A bug in Google Toolbar has resulted in the search giant receiving information about users' Web surfing in violation of the product's privacy policy, according to an anti-spyware and privacy researcher. In a report to be released today, Ben Edelman, an assistant professor at Harvard Business School, shows that under certain circumstances the Google Toolbar (versions 6.3 and above) tracks the browser habits of Internet Explorer 8 users who have activated the toolbar's “enhanced features” even when the toolbar is turned off or disabled.
This is problematic since the Google Toolbar is not supposed to transmit your browsing information back to Google when the browser add-on is disabled. The bug does not impact any other browsers such as IE7, Firefox, or Chrome, according to Edelman.
Google confirmed the bug and said that only a tiny number of toolbar users are impacted. A spokesperson for the company said a fix for the toolbar would be pushed out Tuesday and the software would automatically update. Google declined to say how many toolbar users use IE8 and would only estimate the number of all its toolbar users as “hundreds of millions”. The Google Toolbar version 6.3 was introduced in September 2009, according to Google.
Behavior Affects a Subset of Users
IE8 users who enable Google Toolbar's enhanced features Sidewiki and PageRank are affected by the bug, according to Edelman. Google confirmed the information. PageRank allows you to see how Google ranks the importance of particular Web pages. The pages with a higher rank are more likely to appear at the top of Google's search results. Sidewiki is a comment system that lets Google Toolbar users discuss any Web page using a browser sidebar.
Edelman began his tests by disabling the Google Toolbar (with enhanced features enabled) using the red “X” found on the left hand side of the browser window (click above image to enlarge). This action triggers a pop-up asking you if you would like to “Disable the Google Toolbar only for this window” (the default choice) or if you would like to disable the toolbar permanently. If you choose to “Disable Google Toolbar only for this window”, Edelman discovered by using an HTTP packet sniffer that the toolbar continues to send parts of your browsing history to Google.
If you choose to disable the toolbar by selecting the “permanently” option within the “Disabling the Google Toolbar” dialogue box the software performs as expected.
“A fix that doesn't require a browser restart will be available in an automatic update to Google Toolbar that we are pushing tomorrow,” said a Google spokesperson said Monday night.