Google Chrome Begins ‘Syncing’ All Browser Data to Your Identity Without Asking....


A SEEMINGLY SMALL CHANGE TO CHROME STIRS BIG CONTROVERSY

AUTHOR: LILY HAY NEWMANLILY 09.24.1805:07 PM

THOUGH CHROME LAUNCHED in 2008 as a scrappy upstart, it has for years been the dominant web browser, with over 60 percent market share on both desktop and mobile. So when Chrome adjusts its features or policies, it impacts a huge chunk of people worldwide. And a recent change to how Chrome treats logins has shown how poorly those alterations can go over.

Even if you don't know much about the intricacies of Chrome's settings, you probably know that you can log into Chrome with your Google account—to sync your browsing history and other useful data across devices—or you can use it without logging in. That choice has always been a Chrome hallmark, emblematic of the balance between Google's business incentive to gobble up all of your data and its stated goal of respecting user privacy.

But in its 10th anniversary release a couple of weeks ago, Chrome started exhibiting a new behavior that alarmed users who purposely stay logged out. If you're logged into a Google service like Gmail, an icon in the upper-right corner of Chrome windows now shows that you're logged into Google's browser as well, regardless of your previous preference.

"This move is a deal breaker," a commenter known as colordrops wrote on Hacker News in early September in one early thread about the change. The perception, understandably, was that Chrome now takes a single login to a particular Google service as carte blanche permission to log a user into other Google products, and starts sharing data like browsing history.

"This was a bright line they made. And they violated it without telling anyone, and only updated their privacy policy after the fact when people freaked out." MATTHEW GREEN, JOHNS HOPKINS UNIVERSITY

Over the weekend, Johns Hopkins cryptographer Matthew Green questioned Google's motivations in a series of widely read tweets. Chrome engineering manager Adrienne Porter Felt responded, also on Twitter, that rather than automatically logging users into Chrome, the new icon instead indicates a sort of in-between state. Google says that the new Chrome login resembles Google's general Single Sign-On feature, which allows your login on Gmail, say, to carry over to Google.com, or any other service in the ecosystem. The company maintains that the new type of Chrome login does not result in any more information about a user or their browsing habits going to Google’s servers than being logged out would.

"Think of it as adding 'yo FYI you're currently logged in to Gmail' in the corner of the browser window," she wrote on Saturday. Porter Felt explained that the Chrome team added the feature to reduce problems with simultaneous logins on shared computers. Things like browsing data can get unintentionally shared when two Google accounts—one on Chrome, another on Gmail, for instance—are logged in on the same device.

Porter Felt and other Chrome engineers also emphasized that getting logged into Chrome because of another Google service doesn't automatically turn on syncing features and enhanced data sharing with Google, the way it does if you intentionally log into Chrome itself. "Simply signing in to Gmail doesn't start syncing anything to Google," Chrome engineering manager Mathieu Perreault wrote. "It will reuse your Gmail credentials in case you want to sync, but ... you have an extra step to consent to be syncing to Google."

Though the change would barely be noticeable to customers who keep Chrome signed in all the time, these explanations still frustrate the population of privacy-conscious users who intentionally stay signed out of Chrome. They also argue that the move violated Google's privacy policy, which defines two distinct modes of Chrome: "Basic browser mode" and "Signed-in Chrome mode." The new change complicates this dichotomy.

Though Chrome developers said publicly over the weekend that this partial Chrome login doesn't automatically cause data to sync to Google's servers, and Google affirms this assertion, it is still difficult to totally understand how the shadow login state differs from being fully logged in. Chrome will start syncing if you click one of the sync buttons that shows up around Chrome. It shows one final prompt confirming the decision with the option "Ok, got it." Once you start syncing, it will draw on locally stored URLs you typed into the search box, but not full browsing history from before syncing began.

"It was a big change and they should have expected that people would react to it" says Jim Fenton, an independent identity privacy and security consultant who says he has been wary of using Chrome for years for fear of policy changes like this. "So the thing people are concerned about from a design standpoint is that this could cause users to do what Google wants them to do. The way it was done really gave an impression that they were doing something they weren’t being entirely up front about."

Google updated its privacy policy on Monday morning to say, "On desktop versions of Chrome, signing into or out of any Google web service (e.g. google.com) signs you into or out of Chrome. Sync is only enabled if you choose. To customize the specific information that you synchronize, use the 'Settings' menu. You can see the amount of Chrome data stored for your Google Account and manage it on the Chrome Sync Dashboard." The policy revision doesn't fully clarify what the Twilight Zone third login state is or does, though.

"Even if no data goes up [to Google's servers] it’s still a huge change," Johns Hopkins' Green says. "This was a bright line they made. And they violated it without telling anyone, and only updated their privacy policy after the fact when people freaked out."

Given the dominance of Google's products and services, the company has repeatedly come under fire for changes like the Chrome login revision that seem to quietly and subtly consolidate the company's power even more. And while those frustrated by the change still support the Chrome Privacy team's desire to reduce the risk of unintentional syncing between accounts, they note that the lack of clarity creates mistrust. Many massive Chrome initiatives have been for the greater good—like the group's multi-year campaign to promote HTTPS web encryption and ding sites that don't use it—but the power to influence the entire web comes with heavy responsibility. And users who avoid logging into Chrome say they did not feel represented or considered in Chrome's recent change.

For privacy-conscious users who don't want to be signed into Chrome in any way and risk another policy change that exposes more of their data, the best option for continuing to use Chrome seems to be using a secondary browser for your Gmail and other Google services. Which is a pretty unappealing prospect.

https://www.wired.com/story/google-chrome-login-privacy/

Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more