Rhett Jones* says Google Chrome has made a change that now automatically logs users in — something most may not be aware of.
Once again, Google has rankled privacy-focused people with a product change that appears to limit users’ options.
It’s easy to miss the fact that you’re automatically being logged in to Chrome if you aren’t paying attention.
Chrome 69 was released to users on 5 September and you likely noticed that it has a different look.
But if you’re the type of person who doesn’t like to log in to the browser with your Google account, you may have missed the fact that it happens automatically when you sign in to a Google service like Gmail.
Previously, users were allowed to keep those logins separate.
Members of the message board Hacker News noticed the change relatively quickly, and then, several developers called attention to it.
One problem with rolling out this kind of change without making it clear to users is that people might misunderstand what’s happening and assume the worst.
Matthew Green, a Professor at Johns Hopkins University who teaches cryptography, was offended when he realised what was happening because he’s made a concerted effort not to log in through the browser to avoid any extraneous collection of his data.
As long as you remain logged out, your browser activity is only stored locally on your machine.
When he wrote about his issues with the change, he also worried that Google’s “Sync” feature was automatically being enabled, but it appears that’s not the case.
Sync uploads your browser history, bookmarks, passwords and other data to Google in order to sync your preferences across multiple devices, and can be turned on and off by a user.
Adrienne Porter Felt, a Google Chrome engineer, stepped in on Twitter to confirm the automatic login change, but said that users still have to manually enable Sync.
We reached out to Google for comment and a spokesperson pointed us to another Twitter thread from Felt in which she explained that this change is intended to prevent multiple users from mistakenly believing they’re logged in on a shared device.
“In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device,” she wrote.
There’s a certain amount of logic to Google’s stated reasoning, but it doesn’t change the fact that this is something that should’ve been made clear to users.
Felt does have a point that the new Chrome now clearly shows in the upper-right corner which user, if any, is logged in.
But Green is correct that Chrome’s privacy policy didn’t make the new change clear enough, and he said he’d been assured that the policy would be updated.
Accordingly, following the controversy over the auto login change, Google has since updated its Chrome privacy policy to add more clarity about the tweak, reports Digital Trends.
The changes include tweaking a section title from “Signed-in Chrome mode” to “Signed-in, Synched Chrome mode” as well as the addition of two sentences: “On desktop versions of Chrome, signing into or out of any Google web service (e.g. google.com) signs you into or out of Chrome. Sync is only enabled if you choose.”
We’ve learned that Android phones were sending location data to Google even when location history was disabled.
And we’ve found that Google was storing voice recordings without users’ knowledge.
And most recently we’ve seen numerous reports that it’s working on a censorship and surveillance-friendly search engine for China — a project that it will only vaguely acknowledge while employees are protesting internally.
It isn’t a good idea to simply trust Google.
If you want to disable the forced login, a user on Hacker News points out a workaround that could change at any time.
Copy and paste this text into your browser’s address bar: chrome://flags/#account-consistency.
Then disable the option labelled “Identity consistency between browser and cookie jar”, and restart your browser.
For now, you have a choice, but it shouldn’t be so difficult or obscure.
* Rhett Jones is a staff reporter at Gizmodo. He tweets at @rhettjonez.
This article first appeared at www.gizmodo.com.au.