Click to Skip Ad
Closing in...

Google Chrome change sets off firestorm with ‘serious implications for privacy and trust’

Published Sep 24th, 2018 11:34PM EDT
Google Chrome forced login
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Google’s latest Chrome release has set off major privacy alarm bells.

In a blog post over the weekend, cryptographer and Johns Hopkins University professor Matthew Green penned a scathing blog post about the new version of Chrome in which he announces, right off the top via the headline, that he is completely done with Chrome. The reason?

“A few weeks ago,” he writes, “Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet.)”

There’s already been some intense back-and-forth about what all this means on Hacker News. Likewise, the tech press has been all over this today. For his part, Green’s frustration is the result of several key things:

One, he argues: Nobody on the Chrome development team “can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.” Adrienne Porter Felt, a Google engineer and manager for the Chrome browser, took to Twitter today to try and offer some context. A Mashable piece summarizes her argument as basically that “Google decided to make this change… to put an end to any confusion users may have had when trying to sign out of public or shared devices. Basically, Google tied Chrome and Google accounts together so you wouldn’t sign into a service on Chrome and accidentally sync information with someone else’s account.”

Here’s Adrienne herself:

Which now brings us back to Green, who says, sure — if you’re already signed into Chrome and a friend shares your computer, you definitely don’t want to accidentally have your friend’s Google cookies get uploaded into your account.

“But note something critical about this scenario,” Green writes. “In order for this problem to apply to you, you already have to be signed into Chrome. There is absolutely nothing in this problem description that seems to affect users who chose not to sign into the browser in the first place.

“So if signed-in users are your problem, why would you make a change that forces unsignedin users to become signed-in? I could waste a lot more ink wondering about the mismatch between the stated ‘problem’ and the ‘fix’, but I won’t bother: because nobody on the public-facing side of the Chrome team has been able to offer an explanation that squares this circle.”

His whole post is worth a read in full. This part probably best sums up his post — and the same reason for other hand-wringing in various outlets today about the new Chrome release: “In ‘basic browser mode,'” he says, “your data is stored locally. In ‘signed-in’ mode, your data gets shipped to Google’s servers. This is easy to understand. If you want privacy, don’t sign in. But what happens if your browser decides to switch you from one mode to the other, all on its own?” It even gives a former Googler pause:

https://twitter.com/lcamtuf/status/1043338876297728000

And let’s not forget, this is the same company that landed in hot water last month for tracking user location history even after users make it clear they don’t want that to occur. Meaning, ‘trust us’ becomes an increasingly harder pill to swallow for some people.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.