Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

The Keys to Keystone

Just swat it.


Get It

Try It

If you're like us, you have an old Mac or two (or three) that just won't be updated.

And using it online becomes problematic, because the default Safari web browser (which otherwise is ergonomically correct) won't keep up. For whatever reason, Safari on Mac gets knocked out sooner than others. And if that happens to you, you might be tempted to try Chrome.

Chrome is relatively resilient when it comes to being out-phased. It'll work for a long time (albeit slowly). But Chrome is a Google product. (And reportedly going to be used by Microsoft. Think about it.) And Google's reputation for being lax about your privacy is well-established. And rock-bottom.

One thing that's really irksome about Chrome is its secret - hidden - Keystone module. You're not going to find it on disk before you launch - it 'unravels' at runtime. But you should find a 'KeystoneRegistration.framework/Resources/Keystone.tbz' buried in there somewhere. It's insidious.

A quick DDG turns up two good links.

https://www.macobserver.com/tmo/article/how-manage-the-secret-software-that-google-chrome-installs
https://applehelpwriter.com/2014/07/13/how-to-remove-googles-secret-update-software-from-your-mac/


The first approach (TMO) is more timid, the latter more 'down to business'. John at TMO doesn't want to be too rough on the app. There's a lot of interesting info on what's going on, but the remedy suggested isn't all that appealing. He does mention this command however:

defaults read com.google.Keystone.Agent

If you get a response to that command, you might be in trouble. Keystone keeps a good eye on you. And John suggests this as a 'final' remedy.

defaults write com.google.Keystone.Agent checkInterval 0

Which might be sufficient if that's the only evil thing Chrome is up to.

John's final words are a total cop-out:

Some observers have reacted strongly to this surreptitious installation of auto-updater, but in this era of constant security updates, knowledge of the software and the means to manage it is a better course than a hasty scrubbing.

The key is that Chrome is more than surreptitious: it really wants to stay on your system, no matter what. Think about it: you're not told about it. Think how it expands on disk at runtime. There's something called mens rea...

Phil Stokes is less afraid.

In developer circles, this is considered very shady practice. Users should be asked for consent and informed when software makes changes to either itself or the user's computer, and ideally those notifications should tell the user what has been changed and how the changes could impact them.

Of course. Phil almost falls short on remedies like John. Almost. Watch and enjoy.

You have two options. You can either disarm it or you can nuke it.

A few graphs later:

Nuking the Google Updater is a bit more complex. You'll want to run some uninstaller commands, and then you'll want to go and clear up the crud that is still left behind. And before you can do either of those, you need to find out where it's hiding. So, we have a three-step process.

His three steps are:

1. Locate Google Updater
2. Run the uninstaller commands
3. Clear up the crud

This is all very sound advice, and it's this attitude you should have when dealing with unwanted guests. But there's a better, more flexible way.

Assuming you don't have Tracker, you take the fruits of the local talent here. Then there's one more series of steps you need to do.

1. Launch Disk Utility.
2. Poise your file manager at /private/tmp.
3. Launch Chrome. (Don't sign in.)
4. Check Disk Utility. Eject the new Chrome entries.
5. Find (and delete) five (5) Chrome items in /private/tmp.
6. Surf away.
7. On exit, expand the following with full paths and run it.

echo Cleaning Chrome shite...;echo;rm -fr /private/tmp/.keystone_install_lock;rm -fr /private/tmp/KSOutOfProcessFetcher*;sudo rm /private/var/db/BootCaches/*/app.com.google.Chrome.playlist;rm -fr ~/Library/Application\ Support/Google;rm -fr ~/Library/Caches/com.google.Chrome;rm -fr ~/Library/Caches/Google;rm -fr ~/Library/Caches/ksfetch;rm -fr ~/Library/Google;rm -fr ~/LaunchAgents/com.google.keystone.agent.plist;rm -fr ~/Library/Preferences/com.google.Chrome.plist;rm -fr ~/Library/Preferences/com.google.Keystone.Agent.plist;rm -fr ~/Library/Caches/com.google.Keystone;rm -fr ~/Library/Caches/com.google.Keystone.Agent;rm -fr ~/Library/Caches/com.google.SoftwareUpdate;rm -fr ~/Library/LaunchAgents/com.google.keystone.agent.plist;rm -fr ~/Library/Preferences/com.google.Keystone.Agent.plist;echo;echo done.

Or line for line:

echo Cleaning Chrome shite...
echo
rm -fr /private/tmp/.keystone_install_lock
rm -fr /private/tmp/KSOutOfProcessFetcher*
sudo rm /private/var/db/BootCaches/*/app.com.google.Chrome.playlist
rm -fr ~/Library/Application\ Support/Google
rm -fr ~/Library/Caches/com.google.Chrome
rm -fr ~/Library/Caches/Google
rm -fr ~/Library/Caches/ksfetch
rm -fr ~/Library/Google
rm -fr ~/LaunchAgents/com.google.keystone.agent.plist
rm -fr ~/Library/Preferences/com.google.Chrome.plist
rm -fr ~/Library/Preferences/com.google.Keystone.Agent.plist
rm -fr ~/Library/Caches/com.google.Keystone
rm -fr ~/Library/Caches/com.google.Keystone.Agent
rm -fr ~/Library/Caches/com.google.SoftwareUpdate
rm -fr ~/Library/LaunchAgents/com.google.keystone.agent.plist
rm -fr ~/Library/Preferences/com.google.Keystone.Agent.plist
echo
echo done.

You might need more, you might need less. If you don't have Tracker and don't want to use the free version, then get chummy with the 'find' command. Check out:

-Bnewer, -newerBm, -anewer, -neweram, -cnewer, -newercm, -mnewer, -newer.

But especially -newerXY.

True if the current file has a more recent last access time (X=a), inode creation time (X=B), change time (X=c), or modification time (X=m) than the last access time (Y=a), inode creation time (Y=B), change time (Y=c), or modification time (Y=m) of file. In addition, if Y=t, then file is instead interpreted as a direct date specification of the form understood by cvs(1). Note that -newermm is equivalent to -newer.

But if that seems too convoluted (and it is) then stick with Tracker (at least the freebie version).

That should about cover it all. Chrome namely mounts a drive in a temporary directory. You just want to get it out of the way.

You might find that Chrome is faster if you set the 'checkInterval' to 0, as above. Count on it being pretty slow anyway, as it's busy doing a bunch of stuff you don't like.

But at least it'll work on older Macs where Safari runs for it.

And be grateful you have a modicum of control: tappers don't have that. Good luck!

PS. As for being 'evil', per a URL cited at an article above: both Apple and Google are on the PRISM train. Anything you put in the cloud with them will be shared by many.

PPS. Check this out just in cases - it's from July last year. Some fancy shellwork there.

https://applehelpwriter.com/2017/07/23/terminal-tricks-for-defeating-adware/

PPPS. Or just hunt down the Keystone framework in the bundle and just rename it. You should find it at:

Chrome.app/Contents/Versions/.../Google Chrome Framework.framework/Frameworks

That's all. Should work nicely. YMMV. And if it does work and you want the disk free space: remove it.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.