Oh, this steaming pile of FUD again. It combines a slick presentation with half-truths and misleading statements.<p>This article conflates data sent from Chrome to search and other public APIs with data sent from Chrome to Chrome APIs for metrics/telemetry and safe search.<p>The data sent to Chrome APIs like Safe Search, UMA/UKM, stored passwords, auto-fill data and Sync <i>cannot</i> be used to build an ad profile - thanks EU!<p>With that in mind, let's go through the article.<p>1. The Omni-box: This data is sent to the Google Search API. So you shouldn't type anything there that you wouldn't send in Google Search. The article is correct here.<p>2. The amount of money Google gets from Chrome: very very little. The only source of revenue Google gets from Chrome are the ads on the Home page (if that's not disabled). These are just normal ads and don't get access to any special Chrome information. The article implies that Chrome is a significant part of the "257 billion in revenue", but that's not true. Google operates Chrome at a loss. Why does Google operate Chrome if it loses money? Because having a free and open web is essential to Google's main business of search. If the web is hidden behind login prompts or Flash animations or take off entirely into an App then Google's main business, search becomes much less useful (and therefore profitable). So Google is standing against the App-ification and Facebook-ization of the web (and also standing for it - big organizations are complicated and the right hand rarely knows what the left is doing).<p>3. Chrome does collect data about Chrome's performance on the websites you visit (assuming you opted in to sharing anonymous metrics). This data heavily anonymized (dropping data that doesn't appear for at least 50 users) and access is limited (need to know only). It is intended to be used to improve Chrome - finding slow things to make faster, things that use to much memory to use less, and to help fix things that crash the browser. It explicitly can't be used for ads purposes and can't even be shared outside of the Chrome teams. Each use case requires a separate privacy approval. This is also the case for any other Chrome APIs you might use (page translation, Sync, etc - really everything except the Omni-box).<p>4. Incognito protects against anything in the Omni-box being associated with your profile and uses temporary storage for all website data. Chrome still gets anonymous telemetry/metrics, which is probably how the article justifies saying Chrome still collects data.<p>5. Google Chrome as a "central hub". I honestly have no idea what this is trying to say. Yes, you use a web browser as a common way to visit many websites. If Chrome is a "central hub" for this then so.is every web browser.<p>6. Google maps. Yes, when you browse Google maps in Chrome, Google maps records what you look at, what your zoom level is and other things like that, but it's nothing to do with Chrome. It does that for every web browser.<p>7. "Your data is retained indefinitely". This is not true. Google has to follow EU law regarding information retention which places strict limits on how long information can be retained, even "for business purposes". Chrome can't keep non-anonymized data for more than a couple of months and anonymous data more than a couple of years. This is probably the most blatant lie in the piece.<p>8. Chrome bugs. The piece then refers to several Chrome bugs with privacy implications with scare quotes to imply they are intentional. This is very far from the case, as Chrome takes privacy very seriously. Chrome has a strong bug bounty program that pays users for reporting bugs like this to be fixed. If there were an intentional plan to add "bugs" for nefarious purposes then you would think they would fit a common theme or actually benefit Google in some way. Instead they just point to a couple of scary sounding bugs and wave their hands.<p>9. Manifest v3 - aka the end of ad block. This doesn't prevent ad blockers. It just moves to a declarative API instead of a functional one for request blocking. This means that the extension just had to say, in advance, what requests to block instead of being called for each request on an ad hoc basis. This avoids about 4 inter-process calls for each resource request. Needless to say that makes browsing the web much faster. If Chrome were actually against as blockers then it wouldn't ship with it's own ad blocker, based on EasyList, which it uses to identify and body ads that significantly disrupt the use experience (violating ad standards or using too many resources).<p>I'm not saying that Chrome is the most private web browser - far from it, but I'd rather criticize them for what they are doing than for a bunch of stuff that they aren't.<p>For instance, Chrome is likely going to be the last browser to get rid of third party cookies. Part of it is that Chrome was a bit late to the privacy party. The other part is that, since Google is also an advertiser, any major move they make that adversely affects advertisers can be seen as anticompetitive. The UK's Competition and Markets Authority has delayed Chrome's planned 3rd party deprecation by years and eventually forces Chrome to water it down into some sort of "user choice" thing that's rolling out...sometime. And even when Chrome gets rid of third party cookies, there's still the dumpster fire that is Related Website Sets allowing for some domains to effectively keep 3rd party cookie equivalents.