How to use a Chromebook in a more secure and privacy-respecting way

Chrome OS login

Last month, I bought a 2013 Chromebook Pixel. Prior to that I’d been using a Lenovo ThinkPad X220 running elementaryOS for around six months and. Before that, I’d used MacBooks or MacBook Pros since 2006.

My original intention when buying the Pixel was to use something like Gallium OS, a special distribution of Linux for Chromebooks. Unfortunately, because of the Pixel’s super-high resolution, it was rendered almost unusable. In the last couple of weeks, therefore, I’ve started using Chrome OS as my main operating system. While I’ve got a Mac Mini Server which I use for Plex and recording/editing podcasts, 95% of what I do is now on the Pixel. It’s an amazing device with a great screen.

This news may come across as odd for those who know me as the type of person who is concerned about the privacy and security of the software and hardware I use. After all, I presented on the dangers of government and corporate surveillance at the Indie Tech Summit and, just today, I persuaded my wife that, for privacy reasons, we should ditch Telegram in favour of Signal by Open Whisper Systems. So how is using a Chromebook as my main device compatible with this? Doesn’t everything I do just get hoovered up and/or monitored by Google?

Well, no, actually. Chrome OS is based on the Open Source Chromium OS, which can be compiled from downloaded source code. It’s essentially Linux. The chances are that, unless you spend a lot of time tweaking your hardware and software, your laptop is less secure than this one.

I think, as I explained on slide 14 of this presentation, there’s an important difference to be made between privacy and security. To me, privacy is the reason we put curtains on our windows, and security is the reason we put locks on our doors. Let’s deal with security first. A Computer World article entitled A Chromebook offers Defensive Computing when traveling from 2014 states: 

Without question, a Chromebook is safer than Windows, OS X, Linux, iOS or Android. Security is baked into the design.

To begin with, the operating system, Chrome OS, does not allow software to be installed. Sure, this is annoying if you want to run Skype (not possible), but the flip side is that a malicious email attachment can’t install a virus. Malicious Flash ads on a web page may infect Windows or OS X systems, but Chromebooks are immune, even though Flash is supported.

There’s no executable files to run with Chrome OS and as a result it’s much more difficult for malicious code to take over your system. 

Then there’s privacy. This is the big one for me: two years ago I even ditched GMail for self-hosted webmail and then moved onto, and settled upon, Fastmail. On Chrome OS, just as with the Chrome web browser, by default things such as your browsing history, passwords, credit card information, and more are encrypted and synced using your Google credentials. You can change this, however, as this EFF guide demonstrates. The screenshot below, accessible via the ‘Advanced Settings’ menu, demonstrates how I’ve created a new passphrase, separate from my Google password, to encrypt my data before it is synced:

In addition, I’ve also followed the EFF’s guide to Google Privacy Settings which explains how to opt-out of personalised advertising, location tracking, etc.

If you’re thinking of using a Chromebook as your main device, I think it pays to do some research beforehand. With the dawn of Skype for Web and WebRTC-enabled sites such as appear.in, some of the last objections to being entirely web-based have disappeared. I’m even playing about with apps such as Sandstorm.io as a way to use Open Source sandboxed web apps on a daily basis. Soon, if Cast improves still further, I may be recording, editing, and publishing podcasts via a web app, too!

One of the best resources I found recently on this topic was a Reddit discussion about privacy and Chromebooks. There’s an interesting spread of viewpoints demonstated in this thread, along with a pertinent and thought-provoking comment right at the bottom:

In short, [Chrome OS] pros vastly outweigh its cons in my opinion. My pc is my assistant, and my assistant needs to know me well.

So yes, I’d be theoretically even more secure and private using a different setup. I’ve tried using pure Linux off and on since I was 16, but every time it’s ended up annoying me. So for productivity on-the-go, this Chromebook Pixel, configured in an EFF-approved way, works just great for me. 


Update: this tweet led me to a great Chrome extension that packages up the recommendations made in this post. Even greater privacy and security!