Slashdot Mirror
Google Secretly Logs Users Into Chrome Whenever They Log Into a Google Site (zdnet.com)
Catalin Cimpanu, writing for ZDNet: Starting with Chrome 69, whenever a Chrome user would access a Google-owned site, the browser would take that user's Google identity and log the user into the Chrome in-browser account system -- also known as Sync. This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google's servers. Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google's servers, data that may be tied to their accounts.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
On the one hand, yeah, blech.
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
This isn't really news. Chrome has sent more information to Google than other browsers for ever. Why people use it is beyond me.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
So how does that work
Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers.
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Why doesn't Google just come out and say it. They're sucking up every bit of your information to sell to someone. This death by a thousand cuts is so last decade.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Go to chrome://flags//#account-consistency, switch Account Consistency option to disabled.
While this is really annoying, fortunately it doesn't synchronize anything by default. It just logs you in but you have to manually enable syncing.
Also, dude, porn is what you have that secondary Firefox installation for.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I wonder if this applies to Chromium also.
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
Definitely. One of the reasons I don't use or install Chrome even though I do use some Google services. I use Firefox in part because it's the only one of the major browsers to not be owned by a major tech company. Chrome seems to work fine but compared with Firefox it's at more or less a dead heat technically speaking and performance-wise (for my purposes anyway) so why tie myself tighter to Google than absolutely necessary? That's not an argument that Firefox is perfect (it isn't) but it seems to be the least worst option in this regard.
"In the rest of this post, Iâ(TM)m going to talk about why this matters. "
What he actually posted was:
"In the rest of this post, I’m going to talk about why this matters."
Indeed it does. Just last night Chrome auto-updated itself to 69. I was running an older version for two or three years (had very good reasons to) and had all the auto-update garbage turned off, developer mode turned on, and the like. I rebooted my machine, and out of nowhere was this candy coated new Apple-like interface.
This is when I immediately uninstalled Chrome, filled in their "survey" that it automatically takes you to, and installed Firefox. I was very pleased to see that Firefox gives you the option off the bat to use an address bar as an address bar. There's nothing like a bait and switch "feature" hijacking all your address data, phoning home under the guise of offering lame suggestions, and performing a search if you mistyped and didn't get a FQDN right.
I won't be going back any time soon.
Google: Be Evil. (TM)
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
Honestly I think Facebook wins the current edition of the Evil Olympics among tech companies. But maybe Google is just a sneakier player and unfortunately the two of them combined are really hard to avoid if you give half a shit about your privacy. I don't have a Facebook account but I'd be truly shocked if they don't maintain some sort of profile about my activities on the web. I block what I can but it's hard to stop them entirely.
Any company in a position of power is likely to abuse that power to some degree. IBM did, Microsoft did, and the list goes on. Trust them at your peril.
To watch netflix and amazon. I downloaded palemoon and use it for basic web access. Google has grown to large to keep from becoming 'evil'.
Now, as long as it makes them a buck and increases their huge cache of customer info, there's pretty much nothing they won't sink to.
Distrust of them is why I've avoided Chrome.
Chas - The one, the only.
THANK GOD!!!
Why not FF?
I See What You Did There...
FB is a clumsy toddler in evilness compared to Google.
Perhaps. Facebook is definitely more blatant about their evil. Google is harder to avoid. Both companies have WAY too few restrictions on what they can do with data about basically everyone.
Slow as fuck, hangs the work computer for 20 seconds at a time. I'm sure it's the antivirus being antivirus, but I don't have time for that to happen 20-50 times a day.
I assume Brave only lets you watch straight porn? :-P
"When information is power, privacy is freedom" - Jah-Wren Ryel
Sync? More like STINK.
I use it, it doesn't do that at all, so I'm positive it's something specific on your computer. Perhaps some proper configuration would seriously help?
The cesspool just got a check and balance.
and don't sign up for Mozilla Sync either. Many of the plugins for Chrome now work in, or have versions for, Firefox because the plugin engine is similar. If you avoid Mozilla's sync they won't get much of your personal information.
Yes, I am removing the Chrome browser from all of my devices. I can't not login to Google because they currently host my email and other cloud presence. I figured that something was up because the login switcher has been acting erratically. I would have to clear cookies for the past (hour,4 hours, etc..) to switch between accounts. Several people have already noted that this move was just evil/greed. So, for the sake of .005% improvement on tracking accuracy and data quality they have really pissed me off.
Disappointed, very disappointed.
Wait... Chrome didn't always do this? I just assumed, from the first day I saw a coworker "log in" to the browser (a concept that made no sense to me at all) it was just a way to automatically log you in to Google's services. Today, I have to use it because developers around me make web apps that only work on Chrome! It's becoming like the IE fiasco from the early 2000's all over again.
Chrome exists solely for the purpose of furthering Google's marketing efforts. While everyone is vilifying Apple and Microsoft, Google has quietly obtained control of the OS (Android), the browser (Chrome), search (Google), advertising (Adsense), and the web (Amp). The biggest advertiser on the planet has your phone numbers, your texts, your emails, recordings of your voice, ...
Google didn't create Chrome because they needed a browser, or they wanted to optimize JavaScript, or they needed a debugger. They wanted client-side control of your machine, and it took a browser and an OS to do that.
