scorecard
  1. Home
  2. tech
  3. Google's change to Chrome's login has ignited debate about whether the move was sneaky

Google's change to Chrome's login has ignited debate about whether the move was sneaky

Greg Sandoval   

Google's change to Chrome's login has ignited debate about whether the move was sneaky
Tech4 min read

Sundar Pichai

Greg Sandoval/Business Insider

Google CEO Sundar Pichai at the 2018 I/O conference.

  • Techies took to message boards, Twitter and their own blogs to debate whether changes Google made to the way people login to Chrome is a privacy threat.
  • Google quietly tucked a new feature into the latest Chrome update that automatically logs in users. 
  • For many years, Chrome allowed users to surf the web via the browser without signing in. Now, if user sign into any of Google's properties, they are signed in to Chrome.
  • Up until Matt Green wrote about the new login requirements, Google had said nothing about it. The company confirmed the change late Sunday night.  

 


Google's surprise change to a privacy setting in its popular Chrome web browser is raising hackles from privacy advocates and some users of the product who say that the company has not been upfront enough.

The change, which was little noticed until a security researcher blogged about it on Sunday night, has left the internet company fighting a familiar criticism: that its appetite for data to fuel its online ad business trumps its concerns about its users.

Matthew Green, a security and cryptography researcher from Johns Hopkins University blogged about the change Google quietly made as part of the browser's latest update, Chrome 69. Green wrote that from now on, when people login in to YouTube, Gmail or any of the company's properties, they will automatically be logged in to Chrome at the same time.

Late on Sunday night, Google responded to the growing controversy by confirming the login change.

This is dramatic change and a possible threat to users' privacy, according to Green.

"Google believes they can make these changes without consequence," said Marc Rotenberg, the president of consumer privacy advocacy group EPIC. "The privacy model is simply broken. Companies are constantly changing the rules of the game."

What's all the fuss about?

For years, Google allowed users of its Chrome browser to surf the web without logging in through a personal Google account. Chrome users didn't have to worry that their web browsing history would be included with the other personal data Google maintains about registered users of its products. For that to happen, a user would have to sign in to Chrome and to consent to a "data sync" between Chrome and the other Google products they use.

Now that Google logs people in to Chrome automatically, managers have  removed one of those steps of protection, Green wrote. What's more, he said, a new and "confusing" sync-consent page, makes it easy for users to mistakenly give up their browsing data to Google.

Eric Lawrence, a former Google employee who worked on Chrome but is now employed by rival Microsoft, said he doesn't see any reason to be alarmed.

"Yes, Chrome has streamlined the opt-in to the browser's "Sync" features, such that you no longer need to individually type your username and password when enabling Sync," Lawrence wrote. "Whether you consider this "Great!" or "Terrible!" is a matter of perception and threat model." 

Lawrence points out that when someone clicks the consent button, they will then get a pop-up that informs them of the information they are agreeing to share with Google.

In that prompt, Google notifies users that the company will collect info from users' "bookmarks, passwords, history and more on all your devices...Google may use content on sites you visit, plus browser activity and interactions to personalize Chrome and other Google services like Translate, Search and ads." 

'My heart skips a beat'

Plenty of people wrote that they don't see this as a benign change, including former Googlers. Michał Zalewski, is a computer security expert and former Google employee. He sided with Green that Google has made Chrome less safe. 

"Don't like to pile on," Zalewski wrote on Twitter, "but I did rely on that as a visual confirmation that the browser is not doing something I didn't want. Now, my heart skips a beat every time I see the profile-switch menu or chrome://settings - and it'd only take one mis-click to actually start syncing."

Jon von Tetzchner, cofounder and CEO of Vivaldi Technologies and the Vivaldi browser, a rival to Chrome. He is also a frequent critic of Facebook and Google's  privacy practices.  In an interview with Business Insider, von Tetzchner said that it's disturbing Google has combined the logins for its properties. He said Vivaldi requires users to sign in and go through a separate process before syncing data and he doesn't believe the login procedures Google has adopted are common practice across the browser business.

"My impression is that Google and Facebook are unique," he said. "They recognize where you've been and what you've done, online and off. They are gradually collecting more and more information about you."

In tweets from Google, the company said that it made the change because of confusion caused when two Chrome users were using the same computer. Their browser data was potentially getting mixed up. Green outlined his skepticism about this in his blog. 

"Google's reputation is hard-earned, and it can be easily lost," Green wrote. "Changes like this burn a lot of trust with users. If the change is solving an absolutely critical problem for users , then maybe a loss of trust is worth it. I wish Google could convince me that was the case."

Get the latest Google stock price here.

READ MORE ARTICLES ON


Advertisement

Advertisement