How to Configure Google Apps to restrict tracking, disable syncing, and block sites

The Electronic Frontier Foundation claims Google tracks students. Andy Wolber suggests that Google gives administrators the ability to block sites, sync, and tracking-and shows you how.

In December 2015, the Electronic Frontier Foundation (EFF) asserted that Google tracks the online activity of students that use Chromebooks. The EFF complaint alleged, in part, that “Google’s unauthorized collection, maintenance, use and sharing of student personal information beyond what is needed for education, constitutes unfair or deceptive practices…”

As a Google Apps administrator, the EFF’s assertion puzzled me. I know that an administrator can configure hundreds of Google Apps settings. And, an administrator may choose settings that severely restrict what a logged in user can do. The restrictions can be so severe that they destroy much of the value offered by the web. For example, setting the system to block all images, or not allowing any site to run JavaScript.

So, I logged in to my Google Admin panel to look for settings that would allow me to prevent my users’ activity from being tracked, synced, or saved. I found plenty of options. The choices listed below struck me as the most obvious. I listed the items roughly in order of impact—those listed first deliver the greatest protection from tracking. Combined, these changes create a very constrained online experience.

To be clear, I don’t recommend you configure your Google Apps setup with the following settings. You can end up with a browser that consistently has no idea who you are, where you’ve been, and what choices you prefer. But, the settings are all there and available for any Google Apps administrator to configure.

My review confirmed —at least to my satisfaction—that Google gives an administrator the tools necessary to lock down and limit user information leakage. They’re worth a review and a discussion should any parent—or employee—express concerns similar to those shared by the EFF.

1. Block any URL

Add any URL to this list, and you’ll block access for logged in users. If a specific site presents a tracking concern, configure this setting to prevent both use and tracking. When a student can’t visit a site, the site can’t track the student.

(Navigate to Apps > Additional Google services > Chrome Management > User Settings > URL Blocking.)

Google allows an administrator to block access to any site for logged-in users. This prevents both access and tracking of users by any site or company that causes concern.

2. Limit YouTube use to approved videos

With this setting, you can allow people to view only YouTube videos approved by an administrator. For schools that use Google Classroom, an administrator may allow teachers to add videos to the “approved” list.

(Apps > Additional Google services > YouTube > Content Settings > Setup > Select “Signed in users in your organization can only watch restricted and approved videos.” Schools using Google Classroom can add approvers in Content Settings > Special approvers > Select “Verified Google Classroom teachers can approve videos.”)

An administrator may block access to YouTube for some or all logged-in users. In a school setting, teachers may select and allow specific YouTube videos to be viewed.

3. Disable Chrome Sync

Chrome Sync stores bookmarks, settings, user data, and (optionally) passwords, then retrieves those settings when a person logs in on another system. This feature can be turned off for all users, or for any subset of people within a Google Apps organizational unit.

(Apps > Additional Google services > Google Chrome Sync > select the vertical three-dot menu to the right of the title > Choose “OFF” or “On for some organizations”.)

4. Block cookies

Prevent sites from setting cookies—ever.

(Apps > Additional Google services > Chrome Management > User Settings > Cookies > Change the Default Cookie Setting to “Never allow sites to set cookies”. Other options permit cookies to be set only for the session, and/or only by specified sites.)

A separate setting allows you to block all third-party cookies, which are cookies set by a site other than the one the user visits.

(Apps > Additional Google services > Chrome Management > User Settings > Third-Party Cookie Blocking > Change to “Disallow third-party cookies”)

5. Block ads (and more)

An administrator may choose to auto-install apps or extensions from the Chrome Web Store for logged in users. For example, an administrator could install an extension to block ad networks and tracking services, including Google’s own ads. Of course, Google’s ads already will not display on any Google Apps for Education site for logged in users.

(Apps > Additional Google services > Chrome Management > Force-installed Apps and Extensions > Select and configure “uBlock Origin” or another ad-blocker of your choice.)

