Google’s latest Chrome release has set off major privacy alarm bells.
In a blog post over the weekend, cryptographer and Johns Hopkins University professor Matthew Green penned a scathing blog post about the new version of Chrome in which he announces, right off the top via the headline, that he is completely done with Chrome. The reason?
“A few weeks ago,” he writes, “Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet.)”
There’s already been some intense back-and-forth about what all this means on Hacker News. Likewise, the tech press has been all over this today. For his part, Green’s frustration is the result of several key things:
One, he argues: Nobody on the Chrome development team “can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.” Adrienne Porter Felt, a Google engineer and manager for the Chrome browser, took to Twitter today to try and offer some context. A Mashable piece summarizes her argument as basically that “Google decided to make this change… to put an end to any confusion users may have had when trying to sign out of public or shared devices. Basically, Google tied Chrome and Google accounts together so you wouldn’t sign into a service on Chrome and accidentally sync information with someone else’s account.”
Here’s Adrienne herself:
My teammates made this change to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device. 3/
— Adrienne Porter Felt (@__apf__) September 24, 2018
Which now brings us back to Green, who says, sure — if you’re already signed into Chrome and a friend shares your computer, you definitely don’t want to accidentally have your friend’s Google cookies get uploaded into your account.
“But note something critical about this scenario,” Green writes. “In order for this problem to apply to you, you already have to be signed into Chrome. There is absolutely nothing in this problem description that seems to affect users who chose not to sign into the browser in the first place.
“So if signed-in users are your problem, why would you make a change that forces unsigned–in users to become signed-in? I could waste a lot more ink wondering about the mismatch between the stated ‘problem’ and the ‘fix’, but I won’t bother: because nobody on the public-facing side of the Chrome team has been able to offer an explanation that squares this circle.”
His whole post is worth a read in full. This part probably best sums up his post — and the same reason for other hand-wringing in various outlets today about the new Chrome release: “In ‘basic browser mode,'” he says, “your data is stored locally. In ‘signed-in’ mode, your data gets shipped to Google’s servers. This is easy to understand. If you want privacy, don’t sign in. But what happens if your browser decides to switch you from one mode to the other, all on its own?” It even gives a former Googler pause:
And let’s not forget, this is the same company that landed in hot water last month for tracking user location history even after users make it clear they don’t want that to occur. Meaning, ‘trust us’ becomes an increasingly harder pill to swallow for some people.