Google Chrome Tracks Us Even When We Use VPN, TOR or Are Logged Out

Nowadays it is difficult to remain anonymous when using the Internet.

Some time ago, Google introduced an experimental mode, where a certain concise paragraph about X-Client-Data ensured that the implemented test features were not used to identify or track users. In February, Arnaud Granal, programmer of Kiwi - an open-source browser based on Chromium, expressed some doubts in The Register. He noticed then, that every user using the experimental functions receives a unique identifier. He also suggested that it could be used by Google to track people on the Internet. This, in turn, violates the general regulation on the protection of personal data (GDPR), issued by the European Union, because such an identifier is treated on an equal footing with personal data.

Google hasn't commented on the matter, but has fixed its privacy policy accordingly. The old text has been replaced by another one, which explains in a little more detail how X-Client-Data works.

This is the description of the X-Client-Data after changes.

What is the X-Client-Data?

An official document published by Google explains that X-Client-Data is used to collect information and describe various experiments and hidden functions (so-called Chrome Flags). When a user turns on a test of a particular feature that has not yet been officially launched, the browser generates a unique sequence of letters and numbers, which is hidden in the X-Client-Data header.

Example code generated by X-Client-Data.

Granal warns that whether we use VPN or even Tor (when using Google Chrome), we can be tracked using X-Client-Data. Google can see our traffic even if we are not logged into its services or when using a proxy. If you don't feel safe, you should start using other browsers that don't transmit information to Google's servers and don't generate X-Client-Data code.

• Google - official website
• Google Privacy Policy