Geeks need to go back to Firefox. It isn't made by an OS vendor or an advertising agency, it doesn't snoop on you, and it is completely open source.
Sorry I can't be as tin-foil hat as the rest of you, but let me tell you how this affected me.
My PC at home is used by all my family. We pop in and out of Gmail users 100 times a day. However my browser always stayed logged in as the primary user, which affected how the extensions worked, among other things.
Recently that all changed and everytime someone would log out of email it would log me out of the browser. (Actually it would say 'Paused' but since you had to log back in to un pause it, it's pretty much the same thing.)
Interestingly, I never noticed it logging into the browser as these other Gmail accounts. It would only log the primary account out.
--Welcome to the Realm of the Hawke--
Let's be assholes
Brave.
LOL.
Useless crap on the same level as Edge.
I was on their support forum and couldn't believe the stupidity of the devs there.
I asked how I can move the browser cache to a different location. Can't do it. Moron developers keep asking why I want to do that.
Well, in addition to wanting the cache on a RAM disk instead of on my SSD, how about the fact that every browser, INCLUDING FUCKING INTERNET EXPLORER let's you easily move the browser cache to any location you want.
The *ONLY* browsers that don't let you do that are Brave and Edge.
'nuff said.
I assume Brave only lets you watch straight porn? :-P
I see what you did there.
'Nuff said.
As far as I know, Microsoft doesn't sell my data. I'm a Microsoft customer. I give them money, and they give me software. Google's customers are its advertisers.
I don't respond to AC's.
In years of tech support professional life, I've not seem something like that (but the opposite is true...): for me, it's clearly an local issue.
... and installed Firefox.
Now you have a bunch of new stuff to disable ... :-)
It must have been something you assimilated. . . .
So which one of my 15 Google ids does it use?
The google-customer experience is a symbiotic relationship.
"Google, we're not evil. Well, no more than any other company...."
Beware of Sales Reps bearing gifts.
its not really 69 when we are the only ones giving oral, google. and let go of our heads we need air.
Chromium or Vivaldi. (Or both, for different ecosystems) All of the good of chrome and none of the Google.
This used to happen with previous versions of Firefox = 56, specifically due to XUL.
I'm not sure if it happens now; but I also encountered it with some machines which have Kaspersky antivirus installed, because most anti-virus products inject their addon into Firefox (which would cause strange cpu-usage). And sadly, there doesn't appear to be an easy way to disable it except perhaps through some obscure setting in the AV.
"Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly."
I don't think, relatively speaking, that many of us are Google's customers. Most of us are just food on the menu.
Or better yet, stop bookmarking porn pages. Just commit it to memory.
So, you intentionally ran a years-old browser which certainly had a large number of unpatched security vulnerabilities? If you don't like the new versions of something, you should switch to something else whose new versions you like rather than run aging software. Turning off these updates is just asking for your security to be compromised.
Honestly, the logic of this change is pretty reasonable. Mostly it just makes the background behavior more visible.
Previously, if I had gone onto somebody else's machine and decided to log in to check my e-mail while I was on their machine, and failed to do so in incognito mode, then they could hop onto their machine and look not only at my e-mail, but also my calendar, my Drive, and everything else I have related to Google. There would be nothing in the UI to tell me about this behavior at all.
Making it clear that this login was persistent would at least give me another opportunity to realize that I should log out before leaving the computer (or at least remind me that I should have logged in using incognito mode instead). I just wish there was an easy way to make other logins more visible (this is likely infeasible).
If this change has effects beyond simply making the login more visible (such as clearing out local bookmarks or settings), then those should, in my mind, be reported as bugs.
They can do whatever they want on their own computer, just like you can update your browser because you want to.
If you don't like hearing people haven't updated their browser, get off the internet.
You could use Chromium or Vivaldi and be even less corporate influenced, but still chrome compatible.
Maybe but I don't care at all about compatibility with Chrome and don't see any particular value in that. I want a web browser that works on the sites I visit, is cross platform, has strong privacy controls, is actively developed, and isn't a security train wreck. Edge and Safari are out for me since they are one platform only and one company only. I don't really trust the various forked browsers related to Chrome and Firefox and other "minor" browsers to remain viable and supported long term though I'm glad they exist. So the only real options for me are Chrome and Firefox and I choose Firefox because it's less tied to a single for-profit corporation plus I'm used to it and have been using it a long time. It's not that I hate Chrome but I don't 100% trust Google's interests to align with my own. A little diversity of platform can be a good thing.
Over the years, Google has paid Mozilla in excess of $2 Billion. If you don't think Google "owns" Mozilla, you are delusional.
And they've also received upwards of a billion from Yahoo who last I checked was decidedly not owned by Google. I'm aware of the funding but the difference is that Mozilla can and does get funding from other sources. So my choices are 100% Google owned (Chrome) or something less than 100% Google financed (Firefox). I'll take the later option thanks. Mozilla is it's own entity and that counts for something even if it isn't as much as one would hope.
I assume it logs out when you log out of gmail, too, no?
Check out my sci-fi/humor trilogy at PatriotsBooks.
Yes, but at least it's unlikely to re-enable the options on an update.
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat