Chrome 69 logs you in whenever you visit a Google website whether you like it or not

Cal Jeffrey

TS Evangelist
Staff member

Chrome 69, released earlier this month, is a major overhaul of Google’s web browser. It offers a sleek new look and a host of new features including a revamped password manager and a “smart answer” tool.

Another feature added to Chrome is automatic login. Whenever you log into a Google website like Gmail or YouTube, Chrome 69 will automatically sign you into the browser. At first glance, it seems an easy and quick way to utilize Chrome’s personalization features, but it is more intrusive than helpful according to security researchers.

For one thing, it removes the ability for the user to choose whether or not he or she wants to log into the browser. Forcing users to browse logged in is bad form no matter how helpful the function is perceived to be, but security experts say that it goes beyond that and is a violation of your privacy.

Professor of Cryptography Matthew Green at John Hopkins University says that the feature has completely turned him off of using Chrome, which he says he once loved.

“For many years, Google offered an optional ‘sign in’ feature for Chrome, which presumably vacuumed up your browsing data and shipped it off to Google, but that was an option,” said Green in his blog. “[Now] Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.”

Green called the developers out on Twitter, but the company defended the move saying that it's more like a "FYI" notification than actually signing in. No, really, they did.

Green notes that developers are saying that this auto login will not sync your data with Google servers — at least not yet. You still have to opt-in to the service for syncing to occur. However, Green takes issue with Google’s rationale for the feature.

Devs are concerned about what happens when Chrome is signed into one account, but then a different user logs into a Google-based website to say, check his or her email on the same computer. Presumably, account A will end up syncing account B’s data. This concern is legitimate.

However, Green notes that the precautionary measure only pertains to users who prefer logging into Chrome. It does not apply to those who would rather browse logged out. To put it another way, all users are being forced to sign into Chrome when they access Google sites because the devs cannot figure out a way to keep data from two accounts separate.

Green is not alone in his misgivings. Cloudflare CTO John Graham-Cumming and Intel security expert Ryan Naraine voiced their concerns and said they would be switching browsers.

“The Chrome guys get a lot right. This isn’t one of them,” Naraine said on Twitter.

Attempting to keep user data separate on a shared computer is a valid concern. It is Google's approach to the problem that failed. Not giving the user a choice in the matter is the wrong way to go regardless of whether or not data collection is occurring.

Permalink to story.

 

jobeard

TS Ambassador
Also keeping multiple Email address and inbox's separate is an absolute requirement.

Psst: even as JoeDoe, I have five accounts!
 
  • Like
Reactions: wiyosaya

Evernessince

TS Evangelist
Also keeping multiple Email address and inbox's separate is an absolute requirement.

Psst: even as JoeDoe, I have five accounts!
Agreed. I'm going to be moving a good chunk of my email traffic off gmail soon as it seems they are going to be forcing the new UI onto everyone within a week. This will be my 4rth email account that I use in rotation.
 

wiyosaya

TS Evangelist
Try Mozilla Thunderbird -- handles multiple accounts and email servers well. Has feature to sync calendars too :)
For those that need it, there is even a free Outlook plugin that let you send and receive e-mail using an Outlook account.
 

amghwk

TS Guru
How about deleting all passwords, clearing cache and all logins, and then not login at all, or use private window to login when needed?
 

Theinsanegamer

TS Evangelist
I dont want to be forced to sign into ANYTHING. I already didnt trust google with much, but this is taking it yet another step too far.

Cmon firefox, get your act together so I can switch already.
 

Theinsanegamer

TS Evangelist
Also keeping multiple Email address and inbox's separate is an absolute requirement.

Psst: even as JoeDoe, I have five accounts!
Agreed. I'm going to be moving a good chunk of my email traffic off gmail soon as it seems they are going to be forcing the new UI onto everyone within a week. This will be my 4rth email account that I use in rotation.
Are they REALLY going to do that?

I'm gonna have to migrate everything off of gmail now. that new interface is absolutely horrible.
 

Evernessince

TS Evangelist
Are they REALLY going to do that?

I'm gonna have to migrate everything off of gmail now. that new interface is absolutely horrible.
They stick a message in my face every time I look at my mail asking me to update now or in one week. But I can confirm that google is forcing everyone to the new UI.

https://www.businessinsider.com/google-new-gmail-release-timeline-2018-6#august-all-users-including-individuals-with-company-accounts-will-have-the-choice-to-opt-in-3
 

Badvok

TS Maniac
So these so called 'Security Experts' are amazed that the Google browser detects when you log into Google and integrates the fact that you have logged in? And then Google has the audacity to ask if you want to sync your browser settings across other instances of the Google browser where you have also logged into Google rather than just automatically doing it for you?
 

tipstir

TS Ambassador
Chrome 64-bit is my main browser with the right extensions it's very protective. I sure Google keeps track of ever place I visit. For a secondary browser to Chrome would be SRWave Iron is built for speed and performance yet it is. But when you update to the next version it can wipe all your prior settings out. I still use it because I can't do everything on Chrome plus if the GF wants to check her emails and etc. I don't want to open her stuff on my Chrome. SRWave Iron suits my needs this way. I do also have PaleMoon 64-bit that uses FireFox Engine. MS Windows 10 Edge still feels like it needs something it's okay I don't use Bing as my search engine MS needs to have it more friendlier. Still feels like IE v2 to me. Netscape was the bomb back in the day.