How isolated are Chrome profiles from each other?
June 26, 2019 12:02 AM   Subscribe

On my Mac I use multiple Chrome profiles for different purposes — one profile is exclusively for Facebook, one is for Amazon, etc. — and each profile has its own unique content settings tailored to those purposes. I use Safari for all other general browsing. I’m curious how siloed Chrome profiles actually are. Can a website in one profile know what's happening in another profile? Has anyone seriously looked at what browsing data might be shared across them? Is it even possible for researchers to make that assessment with any confidence?

I’m already aware of privacy problems with Google’s collection of data in general, so I’m not really looking for speculation that’s based on those issues. My specific question is if, for example, one Chrome profile is logged into Amazon and another is logged into Gmail, is there any way to know if the Gmail profile can see what I’m shopping for on Amazon or if any cookies, tracking data, etc. get shared between them.

Yes, I’ll probably switch to Firefox at some point, given reports that future Chrome versions might break content blockers, but at the moment I’m using Chrome.
posted by theory to Computers & Internet (4 answers total) 1 user marked this as a favorite
There are two ways a server can recognize a browser: the browser stores identifying information (a cookie), or the server stores identifying information (a fingerprint).

If you have two profiles running on the same computer, they should not share cookies. So you will not inadvertently see yourself logged to some site as the other user. (It is possible for "super-cookies" such as Flash app storage to bypass this, but browsers generally treat that as a bug and try to fix it.)

If you have two profiles running on the same computer, they will have the same fingerprint. They have the same IP address, the same fonts installed, the same CPU and graphics card, the same default and maximum window size. So a server that has fingerprinted one profile will usually be able to identify the other profile. Big companies like Google and Amazon may try to avoid using the same tracking services as each other, but you have no way of confirming that.
posted by Phssthpok at 12:11 AM on June 26, 2019 [3 favorites]

Phssthpok offers a good answer. (Source: am a web developer; am not a privacy/security specialist.)

As far as I know, no one has figured out a good way to defeat browser fingerprinting.

Is it even possible for researchers to make that assessment with any confidence?

Again, I'm not a privacy specialist, but: even if you're using separate profiles, it's probably best to assume that there will be some leakage. For example, I sometimes log into my work Facebook account, at work. I see tons of friend suggestions of people who I'm friends with on my personal Facebook account. (I do log into my personal FB account at work, but always in an incognito window. So, however Facebook is determining that I know these people, it isn't via cookies. It must be through browser fingerprinting, or some machine-learning algorithm that has connected some dots.)

Here's another reason to consider ditching Chrome for Firefox (which I recently did – it's going well so far).
posted by escape from the potato planet at 4:18 AM on June 26, 2019 [1 favorite]

If there's good research on this topic, I haven't been able to turn it up. Anecdotally I had used Chrome for work and personal profiles for ~2 years or so and had not noticed any of the kind of information leakage you are specifically asking about (tracking data, cookies, searches, etc.).

For example, I buy a lot of cat-related things on Amazon (food, toys, accessories) and haven't seen any ads for those. And as long as I don't use my personal profile to search for work-related things (which sometimes happens) I don't get ads in my personal profile for the same things I get ads for in my work profile.

Lots has been written about how to use Chrome profiles, but precious little seems to have been written about how silo'ed the profiles are.

One thing I can point to - the data is stored in different paths on disk. On Linux, for example, the main profile is /home/user/.config/google-chrome/Default and the second user is /home/user/.config/google-chrome/Profile 1.

There's a little info about the profile implementation available via the Chromium project. One thing you didn't ask about but may find interesting is that, at least on macOS, if users share the same macOS user but different Chrome profiles, they may be able to see one another's passwords stored in Chrome. "Because passwords are stored in the commonly accessible keychain, it will be possible for a user in one account to access the passwords that have been stored on that machine by a user with another account."

That may also be true of other browsers, of course.

These days I use Firefox for my personal browsing, and Chrome for work since we are more or less all-in on Google Suite for mail, docs, etc. My employer has chosen to trust Google with their data, I have decided to avoid it as much as possible.
posted by jzb at 5:52 AM on June 26, 2019

I browse / work using Chrome, and use Firefox Facebook Container for Facebook and Amazon.
posted by JamesBay at 9:54 AM on June 26, 2019

« Older Hiding incognito mode in Firefox settings   |   A question about pronouns Newer »
This thread is closed to new comments.