Hardening Google Chrome

This is part of a series of blog posts I’m writing about hardening your computer.

On my previous post, I explained why I decided to use Google Chrome. This time I’m going through the settings I use that increase its security and the privacy level without breaking most websites.

Let’s open Google Chrome’s settings!

Sync Settings

If you have signed in to Google Chrome you don’t mind Google knowing a little bit about your browser usage but that doesn’t mean you are okay with Google knowing everything!

By clicking on “Advanced sync settings” you can choose which information to sync with Google. My preference is to only sync Extensions and Settings, which is helpful when you need to install Chrome on another computer.

I don’t have any Theme or App installed. I also keep the number of extensions I have installed to a minimum – more about this in future posts.

Search

If you are concerned about the amount of information Google knows about you, choosing a different search engine could be a good idea. These are the ones I have considered myself:


All the following settings are inside what Chrome calls Advanced Settings, so look for a “+ Show Advanced Settings” link on the bottom of the settings page to view them.

Privacy

Some of these settings might break websites you visit, so be careful with what you choose here.

I recommend disabling all the settings on the list except for “Send a ‘do not track’ request with your browsing traffic” and “Protect you and your device from dangerous sites”.

The latter will expose which websites you visit to Google while potentially saving you from visiting a dangerous website. You might want to turn it off.

Content Settings > Cookies

I selected “Keep local data only until you quit your browser”. The difference here from the recommended settings is that whenever I restart Google Chrome websites I had logged in previously will require me to login again, but this means there is less information stored on my browser that could leak.

Because I’m using a password manager, signing in to a website is very easy as I no longer need to type or remember my password.

I also toggled “Block third-party cookies and site data” these cookies are usually set by websites to track you, although sometimes there are legitimate usages.

In any case, there is a “Manage exceptions” button that allows you to override these settings for individual websites if they do not work properly.

Content Settings > Plug-ins

In here I have selected “Let me choose when to run plug-in content” which tells Google Chrome to ask for your permission before any plug-in is executed.

I have however, enabled the PDF viewer to run without my permission by clicking on “Manage individual plug-ins” and choosing “Always allowed to run”. If you never want to run any Flash content, you could disable it in here too.

Password and forms

I already have a password manager and I don’t want to share my password with any other tool, so I have unselected every option here.

Languages

I have disabled “Offer to translate pages that aren’t in a language you read.” as I don’t use this feature often and it will prevent Chrome from sending information to Google about the websites I visit.


I also encourage you to disable Hyperlink auditing, this is a mechanism to inform servers of the links you click. In order to disable this, we need to go to a hidden area of Chrome by typing chrome://flags/#disable-hyperlink-auditing on the URL bar.


With these settings applied there is only one thing left to configure on our Google Chrome and that is an ad blocker extension. See you on the next blog post!