Updated on 4 November 2024
It looks like Google is back at rankling privacy-focused people with a product change that appears to limit users’ options. It is definitely easy to miss the fact that you are automatically being logged-in to Chrome even if you are not paying attention.
Chrome 69 released to users on September 5, and you likely noticed that it has a different look. But if you are the type of person who does not like to log in to the browser with your Google account, you may have missed the fact that it happens automatically when you sign-in to a Google service like Gmail.
Previously, users were allowed to keep those logins separate. Members of the message board Hacker News noticed the change relatively quickly and over the weekend, several developers called attention to it.
The Privacy Problem
One issue with rolling out this kind of change without making it clear to users is that people might misunderstand what is happening and assume the worst. Matthew Green, a professor at Johns Hopkins University who teaches cryptography, was offended when he realized what was happening because he has made a concerted effort not to log in through the browser in order to avoid any extraneous collection of his data.
As long as you remain logged out, your browser activity is only stored locally on your machine. When he wrote about his issues with the change, he also worried that Google’s “Sync” feature was automatically being enabled, but it appears that is not the case.
Sync basically uploads your browser history, bookmarks, passwords, and other data to Google in order to sync your preferences across multiple devices and can be turned on and off by a user.
Adrienne Porter Felt, a Google Chrome engineer, stepped in on Twitter to confirm the automatic-login change but said that users still have to manually enable Sync.
Transparency
A spokesperson of the tech giant pointed out to another Twitter thread from Felt in which she explained that this change is intended to prevent multiple users from mistakenly believing they are logged in on a shared device. “In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device,” she wrote.
There is a certain amount of logic to Google’s stated reasoning, but it does not necessarily change the fact that this is something that should have been made clear to users. Felt does have a point that the new Chrome now clearly shows in the upper-right corner which user, if any, is logged in. But Green is correct that Chrome’s privacy policy does not make the new change clear enough, and he says he has been assured that the policy will be updated.
Following the controversy over the auto-login change, Google updated its Chrome privacy policy to add more clarity about the tweak. The changes include tweaking a section title from “Signed-in Chrome mode” to “Signed-in, Synched Chrome mode” as well as the addition of two sentences: “On desktop versions of Chrome, signing into or out of any Google web service (e.g. google.com) signs you into or out of Chrome. Sync is only enabled if you choose.”