Google Chrome is the most-used browser in the US and the world, on desktop computers and phones. If you use Chrome, you must take the time to set your security and privacy settings.
Google is known for building strong security into its software, and Chrome has a track record of good security. However, Google is also known for not respecting user privacy. As an advertising company, it’s in Google’s best interests to collect data about its users and use that data for its advertising. For this reason, many privacy-minded people choose not to use Google Chrome. But, because Chrome is so popular, I want to let you Chrome users know how you can use it more securely and privately.
This guide covers the full, desktop version of the Chrome browser. The settings and steps are similar for the Chrome mobile apps.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
If you use Chrome to use Google websites (Gmail, Google Drive, Google Calendar, YouTube, etc.), then Google can collect data from you on all those sites as well, providing much more data than they get from Chrome alone. You should also check out the Google Account Security & Privacy Guide.
This guide was last updated for Chrome 78 on a MacBook Pro. The settings and steps may differ based on the OS and device.
Google Chrome Security And Privacy Using Its Settings
In Chrome, click the More icon (3 vertical dots), then click Settings. The settings screen will appear, with several sections of settings. At the bottom of the Settings screen, you can click Advanced to see more settings. You’ll also see a menu in the top left of the screen for quick navigation to the sections. We’ll go through the settings in the order they appear.
People
The settings you see in the People section will depend on whether you’ve allowed Chrome sign-in or sync. I highly recommend that you disable sign-in and sync, to reduce the amount of data Google collects and stores about you.
In the Settings menu on the left, click Advanced, then Privacy and security. Toggle Allow Chrome sign-in to Off.
The basic browser mode stores information locally on your system. … The personal information that Chrome stores won’t be sent to Google unless you choose to store that data in your Google Account by turning on sync. … You also have the option to use the Chrome browser while signed in to your Google Account, with or without sync enabled. … When you sign in to the Chrome browser or a Chromebook and enable sync with your Google Account, your personal information is saved in your Google Account on Google’s servers so you may access it when you sign in and sync to Chrome on other computers and devices. … When you enable sync with your Google Account, we use your browsing data to improve and personalize your experience within Chrome.
Google Chrome Privacy Notice
Learn more about Chrome sync. You can also see and delete your Chrome sync data.
If you turn on sync:
Click Sync to configure Advanced sync settings. Use the toggles to choose which items are synced.
Under Encryption options, choose Encrypt synced data with your own sync passphrase. By setting your password, you prevent Google (and others) from reading your data.
Sync and Google services
These settings send your data to Google, so I recommend disabling as many as you can do without. Let’s look at them.
Autocomplete searches and URLs: I recommend disabling, to prevent Google from recording what you type in the address bar. However, this feature makes searching faster.
Show suggestions for similar pages when a page can’t be found: I recommend disabling.
Safe Browsing (protects you and your device from dangerous sites): I recommend enabling. Because so little data is shared with Google, it’s a minimal privacy concern, and it’s worth it for the additional security.
Help improve Chrome security: I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable if you’d rather not send your data (even anonymized data) to Google. Google says, “The reports are sent to Google over an encrypted channel and can include URLs, headers, and snippets of content from the page and they never include data from browsing you do in Incognito mode.”
Help improve Chrome’s features and performance: I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable if you’d rather not send your data (even anonymized data) to Google. Google says, “These statistics do not include any personal information. Crash reports contain system information gathered at the time of the crash, and may contain web page URLs or personal information depending on what was happening at the time of the crash. … no information can be inferred about any particular user’s activity.
Make searches and browsing better: I recommend disabling to share less data with Google. Google says, “… usage statistics include information about the web pages you visit and your usage of them … The usage statistics are not tied to your Google account. … Externally published reports are conducted in a highly aggregated manner to not reveal an individual user’s identity.”
Autofill
Passwords: I recommend disabling Offer to save passwords and Auto Sign-in. I recommend using a password manager such as LastPass instead.
Payment methods: I recommend disabling Save and fill payment methods. Again, I recommend using a password manager such as LastPass instead.
Addresses and more: I recommend disabling Save and fill addresses. Again, I recommend using a password manager such as LastPass instead.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
Search Engine
Search engine used in the address bar: You can consider using a search engine that respects user privacy, such as DuckDuckGo. In my experience, DuckDuckGo doesn’t provide results as good as Google. I like Startpage, which you can add as a browser extension (I’ll cover that later).
