Slashdot Mirror
Google Secretly Logs Users Into Chrome Whenever They Log Into a Google Site (zdnet.com)
Catalin Cimpanu, writing for ZDNet: Starting with Chrome 69, whenever a Chrome user would access a Google-owned site, the browser would take that user's Google identity and log the user into the Chrome in-browser account system -- also known as Sync. This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google's servers. Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google's servers, data that may be tied to their accounts.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
...chrome 69 sucks, right?
On the one hand, yeah, blech.
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
This isn't really news. Chrome has sent more information to Google than other browsers for ever. Why people use it is beyond me.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
I'm looking forward to let my employer know about my porn preferences when Chrome decides to start synchronizing my bookmarks and history.
Probably something the Chinese government demanded they do.
Switched to Firefox.
Google uses proprietary bullshit to make Youtube and Gmail only work well on Chrome, so I had to abandon those as well.
So how does that work
Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers.
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Why doesn't Google just come out and say it. They're sucking up every bit of your information to sell to someone. This death by a thousand cuts is so last decade.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Go to chrome://flags//#account-consistency, switch Account Consistency option to disabled.
I wonder if this applies to Chromium also.
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
Package that evil up.
And sell it.
To the Chinese Communists!
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
Definitely. One of the reasons I don't use or install Chrome even though I do use some Google services. I use Firefox in part because it's the only one of the major browsers to not be owned by a major tech company. Chrome seems to work fine but compared with Firefox it's at more or less a dead heat technically speaking and performance-wise (for my purposes anyway) so why tie myself tighter to Google than absolutely necessary? That's not an argument that Firefox is perfect (it isn't) but it seems to be the least worst option in this regard.
"In the rest of this post, Iâ(TM)m going to talk about why this matters. "
What he actually posted was:
"In the rest of this post, I’m going to talk about why this matters."
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
Honestly I think Facebook wins the current edition of the Evil Olympics among tech companies. But maybe Google is just a sneakier player and unfortunately the two of them combined are really hard to avoid if you give half a shit about your privacy. I don't have a Facebook account but I'd be truly shocked if they don't maintain some sort of profile about my activities on the web. I block what I can but it's hard to stop them entirely.
Any company in a position of power is likely to abuse that power to some degree. IBM did, Microsoft did, and the list goes on. Trust them at your peril.
I understand, the herd is attracted to shiny objects and then tries to find someone to blame. Didn't your mum teach you that not everything that glistens is gold. Go ask her, she is upstairs ironig your spiderman costume.
To watch netflix and amazon. I downloaded palemoon and use it for basic web access. Google has grown to large to keep from becoming 'evil'.
Now, as long as it makes them a buck and increases their huge cache of customer info, there's pretty much nothing they won't sink to.
Distrust of them is why I've avoided Chrome.
Chas - The one, the only.
THANK GOD!!!
Screw Google.
My issue with this is that the behvior persists when you clear cookies. Work computer for no good reaosn disabled incognito mode, so I was clearing cookies. This no more. Fuck google. back to IE.
Google IP to block in firewall:
64.68.90.0/24
64.233.173.0/24
66.249.64.0/20
216.239.32.0/19
64.233.160.0/19
66.102.0.0/20
66.249.64.0/19
72.14.192.0/18
74.125.0.0/16
209.85.128.0/17
216.239.32.0/19
FB is a clumsy toddler in evilness compared to Google.
Perhaps. Facebook is definitely more blatant about their evil. Google is harder to avoid. Both companies have WAY too few restrictions on what they can do with data about basically everyone.
Not trust because they keep screwing us over and dictating what we do with "our" devices. Telemetry/Data Theft needs to stop. Time for a law.
Switched to Safari for professional shit, and Brave for porn. Chrome can kiss my ass.
Both charged the Russians while running their own campaigns. I find that incredibly elegant. .
Sync? More like STINK.
Just like Wikipedia was lost when the deletionists and and revert-happy admins took over, Mozilla lost when they dropped XUL in return for Google money. Now we are losing Linux with the CoC. Eventually we we will lose all our technical nice things and live in a Googledrome where we are naked online with everything we do is tracked, from porn habits to thoughtcrimes.