6. Block location detection

Some sites, like weather sites, attempt to determine the location of a system. You can block attempts to detect location.

(Apps > Additional Google services > Chrome Management > Geolocation > Change to “Do not allow sites to detect users’ geolocation”.)

7. Block services

Chrome includes services intended to correct typing mistakes and improve speed. For these services to work, the browser provides some information to Google. If you’d prefer otherwise, disable the spell check service and turn off DNS pre-fetch.

(All of these are in Apps > Additional Google services > Chrome Management. Modify Spell Check Service to “Disable the spell checking web service” and change DNS pre-fetching to “Never pre-fetch DNS.”)

8. Change search provider

By default, Chrome searches with Google when you type in the Omnibox. If you’d prefer to prevent your search data from going to Google, select another search provider.

(Apps > Additional Google services > Chrome Management > Omnibox Search Provider > change to another search provider, such as You may also want to change Search Suggest to “Never allow users to use Search Suggest.”)

Google allows administrators to choose

Again, I don’t recommend you make all of the above changes. I do encourage each Google Apps administrator to select settings appropriate to the needs and policies of the organization.

Google allows administrators to choose settings that block sites, sync and tracking. I think that should be recognized and applauded.



Don’t worry if you’re still hauling around an iPhone 4s — you’re just kinda dated, but not obsolete. Plus, you can still play 2048. But for nearly 40 million other people, there’s reason to finally upgrade from that LG Chocolate or Motorola Razr: the most popular sites on the Internet just won’t work anymore.

Buzzfeed reports forthcoming changes to the encrypted web — namely to big sites like Facebook, Twitter, and Google — will not be compatible with phones more than 5 years old as of January 1. While this doesn’t pose a problem for most city slickers and their fancy-pants phablets and smartphones, it does pose a problem to residents of the developing world, and your Great Uncle Frank, who stands by his Sidekick because of its durability.

“The problem is that people across the world, most of them in the developing world, use old phones or desktops that don’t update themselves, and they won’t be able to access the internet,” Matthew Prince, CEO of CloudFlare, told Buzzfeed News. “For the developing world, on average, 4 to 5% of visitors will simply be cut off.”

While that sounds like a minor percentage, it extrapolates out to about 37 million people worldwide, with the hardest-hit regions including China, the Middle East, and parts of East Africa — more than 6% of people in China, in fact.

If you’re not a tech wonk, the simplest explanation why is this: the current technology that creates that https (as opposed to http) and the green lock that signals a secure connection on your browser has been deemed outdated and unsafe from cyber attacks. The web is shifting toward an updated version of secure encryption to make your browsing more secure. But sites like CloudFlare and Facebook have suggested the deadline of January 1 for the new encryption is hasty and will discard millions of people who don’t have a choice in their Internet-enabled devices.

In a post responding to the impending changes, Facebook’s Chief Security Officer Alex Stamos expressed the social monolith’s belief in inclusiveness, regardless of outdated web hardware.

“We hope that we can find a way forward that promotes the strongest encryption technologies without leaving behind those who are unable to afford the latest and greatest devices.

TL;DR: you’re probably fine. But now might be a good time to get Great Uncle Frank a stocking stuffer to replace that Sidekick.

Intellectual Shaman

Poetry for Finding Meaning in the Madness

Yolanda - "Det här är mitt privata krig"

Kreativ text, annorlundaskap, dikter, bipolaritet, Aspergers syndrom, samhällsdebatt


Your Source For The Coolest Science Stories

The Alchemist's Studio

Raku pottery, vases, and gifts

que dibujan lagartos

por José Nava


dedicated to everyone who wonders if i'm writing about them. i am


What if you spent every day looking for One Beautiful Thing?

The Godly Chic Diaries



New content every Sunday.


Astral Lucid Music - Philosophy On Life, The Universe And Everything...

The Average Joe