Getting Rid of Google Chrome’s RLZ Tracking

If you are Google Chrome user and search on Google from the bar (called “OmniBar”) you might have noticed there’s some odd parameter on the URL.

Apparently, this is called RLZ. Masked part would show something like 5FA3ADH_enUSA3AGE332.

According to Chromium Blog article from Google, it’s:

RLZ: When you do a Google search from the Google Chrome address bar, an “RLZ parameter” is included in the URL. It is also sent separately on days when Google Chrome has been used or when certain significant events occur such as a successful installation of Google Chrome. RLZ contains some encoded information, such as where you downloaded Google Chrome and where you got it from. This parameter does not uniquely identify you, nor is it used to target advertising. This information is used to understand the effectiveness of different distribution mechanisms, such as downloads directly from Google vs. other distribution channels. More information is available in the Google Chrome help center. This cannot be disabled so long as your search provider is Google. If your default search provider is not Google, then searches performed using the address bar will go to your default search provider, and will not include this RLZ parameter.

Looks very innocent. But while this may not identify you, if you are using system like Tor, there is privacy implication as it can potentially link your real IP address with Tor routed ones. Think of the scenario where you Google something, then after you enable routing through Tor, search on Google. Even if you don’t use Tor, if you are on your notebook accessing through different access points, it can be tracked too. (I’m not necessary saying Google will do that, I’m saying they can.)

Investigating further, I have located rlz.h header file as part of Google Chromium project. This does not give out implementation of RLZ feature, but the comment on this file reads the following:

RLZ is a library which is used to measure distribution scenarios. Its job is to record certain lifetime events in the registry and to send them encoded as a compact string at most twice. The sent data does not contain information that can be used to identify a user or to infer browsing habits. The API in this file is a wrapper to rlz.dll which can be removed of the system with no adverse effects on chrome. For partner or bundled installs, the RLZ might send more information according to the terms disclosed in the EULA. In the Chromium build the rlz.dll is not present so all the functionality becomes no-ops.

Interestingly, it seems to indicate that removing rlz.dll causes this feature to be disabled. So I tried that.

I exited Google Chrome and went into C:\Program Files\Google\Chrome\Application\5.0.375.38 (yes, I use beta) and located rlz.dll. I’ve renamed rlz.dll to rlz.dll.bak, so Google Chrome will not find it, and restarted Google Chrome.

Looks like this really did get rid of it.

One note is that I can’t seem to locate equivalent file for Linux installation. Not sure if they are embedded within binary (in which case it is hard to remove) or located elsewhere at the moment. Same goes for Mac version. Mac version might have this file within application bundle.

[Update: Looks like current Linux beta do not have this feature built-in. Not sure about Mac version.]

Another thing to note is, when auto updater on Google Chrome kicks in, you’ll see come this file come back, as it’ll be installed on separate directory under aforementioned Google Chrome directory (5.0.375.xx in case of beta channel). In that case, you can remove newly created rlz.dll, unless Google changes this structure.

[Update: Also, you could just install from google.com/chrome and it will be deactivated. But it is only given if you do not have active Google Chrome installed.]