The latest version of Google Chrome brought significant changes to the browser. It received a new design, improved password management, and many other tweaks released in honor of its 10th birthday. Johns Hopkins University cryptographer Matthew Green revealed that Google made another change: Chrome now automatically signs users into their Google accounts within the browser whenever they log in to a Google service.
Chrome has long allowed people to sign in to their Google accounts so they can keep their open tabs in sync across devices. This feature was optional, however, and many people chose not to use it because they didn't want their browsing history to be sent to Google. Not signing in to Chrome was an easy way to make sure the feature wasn't "accidentally" enabled.
Worse still was the fact that Chrome doesn't let people know when it's automatically signed them in to their Google account. The company didn't just remove the option to use its browser without using a Google account; it did so in a way that makes it hard to believe Google wasn't trying to escape scrutiny. There's no mention of this change in the blog posts, patch notes or even privacy policy that accompanied Chrome 69's debut.
Google should have known this change would A) be discovered and B) rankle people who care about their privacy. The company is often criticized when things people already knew, such as the fact that it lets third-party app developers scan Gmail if people connect their accounts, come back into the public eye. Secretly making a change to Chrome that at least appeared to undermine privacy was bound to be controversial.
Here's the good news: Green said in his blog post that Google engineers told him Chrome doesn't automatically enable the sync feature even when someone is signed in. He was also told Google would update Chrome's privacy policy to note the new behavior. Both of these decisions are supposed to relieve Chrome users who feared their browsing history had been secretly handed over to Google because of this change.
But neither actually resolves the main issues with this change. The fear that Google now has the potential to enable syncing without notice is still there, especially since the company remotely enabled the battery saver feature on Android smartphones by accident in mid-September. Things happen--settings are changed during the update process, bugs undermine settings, etc.
The other problem was the fact that everything about this change was kept secret from Chrome users. More information has become available since Green published his blog post, and Google has stressed that being signed in to Chrome doesn't automatically undermine someone's privacy, but the point is that people expect to know when something that could affect their privacy changes without a peep after years of use.
We asked Google for more information about this change and a spokesperson linked us to a series of tweets from Chrome engineer and manager Adrienne Porter Felt. In addition to saying that Google is working to update Chrome's privacy policy and that merely being signed in to the browser doesn't enable the sync feature so many people are worried about, Porter Felt explained the reasoning behind the change:
"My teammates made this change to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device. [...] The new UI clearly reminds you whenever you're logged in to a Google account. Plus, you now only need to sign out in one place before you share your computer with someone else."
All of which means a feature that was actually supposed to help Chrome users keep their information private from people with access to a shared computer has rekindled the flame of controversy around Google's privacy practices. The company doesn't appear to be changing its mind, though, so anyone concerned about being signed in to Chrome will either have to be more vigilant or switch to a different browser.
