The latest version of Google Chrome brought significant changes to the browser. It received a new design, improved password management, and many other tweaks released in honor of its 10th birthday. Johns Hopkins University cryptographer Matthew Green revealed that Google made another change: Chrome now automatically signs users into their Google accounts within the browser whenever they log in to a Google service.
Chrome has long allowed people to sign in to their Google accounts so they can keep their open tabs in sync across devices. This feature was optional, however, and many people chose not to use it because they didn't want their browsing history to be sent to Google. Not signing in to Chrome was an easy way to make sure the feature wasn't "accidentally" enabled.
Google should have known this change would A) be discovered and B) rankle people who care about their privacy. The company is often criticized when things people already knew, such as the fact that it lets third-party app developers scan Gmail if people connect their accounts, come back into the public eye. Secretly making a change to Chrome that at least appeared to undermine privacy was bound to be controversial.
But neither actually resolves the main issues with this change. The fear that Google now has the potential to enable syncing without notice is still there, especially since the company remotely enabled the battery saver feature on Android smartphones by accident in mid-September. Things happen--settings are changed during the update process, bugs undermine settings, etc.
The other problem was the fact that everything about this change was kept secret from Chrome users. More information has become available since Green published his blog post, and Google has stressed that being signed in to Chrome doesn't automatically undermine someone's privacy, but the point is that people expect to know when something that could affect their privacy changes without a peep after years of use.
"My teammates made this change to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device. [...] The new UI clearly reminds you whenever you're logged in to a Google account. Plus, you now only need to sign out in one place before you share your computer with someone else."
All of which means a feature that was actually supposed to help Chrome users keep their information private from people with access to a shared computer has rekindled the flame of controversy around Google's privacy practices. The company doesn't appear to be changing its mind, though, so anyone concerned about being signed in to Chrome will either have to be more vigilant or switch to a different browser.