How to use a Chromebook in a more secure and privacy-respecting way
Last month, I bought a 2013 Chromebook Pixel. Prior to that I’d been using a Lenovo ThinkPad X220 running elementaryOSÂ for around six months and. BeforeÂ that,Â I’dÂ used MacBooks or MacBook Pros since 2006.
MyÂ original intention when buying the Pixel was to use something like Gallium OS, a special distribution of Linux for Chromebooks. Unfortunately, because of the Pixel’s super-highÂ resolution, it was rendered almostÂ unusable. In the last couple of weeks, therefore, I’ve started using Chrome OSÂ as my main operating system. While I’ve got a Mac Mini Server which I use for PlexÂ and recording/editing podcasts, 95% of what I do is now on the Pixel. It’s an amazing device with a great screen.
This news may come across as odd for those who know me as the type of person who is concerned about the privacy and security of the software and hardware I use. After all, I presented on the dangers of government and corporate surveillance at the Indie Tech SummitÂ and, just today, I persuaded my wife that, for privacy reasons, we should ditch TelegramÂ in favour ofÂ SignalÂ by Open Whisper Systems. So how is using a Chromebook as my main device compatible with this? Doesn’t everything I do just get hoovered up and/or monitored by Google?
Well, no, actually. Chrome OS is based on the Open Source Chromium OS, which can be compiled from downloaded source code. It’s essentially Linux. The chances are that, unless you spend a lot of time tweaking your hardware and software, your laptopÂ is less secure than this one.
I think, as I explainedÂ on slide 14 of this presentation, there’s an important difference to be made between privacy and security. To me, privacy is the reason we put curtains on our windows, and security is the reason we put locks on our doors. Let’s deal with security first. A Computer World article entitled A Chromebook offers Defensive Computing when travelingÂ from 2014 states:Â
Without question, a Chromebook is safer than Windows, OS X, Linux, iOS or Android. Security is baked into the design.
To begin with, the operating system, Chrome OS, does not allow software to be installed. Sure, this is annoying if you want to run Skype (not possible), but the flip side is that a malicious email attachment can’t install a virus. Malicious Flash ads on a web page may infect Windows or OS X systems, but Chromebooks are immune, even though Flash is supported.
There’s no executable files to run with Chrome OS and as a result it’sÂ much more difficult for malicious code to take over your system.Â
Then there’s privacy. This is the big one for me: two years ago I evenÂ ditched GMail for self-hosted webmailÂ and then moved onto, and settled upon,Â Fastmail. On Chrome OS, just as withÂ the Chrome web browser, by default things such as your browsing history, passwords, credit card information, and more are encrypted and synced using your GoogleÂ credentials. You can change this, however, as this EFF guideÂ demonstrates. The screenshot below, accessible via the ‘Advanced Settings’ menu, demonstrates how I’ve created a new passphrase, separate from my Google password, to encrypt my data before it is synced:
In addition, I’veÂ also followed the EFF’s guide to Google Privacy SettingsÂ which explains how to opt-out of personalised advertising, location tracking, etc.
If you’re thinking of using a Chromebook as your main device, I think it pays to do some research beforehand. With the dawn of Skype for WebÂ and WebRTC-enabled sites such as appear.in, some of the last objections to being entirely web-based have disappeared. I’m even playing about with apps such as Sandstorm.ioÂ as a way to useÂ Open Source sandboxed web apps on a daily basis. Soon, if CastÂ improves still further, I may be recording, editing, and publishing podcasts via a web app, too!
One of the best resources I found recently on this topic was a Reddit discussion about privacy and Chromebooks. There’s an interesting spread of viewpoints demonstated in thisÂ thread, along with a pertinent and thought-provoking commentÂ right at the bottom:
In short, [Chrome OS] pros vastly outweigh its cons in my opinion. My pc is my assistant, and my assistant needs to know me well.
So yes, I’d be theoretically even more secure and private using a different setup. I’ve tried using pure Linux off and on since I was 16, but every time it’s ended up annoying me. SoÂ for productivity on-the-go, this Chromebook Pixel, configured in an EFF-approved way, works just great for me.Â