by
Etienne Liebetrau
A feature that was rolled out to Chrome for iOS a little while back caught my attention. It is called Google Data Saver (aka Google Bandwidth Data Saver) and it does what the name implies. When the feature is enabled, it reduces the amount of data your device downloads to load web pages.
It sounds useful and harmless. Who wouldn't want to save some bandwidth, speed up web browsing, and save on mobile data charges?
Before blindly enabling the feature, read this article to be aware of how Google Data Saver works, as you may have some concerns around its implications on security, privacy and web activity reporting in your organization.
I should also note that Google have since removed Google Data Saver from Chrome for iOS due to a constraint in Apple's current release of iOS, but may add it back in a future version.
It is still supported on Android devices, and users can also enable it on the desktop via a the Data Saver Chrome extension.
The basic premise is that almost all content can be compressed and optimized to transmit over the Internet faster.
Plain text for instance compresses very well, saving in the region of 80%. Images can also be compressed in a variety of ways. The more aggressively you compress the more you start to introduce compression artefacts. The same with audio.
As long as your content is not being distorted, who cares? But for this to work, the content has to be compressed at the source web server, otherwise there is no bandwidth saving.
When Google Data Saver is enabled, Google intercepts your request for the content, forwards it to the web server, intercepts the replied content, compresses it, and then sends it back down to you. This is exactly how a proxy server works.
So basically, Google Data Saver is the innocuous name for what could be called the Google traffic interception and inspection service.
Here is the user friendly explanation Google provides:
How Google Data Saver works
When you're using Data Saver, Google's servers reduce the amount of data that gets downloaded when you visit a webpage. How much data gets saved depends on the type of content on the page. Secure pages (pages that start with https) and incognito pages load without any data savings.
With Data Saver turned on:
- Some websites might not be able to accurately determine your location.
- Some images might look a little fuzzy.
- Internal websites, such as your company’s intranet sites, might not load.
- Sites that your mobile carrier uses to authenticate and bill you might behave unexpectedly. For example, you might have trouble logging in to your mobile phone provider's website.
- Local settings will be ignored if you manually modified your /etc/hosts file.
The information screen states that:
When this feature is turned on, Chrome will use Google servers to compress pages you visit before downloading them. SSL and Incognito pages will not be included.
From tracing the web traffic, I can concur for the moment at least, that this is indeed true and SSL pages are not intercepted or compressed. This makes perfect sense, as inspecting HTTPS traffic comes with the headache of having to resign content.
Since Google are a trusted public Root Certificate Authority, and they control the browser, they could potentially silently decide to start "optimizing" HTTPS content too.
When using Google Data Saver, you trade security, privacy and visibility for marginal optimizations. In my experience, the saving was less than 20%, but this can vary depending on the sites and content you access.
If you are using a corporate firewall or web gateway to control Internet access, it will only see traffic coming and going to the Google Data Saver servers (googlezip.net) for devices with the feature enabled.
Since Google Data Saver uses HTTPS, your own proxy server is typically unable to intercept or inspect it.
This has a direct impact on the effectiveness of features such as URL filtering, website block and allow lists, and QoS.
In simple terms, your proxy becomes blind to the traffic and you lose control over it.
Google already does a vast amount of user tracking while using their search engine and other Google services. Google Data Saver gives them further insight, even when you are not using any Google services directly.
It also means that Google has the ability to change the content that passes through them. On the positive side, they compress it for you. On the nefarious side, they could potentially inject additional tracking code in web content.
Even if Google does not tamper with the data, just the visibility they get from looking at your Internet usage meta data (browsing logs) is valuable to them.
As you can imagine, Google Data Saver can cause havoc with your reporting as well.
Below are two screenshots from an Activity Report I generated using Fastvue Sophos Reporter to illustrate the effects. The first with Google Data Saver turned off, and the second with Google Data Saver turned on.
When accessing fastvue.co with Google Data Saver off, the HTTP content is correctly served from fastvue.co and logged and reported appropriately.
With Google Data Saver turned on, all of the individual HTTP requests are gone, and all you see are HTTPS sessions to https://proxy.googlezip.net
Now you understand how Google Data Saver affects your visibility and control over your web traffic, you may be wondering how you can disable it in your network.
In the screenshot above, you can also see that the traffic is categorized by my web proxy (Sophos UTM) as Anonymizers.
By default, the Anonymizers category is contained with the Criminal Activities category group. Blocking this group will block access to https://proxy.googlezip.net and, in my experience, Chrome will fall back to retrieving the web content from the original source.
This means you can prevent Google Data Saver from working (and masking your network traffic) without negatively impacting your users.
This is the best method of thwarting Google Data Saver as it can be done at the web gateway, with no changes to devices.
If you have access, you can also disable Google Data Saver at the device level. For Android:
For desktops, you will need to disable the Chrome extension.
In order to disable Google Data Saver on the device, you will first need to know which users or devices are currently using Google Data Saver. Fortunately, you can find out easily using Fastvue Reporter. Simply run a report, or create an Alert in Fastvue Reporter filtered by:
URL 'Contains' googlezip.net, datasaver.googleapis.com
The above Fastvue report will show the users and source IPs that are accessing these URLs, along with the firewall actions and policies responsible for allowing or blocking the traffic.
Google Data Saver's method of improving browsing experience is nothing new. Opera browsers have been doing it for years. But with its implementation into Chrome, this is now happening on a much larger scale.
On the positive side, Google Data Saver will save some bandwidth, and Google will also scan for malware on your behalf, but it does come at a cost.
Hopefully this article has shed some light on the topic and you can now make an informed decision whether you would like to use the feature or not.
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
Filtering and Forwarding Sophos UTM Syslog Data with Syslog-ng
Deploying Endpoint Protection with Sophos UTM and Enterprise Console