A new feature in the latest version of Google Chrome that logs users into the browser when they sign in to a Google site has come under fire.
Until recently, it was the user’s choice to log-in to the browser. Now, any time that you sign in to a Google site in Chrome 69 — like Google Search, Gmail or YouTube — Chrome will also log you in, too.
But the change has left users unclear why the “feature” was pushed on them in the first place. Many security folks have already panned the move as unwanted behavior, arguing it violates their privacy. Some users had good reasons not to want to be logged into Chrome, but now Chrome seems to takes that decision away from the user.
Matthew Green, a cryptography professor at Johns Hopkins, rebuked the move in a blog post over the weekend, arguing that the new “forced login” feature blurs the once-strong barrier between “never logged in” and “signed in” — and erodes user trust.
“Where Facebook will routinely change privacy settings and apologize later, Google has upheld clear privacy policies that it doesn’t routinely change,” said Green. “Sure, when it collects, it collects gobs of data, but in the cases where Google explicitly makes user security and privacy promises — it tends to keep them.”
“This seems to be changing,” he said.
Google staff defended the change on Twitter, said there was little to worry about — that the change was designed to only alert the user that they were logged in, and that the browser wouldn’t sync their bookmarks, browsing history and passwords across devices without permission.
Tying my browsing history to an identity *implicitly* has privacy implications, even if I somehow avoid the option that uploads this data to Google.
— Matthew Green (@matthew_d_green) September 22, 2018
Green conceded that although Google is not syncing data from the beginning, the user interface makes it difficult to know if browser data is shared with Google once a user is logged in. The “dark pattern” of the browser’s logged-in user interface now makes it possible to trick a user into switching on sync by mistake. Once your data is shared, there’s little a user can do to pull back. Without giving his explicit consent to have his data synced in future, he said Google could later decide, as it did with the “forced login” feature, to switch on the browser sync feature without telling anyone.
“Just because you’re violating my privacy doesn’t make it OK to add a massive new violation,” he said.
Other security experts agreed with Green, with some promising to switch browsers.
The Chrome guys get a lot right. This isn’t one of them. https://t.co/H1LoY9llho
— Ryan Naraine (@ryanaraine) September 23, 2018
Sadly I noticed I’m logged in to Chrome on my work account. Moving over to Firefox this morning. I agree about the “dark pattern” on the Sync “button”. https://t.co/jO7k1KrktP
— John Graham-Cumming (@jgrahamc) September 24, 2018
Trust is a fickle thing. Chrome isn’t just seen as secure and trustworthy, but many see it as neutral, Green said — a free and open source tool, rather than an extension of Google other core businesses. By breaking down that “sacred wall” between the two has users rattled — and some wanting to switch from Chrome altogether.
What may have been a helpful feature on paper to stop users from accidentally using someone else’s account on a shared computer has blown up in Google’s faces — and not because of the decision, but because users weren’t given a choice.