Hi,
considering ChromeOS's outstanding security compared to Windows or GNU/Linux, I wonder how good its privacy is, especially with respect to Google, if you have adjusted all settings to be as private as possible?

Surprisingly I could find only very little about it while doing a quick search. Does anyone know a bit more about it?

Best regards,
TheGodfather

@alex would know about that. Telemetry should be gated by a few toggles you can easily disable. Still, you probably need to use a Google account in practice.

Now, privacy can't only be simplified to telemetry. Common Linux distributions may have limited telemetry out-of-the-box, but that doesn't mean they don't have privacy issues. I don't think anyone would think that installing a software which has access to all your data, and is often written in a memory unsafe language, can be deemed as privacy-friendly. That is how it works on traditional desktop systems such as these Linux distributions since they don't have an intuitive and efficient sandboxing model right out of the gate.

Needless to say, you hardly get privacy without features that seem at first to be security-oriented.

ChromeOS is a distribution of Linux, but doesn't use the same traditional software stack. It has a security model similar to what you'd find on Android, and was in fact one of the first publicly available operating systems to push verified boot. The sandboxing model means that third-party software can't do as much damage should they be invasive or malicious. In that sense, ChromeOS is much more private than traditional Linux distributions.

(But of course, if for some reason you absolutely distrust the first-party responsible for maintaining your OS, then you shouldn't probably use it.)

    While I haven't Wiresharked the entire thing, here are some points to consider regarding ChromeOS and privacy:

    • A Google account is mandatory, unless you want to use guest mode forever (which might be ok in certain use cases, actually). However, what the Google account does, is largely up to the user. You can just use it as a throwaway login, or you can use it as your full digital identity including for e-mail, social media, backups etc. Keep in mind that most people actually benefit from a built-in password manager, cross device syncing, Google Drive and reliable backups, but using those is absolutely not mandatory.
    • If you want to compartmentalize your activities, you can use multiple accounts on the same machine, similar to GrapheneOS. One account could be completely minimal and also routed through Orbot or a VPN, for more "private" activities
    • Telemetry is completely optional, similar to the browser Chrome
    • Additionally, you are free to use the alternatives of your choice (e.g. DuckDuckGo, e-mail PWA such as Tutanota, messengers like Element or Wire) to decouple your activities from your Google account
    • If you want to use common Linux apps like LibreOffice, Tor Browser, Thunderbird etc., you can do so using the Linux environment. You can even create separate guest VMs for each of them, completely isolating them from the rest of the system

    Keep in mind that while this sounds like a tedious "selective privacy" approach, you can really disable practically everything, including Play Store and Google Drive integration, and then just use some PWAs in Chrome and isolated Linux apps you trust. You will still benefit from very timely OS updates, full verified boot, sandboxing and running hardened Linux VMs with dm-verity that you will have difficulties finding elsewhere.

      Thx alex and Wonderfall for pointing out a lot of the benefits of ChromeOS. Yes, security and third-party privacy is without a doubt great. I am also interested into getting more info about first-party privacy (Google and Chromebook vendor).

      Since it has been a trend for quite some time to provide customers with toggles to seemingly provide privacy, while still collecting vast amounts of data, I am still a bit cautious regarding the effectiveness of these privacy settings, and whether this really turns off telemetry and data collection completely.

      Just to give you an example, why I don't trust a few UI toggles: Microsoft makes it pretty cumbersome to turn off all telemetry on Windows. If you click through all UI privacy toggles and you think that you did everything important, Microsoft will still collect huge amounts of telemetry. I am a Windows user myself and not a Microsoft or big tech hater, but seriously Microsoft? So you are smart and go a step further and set telemetry level to 0 (on Enterprise edition). But even then there is still telemetry as this blog shows with a MITM attack : https://www.softscheck.com/en/privacy-analysis-windows-10-enterprise-telemetry-level-0/

      That's just one of many examples, where companies talk you into believing privacy by introducing a few privacy toggles. And if companies make even more money with your data than Microsoft, like Google does, then I am even more cautious.

      The thing is, I couldn't find anything meaningful about ChromeOS's first-party privacy while searching the web. No telemetry write-up of Google, no analysis of ChromeOS's privacy policy, no studies, no MITM.

      So if someone with a Chromebook had the knowledge and time to do a MITM attack to look into telemetry, that would be absolutely awesome. Hopefully ChromeOS doesn't have certificate pinning. Maybe the PrivacyGuides contributers also have an interest in doing something like this (@TommyTran732)?

        TheGodfather You can also create a Chrome OS Flex USB stick and try it out yourself. Runs on most x86 devices without problems

        Edit: should add that most of the telemetry functionality is probably open source as part of the Chromium project, and can therefore be audited.