Slashdot Mirror
Google Secretly Logs Users Into Chrome Whenever They Log Into a Google Site (zdnet.com)
Catalin Cimpanu, writing for ZDNet: Starting with Chrome 69, whenever a Chrome user would access a Google-owned site, the browser would take that user's Google identity and log the user into the Chrome in-browser account system -- also known as Sync. This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google's servers. Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google's servers, data that may be tied to their accounts.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
Now, with the revelations of this new auto-login mechanism, a large number of users are angry that this sneaky modification would allow Google to link that person's traffic to a specific browser and device with a higher degree of accuracy. That criticism proved to be wrong, as Google engineers have clarified on Twitter that this auto-login operation does not start the process of synchronizing local data to Google's servers, which will require a user click. Furthermore, they also revealed that the reason why this mechanism was added was for privacy reasons in the first place. Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers. Well-respected cryptographer Matthew Green was disappointed by the move. In a post, he wrote: [...] In the rest of this post, I'm going to talk about why this matters. From my perspective, this comes down to basically four points:
1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
2. This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
3. The change makes a hash out of Google's own privacy policies for Chrome.
4. Google needs to stop treating customer trust like it's a renewable resource, because they're screwing up badly.
On the one hand, yeah, blech.
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
This isn't really news. Chrome has sent more information to Google than other browsers for ever. Why people use it is beyond me.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
So how does that work
Chrome engineers said the auto-login mechanism was added in the browser because of shared computers/browsers.
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Why doesn't Google just come out and say it. They're sucking up every bit of your information to sell to someone. This death by a thousand cuts is so last decade.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Go to chrome://flags//#account-consistency, switch Account Consistency option to disabled.
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
On the other hand, did you really think Google weren't tracking the #%#%$% out of you whenever you logged into anything?
Definitely. One of the reasons I don't use or install Chrome even though I do use some Google services. I use Firefox in part because it's the only one of the major browsers to not be owned by a major tech company. Chrome seems to work fine but compared with Firefox it's at more or less a dead heat technically speaking and performance-wise (for my purposes anyway) so why tie myself tighter to Google than absolutely necessary? That's not an argument that Firefox is perfect (it isn't) but it seems to be the least worst option in this regard.
Indeed it does. Just last night Chrome auto-updated itself to 69. I was running an older version for two or three years (had very good reasons to) and had all the auto-update garbage turned off, developer mode turned on, and the like. I rebooted my machine, and out of nowhere was this candy coated new Apple-like interface.
This is when I immediately uninstalled Chrome, filled in their "survey" that it automatically takes you to, and installed Firefox. I was very pleased to see that Firefox gives you the option off the bat to use an address bar as an address bar. There's nothing like a bait and switch "feature" hijacking all your address data, phoning home under the guise of offering lame suggestions, and performing a search if you mistyped and didn't get a FQDN right.
I won't be going back any time soon.
Google: Be Evil. (TM)
Google is rapidly becoming the new Microsoft. No wonder they ditched the "Don't Be Evil" motto.
Honestly I think Facebook wins the current edition of the Evil Olympics among tech companies. But maybe Google is just a sneakier player and unfortunately the two of them combined are really hard to avoid if you give half a shit about your privacy. I don't have a Facebook account but I'd be truly shocked if they don't maintain some sort of profile about my activities on the web. I block what I can but it's hard to stop them entirely.
Any company in a position of power is likely to abuse that power to some degree. IBM did, Microsoft did, and the list goes on. Trust them at your peril.
Now, as long as it makes them a buck and increases their huge cache of customer info, there's pretty much nothing they won't sink to.
Distrust of them is why I've avoided Chrome.
Chas - The one, the only.
THANK GOD!!!
Wait... Chrome didn't always do this? I just assumed, from the first day I saw a coworker "log in" to the browser (a concept that made no sense to me at all) it was just a way to automatically log you in to Google's services. Today, I have to use it because developers around me make web apps that only work on Chrome! It's becoming like the IE fiasco from the early 2000's all over again.
Chrome exists solely for the purpose of furthering Google's marketing efforts. While everyone is vilifying Apple and Microsoft, Google has quietly obtained control of the OS (Android), the browser (Chrome), search (Google), advertising (Adsense), and the web (Amp). The biggest advertiser on the planet has your phone numbers, your texts, your emails, recordings of your voice, ...
Google didn't create Chrome because they needed a browser, or they wanted to optimize JavaScript, or they needed a debugger. They wanted client-side control of your machine, and it took a browser and an OS to do that.
Geeks need to go back to Firefox. It isn't made by an OS vendor or an advertising agency, it doesn't snoop on you, and it is completely open source.
As far as I know, Microsoft doesn't sell my data. I'm a Microsoft customer. I give them money, and they give me software. Google's customers are its advertisers.
I don't respond to AC's.
This used to happen with previous versions of Firefox = 56, specifically due to XUL.
I'm not sure if it happens now; but I also encountered it with some machines which have Kaspersky antivirus installed, because most anti-virus products inject their addon into Firefox (which would cause strange cpu-usage). And sadly, there doesn't appear to be an easy way to disable it except perhaps through some obscure setting in the AV.
So, you intentionally ran a years-old browser which certainly had a large number of unpatched security vulnerabilities? If you don't like the new versions of something, you should switch to something else whose new versions you like rather than run aging software. Turning off these updates is just asking for your security to be compromised.
You could use Chromium or Vivaldi and be even less corporate influenced, but still chrome compatible.
Maybe but I don't care at all about compatibility with Chrome and don't see any particular value in that. I want a web browser that works on the sites I visit, is cross platform, has strong privacy controls, is actively developed, and isn't a security train wreck. Edge and Safari are out for me since they are one platform only and one company only. I don't really trust the various forked browsers related to Chrome and Firefox and other "minor" browsers to remain viable and supported long term though I'm glad they exist. So the only real options for me are Chrome and Firefox and I choose Firefox because it's less tied to a single for-profit corporation plus I'm used to it and have been using it a long time. It's not that I hate Chrome but I don't 100% trust Google's interests to align with my own. A little diversity of platform can be a good thing.