Update: Faced with massive criticism, Google has decided to roll back this feature.
Google has again run afoul of the privacy-conscious, this time with a Chrome “feature” that keeps users logged in… even when they haven’t logged in at all.
The world’s most popular browser will log users in if they log into any other Google service; if you use Chrome to log into Gmail, for instance, it automatically logs you into Chrome once your Gmail instance begins.
Worse, Google didn’t tell users this was happening. It surreptitiously added this feature, and didn’t bother to add a Chrome flag to disable it entirely. Simply put, Google is using (more) underhanded measures to track us all. The forced login syncs data to your Google account, which can follow you across devices and wherever you go.
Cryptography professor Matthew Green is a poster-child for why this is wrong. He avoided logging into Chrome to prevent his behavior from being tracked and pegged to his profile. Although a Google engineer responded to him via Twitter to note the ‘syncing’ feature is an opt-in, Green’s blog post – “Why I’m done with Chrome” – calls the opt-in mechanism a ‘dark pattern.’
Green’s screenshots show how confusing Google’s language is for even a cryptography professor to grasp, which makes you wonder how the average user will respond. In a time of r/oldpeoplefacebook, taking for granted that people understand the more niche aspects of tech, or the cloudy language to describe what’s going on, feels just as nefarious as the ‘sync’ act itself.
Proponents say Google is simply ‘helping,’ as some users had multiple accounts or multiple people using one browser, which ended up causing some cross-tracking. Having your significant other check their Gmail while you’re logged into Chrome only feels like a problem for Google, unless you really care about the ads you see on other web pages. Users may care more that they end up using Chrome logged in as someone else entirely, simply because that person checked their Gmail for five minutes a week ago.
For those who don’t like the fork in the road Google chose, there are options. The most standard-issue response is “don’t use Chrome,” but that’s not always a cure-all. An Idea Synthesis blog post shares some command-line tools anyone can use to prevent Chrome from syncing data back to Google, and allows for some limiting on which types of accounts can log into Chrome at all.
There’s also a GitHub repo that essentially un-Googles Chrome. It’s Chromium, the open source platform for Chrome, which has “modifications to Google Chromium for removing Google integration and enhancing privacy, control, and transparency.”
The core argument is that the Chrome browser is one platform (or service), and Google’s other services are separate entities. You may want your browsing experience to remain a logged-out affair while you dip and dive between other services; it’s at least a lightweight way to prevent browser data from being tagged to your profile.
It’s also important to note this syncing feature came in the Trojan Horse of a new Chrome UI in version 69. While we were all distracted by rounded tabs and a fresh look, Google bundled a cross-service tracking feature with a befuddling UI. Luckily, developers are springing into action; many are shouting down Google’s practices – and Chrome itself – while others are promoting the tools we’ve shared here, or creating their own.
As ethics become more central to technology, Google feels out of touch. Luckily, tech pros seem not to be.