Google Chrome is the most-used browser in the US and the world, on desktop computers and phones. If you use Chrome, it’s critical that you take the time to set your security and privacy settings.

Google is known for building strong security into its software, and Chrome has a track record of good security. However, Google is also known for not respecting user privacy. As an advertising company, it’s in Google’s best interests to collect data about its users and use that data for its advertising. For this reason, many people (including me) choose not to use Google Chrome. But, because Chrome is so popular, I want to let you Chrome users know how you can use it more securely and privately.

This guide covers the full, desktop version of the Chrome browser. The settings and steps are similar for the Chrome mobile apps.

For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.

If you use Chrome to use Google websites (Gmail, Google Drive, Google Calendar, YouTube, etc.), then Google is able to collect data from you on all those sites as well, providing much more data than they get from Chrome alone. So, in the future I’ll publish a guide to the settings within your Google account.

Note: this post contains affiliate links.

Chrome Settings

In Chrome, click the More icon (3 vertical dots), then click Settings. The settings screen will appear, with several sections of settings. At the bottom of the Settings screen, you can click Advanced to see more settings. You’ll also see a menu in the top left of the screen for quick navigation to the sections. We’ll go through the settings in the order they appear.

People

The settings you see here will depend on whether you’ve allowed Chrome sign-in (in Settings > Advanced > Privacy and security > Allow Chrome sign-in). Learn more about Chrome sync. See and delete your Chrome sync data.

If you don’t turn on sync:

Passwords: I recommend disabling Offer to save passwords. I recommend using a password manager such as LastPass instead.

Payment methods: I recommend disabling Save and fill payment methods. Again, I recommend using a password manager such as LastPass instead.

Addresses and more: I recommend disabling Save and fill addresses. Again, I recommend using a password manager such as LastPass instead.

If you turn on sync:

Click Sync to configure Advanced sync settings. Use the toggles to choose which items are synced.

Under Encryption options, choose Encrypt synced data with your own sync passphrase. By setting your own password, you prevent Google (and others) from reading your data.

Passwords: I recommend disabling Offer to save passwords. I recommend using a password manager such as LastPass instead.

Payment methods: I recommend disabling Save and fill payment methods. Again, I recommend using a password manager such as LastPass instead.

Addresses and more: I recommend disabling Save and fill addresses. Again, I recommend using a password manager such as LastPass instead.

Search Engine

Search engine used in the address bar: You can consider using a search engine that respects user privacy, such as DuckDuckGo. Unfortunately, in my experience, none of the privacy-respecting alternatives provides results as good as Google.

Privacy and security

At the bottom of the Settings screen, click Advanced to see more settings, including Privacy and security (why are these hidden behind an extra click?).

Allow Chrome sign-in. By turning this off, you can sign in to Google sites like Gmail without signing in to Chrome

I recommend disabling, to give Google less of your data.

Use a prediction service to help complete searches and URLs typed in the address bar

I recommend disabling, to prevent Google from recording what you type in the address bar. However, this feature definitely makes searching faster.

Use a prediction service to load pages more quickly

According to Google, “If you turn this setting on, websites and any embedded content that are pre-loaded may set and read their own cookies as if you had visited them, even if you don’t.”

I recommend disabling. If you have a slow Internet connection, I can see how this may be helpful, but you need to weigh the privacy implications with the convenience.

Use a web service to help resolve navigation errors

According to Google, “When you can’t connect to a webpage, you can get suggestions for other pages like the one you’re trying to reach. Chrome sends Google the web address of the page you’re trying to reach to offer you suggestions.” I recommend disabling.

Safe Browsing. Protects you and your device from dangerous sites

According to Google, “When you visit a website, Chrome checks it against a list of websites stored on your computer that are known to be bad. If the website matches anything on the list, your browser sends a partial copy of the address to Google to find out if you’re visiting a risky site.”

I recommend enabling. Because so little data is shared with Google, it’s a minimal privacy concern, and it’s worth it for the additional security.

Help improve Safe Browsing. Sends some system information and page content to Google

I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable if you’d rather not send your data (even anonymized data) to Google.

Automatically send usage statistics and crash reports to Google

Google says, “These statistics do not include any personal information. Crash reports contain system information gathered at the time of the crash, and may contain web page URLs or personal information depending on what was happening at the time of the crash. … no information can be inferred about any particular user’s activity.”

I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable if you’d rather not send your data (even anonymized data) to Google.

Use a web service to help resolve spelling errors. Smarter spell-checking by sending what you type in the browser to Google

I recommend disabling. Sends what you type to Google. You’ll still get spell-checking provided by Chrome’s own dictionary.

Send a “Do Not Track” request with your browsing traffic

Enable. Many sites don’t support this anyway, but it’s worth enabling for those that do.

Allow sites to check if you have payment methods saved

I recommend disabling. I haven’t had a need for it because I don’t store payment info in Chrome; I recommend using a password manager such as LastPass to store payment info instead. You can consider enabling if you find a true need for it.

Content settings. Control what information websites can use and what content they can show you

Cookies. Enable Block third-party cookies. Third-party cookies are cookies from sites other than the one that you’re on at the moment. They’re often (but not always) used for marketing and tracking purposes. Disabling them may cause problems. Chrome will show a cookie icon in the address bar. You’ll be able to click it and then choose to allow that site to set cookies in the future.

Pop-ups and redirects: Set to Blocked (recommended)

Ads: Set to Blocked on sites that tend to show intrusive ads (recommended)

Clear browsing data: You can use this to selectively delete data from Chrome. You can choose the data and time range to delete.

Using Google Chrome Safely

Chrome has made a big deal about securing data between the browser and websites via HTTPS. The address bar will warn you when the site you’re on is Not Secure. Don’t enter sensitive info (financial, medical, personally-identifiable) in pages that don’t show the padlock icon and https in the address bar.

However, not all sites that use HTTPS are legitimate! Malicious sites, such as phishing and scam sites, frequently use HTTPS. So you should still ensure that the site you’re on is legitimate, regardless of whether it uses HTTPS.

Incognito Mode

Like many browsers, Chrome has a private browsing mode that limits the amount of data the browser stores about the browsing you do in that mode. Chrome calls this Incognito mode.

In Chrome, click the More icon (3 vertical dots), then click New Incognito Window. Chrome briefly explains what Incognito mode does:

Now you can browse privately, and other people who use this device won’t see your activity. However, downloads and bookmarks will be saved.

Chrome won’t save the following information:
Your browsing history
Cookies and site data
Information entered in forms

Your activity might still be visible to:
Websites you visit
Your employer or school
Your internet service provider

Learn more about private browsing.

Chrome Security & Privacy Extensions

There are many security and privacy extensions available for Chrome. Here are some essentials:

  • HTTPS Everywhere: forces webpages to use HTTPS (a secure connection) whenever it’s available
  • LastPass: password manager (or use your password manager of choice)
  • uBlock Origin: web content blocker that’s fairly technical, so if you find it overwhelming, Privacy Badger is a simpler alternative