Google account, yes. Guest mode is not associated with any user accounts. SO a freshly ‘Power Washed” Chromebook can be used under guest mode quite nicely. I will, however, be conducting a network capture to see if this is really true.