INSUBCONTINENT EXCLUSIVE:
A new feature in the latest version of Google Chrome that logs users into the browser when they sign in to a Google site has come under
fire.
Until recently, it was the user choice to log-in to the browser
Now, any time that you sign in to a Google site in Chrome 69 — like Google Search, Gmail or YouTube — Chrome will also log you in,
too.
But the changehas left users unclear why the &feature& was pushed on them in the first place
Many security folks have already panned the move as unwanted behavior, arguing it violates their privacy
Some users had good reasons not to want to be logged into Chrome, but now Chrome seems to takes that decision away from the user.
Matthew
Green, a cryptography professor at Johns Hopkins, rebuked the move in a blog post over the weekend, arguing that the new &forced login&
feature blurs the once-strong barrier between &never logged in& and &signed in& — and erodes user trust.
Where Facebook will routinely
change privacy settings and apologize later, Google has upheld clear privacy policies that it doesn''t routinely change,& said Green
&Sure, when it collects, it collects gobs of data, but in the cases where Google explicitly makes user security and privacy promises — it
tends to keep them.
This seems to be changing,& he said.
Google staff defended the change on Twitter, said there was little to worry about
— that the change was designed to only alert the user that they were logged in, and that the browser wouldn''t sync their bookmarks,
browsing history and passwords across deviceswithout permission.
Tying my browsing history to an identity *implicitly* has privacy
implications, even if I somehow avoid the option that uploads this data to Google.
mdash; Matthew Green (@matthew_d_green) September 22,
2018
Green conceded that although Google is not syncing data from the beginning, the user interface makes it difficult to know if browser
data is shared with Google once a user is logged in
The &dark pattern& of the browser logged-in user interface now makes it possible to trick a user into switching on sync by mistake
Once your data is shared, there little a user can do to pull back
Without giving his explicit consent to have his data synced in future, he said Google could later decide, as it did with the &forced login&
feature, to switch on the browser sync feature without telling anyone.
Just because you&re violating my privacy doesn''t make it OK to add a
massive new violation,& he said.
Other security experts agreed with Green, with some promising to switch browsers.
The Chrome guys get a
https://t.co/H1LoY9llho
mdash; Ryan Naraine (@ryanaraine) September 23, 2018
Sadly I noticed I&m logged in to Chrome on my work account
Moving over to Firefox this morning
I agree about the &dark pattern& on the Sync &button&
https://t.co/jO7k1KrktP
mdash; John Graham-Cumming (@jgrahamc) September 24, 2018
Trust is a fickle thing
Chrome isn''t just seen as secure and trustworthy, but many see it as neutral, Green said — a free and open source tool, rather than an
extension of Google other core businesses
By breaking down that &sacred wall& between the two has users rattled — and some wanting to switch from Chrome altogether.
What may have
been a helpful feature on paper to stop users from accidentally using someone else account on a shared computer has blown up in Google faces
— and not because of the decision, but because users weren''t given a choice.
