Slashdot Mirror
Google Secretly Logs Users Into Chrome Whenever They Log Into a Google Site (zdnet.com)
Catalin Cimpanu, writing for ZDNet: Starting with Chrome 69, whenever a Chrome user would access a Google-owned site, the browser would take that user's Google identity and log the user into the Chrome in-browser account system -- also known as Sync. This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google's servers. Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google's servers, data that may be tied to their accounts.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
This isn't really news. Chrome has sent more information to Google than other browsers for ever. Why people use it is beyond me.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers.
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Why doesn't Google just come out and say it. They're sucking up every bit of your information to sell to someone. This death by a thousand cuts is so last decade.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Go to chrome://flags//#account-consistency, switch Account Consistency option to disabled.
And how do you know that works?
Because Google's software said so?
"Yep! We pinkie-promise that we're not snooping on you now!"
Indeed it does. Just last night Chrome auto-updated itself to 69. I was running an older version for two or three years (had very good reasons to) and had all the auto-update garbage turned off, developer mode turned on, and the like. I rebooted my machine, and out of nowhere was this candy coated new Apple-like interface.
This is when I immediately uninstalled Chrome, filled in their "survey" that it automatically takes you to, and installed Firefox. I was very pleased to see that Firefox gives you the option off the bat to use an address bar as an address bar. There's nothing like a bait and switch "feature" hijacking all your address data, phoning home under the guise of offering lame suggestions, and performing a search if you mistyped and didn't get a FQDN right.
I won't be going back any time soon.
Google: Be Evil. (TM)
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
Honestly I think Facebook wins the current edition of the Evil Olympics among tech companies. But maybe Google is just a sneakier player and unfortunately the two of them combined are really hard to avoid if you give half a shit about your privacy. I don't have a Facebook account but I'd be truly shocked if they don't maintain some sort of profile about my activities on the web. I block what I can but it's hard to stop them entirely.
Any company in a position of power is likely to abuse that power to some degree. IBM did, Microsoft did, and the list goes on. Trust them at your peril.
FYI: Firefox is predominately funded by Google. You're doing the dynamic duo dance here. Much like when we have an election and there are two parties, each one funded by and controlled by the very same elites behind the scenes. Good luck with that.