Now suck Google's cock.
I was glad I weened myself off all things Google a long time ago. Most who still use Google products either don't care, or are just clueless and have no interest in knowing what Google does. The remarkable thing is, there are better choices out there for browsers. Chrome is not even a good browser anymore.
and don't sign up for Mozilla Sync either. Many of the plugins for Chrome now work in, or have versions for, Firefox because the plugin engine is similar. If you avoid Mozilla's sync they won't get much of your personal information.
Yes, I am removing the Chrome browser from all of my devices. I can't not login to Google because they currently host my email and other cloud presence. I figured that something was up because the login switcher has been acting erratically. I would have to clear cookies for the past (hour,4 hours, etc..) to switch between accounts. Several people have already noted that this move was just evil/greed. So, for the sake of .005% improvement on tracking accuracy and data quality they have really pissed me off.
Disappointed, very disappointed.
So done with Google.
I fail to see where the "news" element is. I was never under the impression that "logging into a Google site" wasn't also "logging you into Chrome" at the same time. Not sure why anyone would ever have been under the impression there might even have been a distinction to be made. You log into a Google site through a Google browser that asks you to login (and if you don't, nags you constantly to do it). You know, from the company that sucks in *everything*? Why would it *not*, as soon as you provide your credentials? Sheesh.
Wait... Chrome didn't always do this? I just assumed, from the first day I saw a coworker "log in" to the browser (a concept that made no sense to me at all) it was just a way to automatically log you in to Google's services. Today, I have to use it because developers around me make web apps that only work on Chrome! It's becoming like the IE fiasco from the early 2000's all over again.
Chrome exists solely for the purpose of furthering Google's marketing efforts. While everyone is vilifying Apple and Microsoft, Google has quietly obtained control of the OS (Android), the browser (Chrome), search (Google), advertising (Adsense), and the web (Amp). The biggest advertiser on the planet has your phone numbers, your texts, your emails, recordings of your voice, ...
Google didn't create Chrome because they needed a browser, or they wanted to optimize JavaScript, or they needed a debugger. They wanted client-side control of your machine, and it took a browser and an OS to do that.
Geeks need to go back to Firefox. It isn't made by an OS vendor or an advertising agency, it doesn't snoop on you, and it is completely open source.
Sorry I can't be as tin-foil hat as the rest of you, but let me tell you how this affected me.
My PC at home is used by all my family. We pop in and out of Gmail users 100 times a day. However my browser always stayed logged in as the primary user, which affected how the extensions worked, among other things.
Recently that all changed and everytime someone would log out of email it would log me out of the browser. (Actually it would say 'Paused' but since you had to log back in to un pause it, it's pretty much the same thing.)
Interestingly, I never noticed it logging into the browser as these other Gmail accounts. It would only log the primary account out.
--Welcome to the Realm of the Hawke--
Let's be assholes
Meanwhile your president and republicans in the congress are raping the country in broad day light. So go fix the priorities and stop this phony outrage about Google. Google already knows what needs to know about you. You are using a Google Product(Chrome) to login to a Google Service.
Yeah for a few days, then they will slyly remove the option as they have always done.
Add it to the growing list of things we have to configure when installing chrone
Getting to be more and more like the Windows user experience
It's not "logging you in to Chrome" - it's just showing you a reminder of what user is logged into Google services...
https://9to5google.com/2018/09/24/google-chrome-automatic-track-version-69/
'Nuff said.
As far as I know, Microsoft doesn't sell my data. I'm a Microsoft customer. I give them money, and they give me software. Google's customers are its advertisers.
I don't respond to AC's.
So which one of my 15 Google ids does it use?
To big for our freedoms to survive.
Some of us truly don't give a fuck. You guys didn't get the memo about the web + javascript becoming a honeypot around year 2000.
"Google, we're not evil. Well, no more than any other company...."
Beware of Sales Reps bearing gifts.
its not really 69 when we are the only ones giving oral, google. and let go of our heads we need air.
Which tech company is more insidious than 90s era Microsoft: Google? Facebook, Twitter? Amazon? Tesla? They make Gates and Ballmer look like rank amateurs, and that's saying something.
