In December 2015, the Electronic Frontier Foundation (EFF) asserted that Google tracks the online activity of students that use Chromebooks. The EFF complaint alleged, in part, that “Google’s unauthorized collection, maintenance, use and sharing of student personal information beyond what is needed for education, constitutes unfair or deceptive practices…”
So, I logged in to my Google Admin panel to look for settings that would allow me to prevent my users’ activity from being tracked, synced, or saved. I found plenty of options. The choices listed below struck me as the most obvious. I listed the items roughly in order of impact—those listed first deliver the greatest protection from tracking. Combined, these changes create a very constrained online experience.
To be clear, I don’t recommend you configure your Google Apps setup with the following settings. You can end up with a browser that consistently has no idea who you are, where you’ve been, and what choices you prefer. But, the settings are all there and available for any Google Apps administrator to configure.
My review confirmed —at least to my satisfaction—that Google gives an administrator the tools necessary to lock down and limit user information leakage. They’re worth a review and a discussion should any parent—or employee—express concerns similar to those shared by the EFF.
1. Block any URL
Add any URL to this list, and you’ll block access for logged in users. If a specific site presents a tracking concern, configure this setting to prevent both use and tracking. When a student can’t visit a site, the site can’t track the student.
(Navigate to Apps > Additional Google services > Chrome Management > User Settings > URL Blocking.)
2. Limit YouTube use to approved videos
With this setting, you can allow people to view only YouTube videos approved by an administrator. For schools that use Google Classroom, an administrator may allow teachers to add videos to the “approved” list.
(Apps > Additional Google services > YouTube > Content Settings > Setup > Select “Signed in users in your organization can only watch restricted and approved videos.” Schools using Google Classroom can add approvers in Content Settings > Special approvers > Select “Verified Google Classroom teachers can approve videos.”)
3. Disable Chrome Sync
Chrome Sync stores bookmarks, settings, user data, and (optionally) passwords, then retrieves those settings when a person logs in on another system. This feature can be turned off for all users, or for any subset of people within a Google Apps organizational unit.
(Apps > Additional Google services > Google Chrome Sync > select the vertical three-dot menu to the right of the title > Choose “OFF” or “On for some organizations”.)
4. Block cookies
Prevent sites from setting cookies—ever.
(Apps > Additional Google services > Chrome Management > User Settings > Cookies > Change the Default Cookie Setting to “Never allow sites to set cookies”. Other options permit cookies to be set only for the session, and/or only by specified sites.)
A separate setting allows you to block all third-party cookies, which are cookies set by a site other than the one the user visits.
(Apps > Additional Google services > Chrome Management > User Settings > Third-Party Cookie Blocking > Change to “Disallow third-party cookies”)
5. Block ads (and more)
An administrator may choose to auto-install apps or extensions from the Chrome Web Store for logged in users. For example, an administrator could install an extension to block ad networks and tracking services, including Google’s own ads. Of course, Google’s ads already will not display on any Google Apps for Education site for logged in users.
(Apps > Additional Google services > Chrome Management > Force-installed Apps and Extensions > Select and configure “uBlock Origin” or another ad-blocker of your choice.)
6. Block location detection
Some sites, like weather sites, attempt to determine the location of a system. You can block attempts to detect location.
(Apps > Additional Google services > Chrome Management > Geolocation > Change to “Do not allow sites to detect users’ geolocation”.)
7. Block services
Chrome includes services intended to correct typing mistakes and improve speed. For these services to work, the browser provides some information to Google. If you’d prefer otherwise, disable the spell check service and turn off DNS pre-fetch.
(All of these are in Apps > Additional Google services > Chrome Management. Modify Spell Check Service to “Disable the spell checking web service” and change DNS pre-fetching to “Never pre-fetch DNS.”)
8. Change search provider
By default, Chrome searches with Google when you type in the Omnibox. If you’d prefer to prevent your search data from going to Google, select another search provider.
(Apps > Additional Google services > Chrome Management > Omnibox Search Provider > change to another search provider, such as DuckDuckGo.com. You may also want to change Search Suggest to “Never allow users to use Search Suggest.”)
Google allows administrators to choose
Again, I don’t recommend you make all of the above changes. I do encourage each Google Apps administrator to select settings appropriate to the needs and policies of the organization.
Google allows administrators to choose settings that block sites, sync and tracking. I think that should be recognized and applauded.