Privacy and security
At the bottom of the Settings screen, click Advanced to see more settings, including Privacy and security. I wish Google didn’t hide these important settings behind an extra click.
Allow Chrome sign-in
“By turning this off, you can sign in to Google sites like Gmail without signing in to Chrome.”
I recommend disabling, to give Google less of your data.
Send a “Do Not Track” request with your browsing traffic
Enable. Many sites don’t support this anyway, but it’s worth enabling for those that do.
Allow sites to check if you have payment methods saved
I recommend disabling. I haven’t needed it because I don’t store payment info in Chrome; I recommend using a password manager such as LastPass to store payment info instead. You can consider enabling if you find a true need for it.
Site Settings
Cookies and site data. Enable Block third-party cookies. Third-party cookies are cookies from sites other than the one that you’re on at the moment. They’re often (but not always) used for marketing and tracking purposes. Disabling them may cause problems. Chrome will show a cookie icon in the address bar. You’ll be able to click it and then choose to allow that site to set cookies in the future.
When you do, you can also click Show cookies and other site data and then the Blocked tab to see which cookies are being blocked. You then have 2 options (buttons): Allow and Clear on Exit. Allow allows those cookies in the future. Clear on Exit stores the cookie only until you close/quit Chrome, then the cookie is deleted.
Pop-ups and redirects: Set to Blocked (recommended) by toggling to on/Allowed.
Ads: Set to Blocked on sites that tend to show intrusive ads (recommended) by toggling to on/Allowed.
Clear browsing data
You can use this to selectively delete data from Chrome. You can choose the data and time range to delete.
Languages
I recommend choosing Basic spell check, because Enhanced spell check sends what you type to Google.
Chrome Privacy and Security: Using Google Chrome Safely
Chrome is frequently updated, and updates often fix security vulnerabilities, so install them as soon as possible. Chrome automatically updates itself when you open it, but if you leave Chrome open for a long time (days) without closing it, it won’t be able to update itself. When an update is available, you’ll see an arrow icon in the top right corner of Chrome. Click it to update.
Chrome has made a big deal about securing data between the browser and websites via HTTPS. The address bar will warn you when the site you’re on is Not Secure. Don’t enter sensitive info (financial, medical, personally-identifiable) in pages that don’t show the padlock icon and https in the address bar.
However, not all sites that use HTTPS are legitimate! Malicious sites, such as phishing and scam sites, frequently use HTTPS. So you should still ensure that the site you’re on is legitimate, regardless of whether it uses HTTPS.
Install extensions only from the Chrome Web Store, and only install extensions from outside it if you truly trust them. Before installing any extension, check its ratings and reviews, and search online for reviews from reputable tech sites.
Chrome supports hardware tokens like the Yubikey for two-factor authentication, which is safer than using SMS/text messages for two-factor authentication.
Incognito Mode
Like many browsers, Chrome has a private browsing mode that limits the amount of data the browser stores about the browsing you do in that mode. Chrome calls this Incognito mode.
In Chrome, click the More icon (3 vertical dots), then click New Incognito Window. Chrome briefly explains what Incognito mode does:
Now you can browse privately, and other people who use this device won’t see your activity. However, downloads and bookmarks will be saved.
Chrome won’t save the following information:
Google Chrome
Your browsing history
Cookies and site data
Information entered in forms
Your activity might still be visible to:
Websites you visit
Your employer or school
Your internet service provider
Learn more about private browsing.
Google Chrome Security And Privacy Extensions
There are many security and privacy extensions available for Chrome. Here are some essentials:
- LastPass: password manager (or use your password manager of choice)
- DuckDuckGo Privacy Essentials: blocks third-party trackers and shows a privacy grade for websites. If you notice that it prevents a website from working properly, you can whitelist that site, temporarily or permanently. If you’re technical and want something with more controls, look at uBlock Origin.
- Startpage.com: a search engine that gives you Google search results without tracking your activity or passing your data to Google.
By default, Chrome extensions are disabled in Incognito mode. This is to prevent extensions from recording your browsing activity when in Incognito mode. However, you generally want security and privacy extensions to protect you even in Incognito mode. To enable them:
- Paste chrome://extensions/ into the address bar and hit Enter.
- For each extension that you want to enable for Incognito mode, click the Details button below the extension.
- To the right of Allow in incognito, click the toggle so that it turns blue (enabled).
- Repeat for other extensions, as necessary.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.