The claims here are misleading at best and deliberately incorrect at worst.
For a clear explanation (with pictures) of what has changed, see https://textslashplain.com/2018/09/24/chrome-sync/
Firefox. It's actually a very high-performant web browser. Throw in Ghostery, uBlock Origin, and Tampermonkey in the mix and you've got the best web browsing experience available without any privacy violations.
"Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly."
I don't think, relatively speaking, that many of us are Google's customers. Most of us are just food on the menu.
Does Chromium pull this garbage too? Not that I log into any Google services anyway.
The really silly part is that there are probably more people who like this because it saves them time and effort logging in all the time than there are people who are outraged.
Very minor issue which will benefit many people. Only IT nerds will be "up in arms" with this "massive privacy breach".
Happened to me, lost all my local bookmarks as a result, but I can recover. Have been using Brave browser intermittently, but now doing most of my browsing using Brave. Don't miss anything, great privacy features
They laughed at me when I told them use Mosaic. Who laughing now?!?
Honestly, the logic of this change is pretty reasonable. Mostly it just makes the background behavior more visible.
Previously, if I had gone onto somebody else's machine and decided to log in to check my e-mail while I was on their machine, and failed to do so in incognito mode, then they could hop onto their machine and look not only at my e-mail, but also my calendar, my Drive, and everything else I have related to Google. There would be nothing in the UI to tell me about this behavior at all.
Making it clear that this login was persistent would at least give me another opportunity to realize that I should log out before leaving the computer (or at least remind me that I should have logged in using incognito mode instead). I just wish there was an easy way to make other logins more visible (this is likely infeasible).
If this change has effects beyond simply making the login more visible (such as clearing out local bookmarks or settings), then those should, in my mind, be reported as bugs.
I stopped using chrome and trying to get away from all google services. If i have to access it, i use container in Firefox to avoid google login to be used for all my other browsing.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
Shocking how many people don't understand that Google/Chrome users are not Google's customers. They are what is being sold to Google's actual customers.
You could use Chromium or Vivaldi and be even less corporate influenced, but still chrome compatible.
Maybe but I don't care at all about compatibility with Chrome and don't see any particular value in that. I want a web browser that works on the sites I visit, is cross platform, has strong privacy controls, is actively developed, and isn't a security train wreck. Edge and Safari are out for me since they are one platform only and one company only. I don't really trust the various forked browsers related to Chrome and Firefox and other "minor" browsers to remain viable and supported long term though I'm glad they exist. So the only real options for me are Chrome and Firefox and I choose Firefox because it's less tied to a single for-profit corporation plus I'm used to it and have been using it a long time. It's not that I hate Chrome but I don't 100% trust Google's interests to align with my own. A little diversity of platform can be a good thing.
Over the years, Google has paid Mozilla in excess of $2 Billion. If you don't think Google "owns" Mozilla, you are delusional.
And they've also received upwards of a billion from Yahoo who last I checked was decidedly not owned by Google. I'm aware of the funding but the difference is that Mozilla can and does get funding from other sources. So my choices are 100% Google owned (Chrome) or something less than 100% Google financed (Firefox). I'll take the later option thanks. Mozilla is it's own entity and that counts for something even if it isn't as much as one would hope.
i noticed this long ago, it was very convenient... they also automatically turned on my photos backing up to google drive on my phone. now i have more space HD space. thanks google!
I would think that this is a huge security hole. What if I walk up to a public terminal, read my gmail and then leave? Now the browser is logged into my chrome sync account? The next guy gets to use my spankme.xxx bookmarks?
https://twitter.com/ctavan/status/1044282084020441088
Seems like Google respects the cookie settings - except for Google cookies.
The Opera buyers from China, led by search and security firm Qihoo 360, are purchasing Opera's browser business, its privacy and performance apps, its tech licensing and, most importantly, its name. The Norwegian company will keep its consumer division, including Opera Apps & Games and Opera TV. The consumer arm has 560 workers, but the company hasn't said what will happen to its other 1,109 employees.
I don't have that shit installed. I need a browser that won't choke on 200 open tabs, so a browser that can't even handle 5 open tabs is a non starter.
Why so many tabs? BECAUSE