Google is logging people into Chrome without their consent and it’s pissing everyone off
The latest version of Google Chrome has a nasty new feature that’s just coming to light. No longer is signing into your Google account an option. Instead, every time you log into a Google property, Chrome will automatically sign the browser into your account.
According to Matthew Green, a cryptography expert and professor at Johns Hopkins University, Google’s move “fundamentally changes the sign-in experience,” and not for the better.
In a lengthy post, Green explains four reasons why this is a bad idea for users:
- Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.
- This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
- The change makes a hash out of Google’s own privacy policies for Chrome.
- Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly.
Let’s look at that last point
As Green rightly explains, until now, Google has avoided the negative privacy connotations of collecting large amounts of user data versus a company like Facebook.
“This isn’t because Google collects less data, it’s just that Google has consistently been more circumspect and responsible with it,” he notes.
However, “Google’s reputation is hard-earned, and it can be easily lost. Changes like this burn a lot of trust with users. If the change is solving an absolutely critical problem for users, then maybe a loss of trust is worth it. I wish Google could convince me that was the case.”
A Google engineer responds on Twitter
So, what does Google have to say about this? While no official statement has been made, one Google engineer and manager, Adrienne Porter, did go to Twitter to explain why this is now a thing.
Hi all, I want to share more info about recent changes to Chrome sign-in. Chrome desktop now tells you that you're "signed in" whenever you're signed in to a Google website. This does NOT mean that Chrome is automatically sending your browsing history to your Google account! 1/
— Adrienne Porter Felt (@__apf__) September 24, 2018
You can read the thread by clicking the tweet above, but Porter goes on to say that the changes are to help in a shared device situation, where users think they’re logging out of a content area, but remained logged into Chrome.
Not good enough?
If this all sounds confusing, PC World has published a workaround that blocks the connection between logging in on Google’s Web services and the Chrome browser. It uses an option called “account consistency.”
Here’s a three-step solution to solving the problem:
- Launch Chrome
- Next, type chrome://flags/#account-consistency in the address bar and press enter.
- Set “Identity consistency between browser and cookie jar” to Disabled.
After doing this, the Chrome browser can no longer manage the login process to Google services.
For months, I’ve been suggesting companies like Google and Facebook should begin offering paid subscriptions for the services each provides. It’s clear this probably isn’t going to happen unless the U.S. government steps in and regulates the industry. As it stands, I’m not at all certain personal data is being adequately maintained by either of these companies.
What say you? Let us know below.
- Google confirms it lets third-parties snoop on our emails
- Google alternatives that respect your privacy
- Google sends the Inbox app for Gmail to spam by closing it down next year