Google Chrome Begins ‘Syncing’ All Browser Data to Your Identity Without Asking....
A SEEMINGLY SMALL CHANGE TO CHROME STIRS BIG CONTROVERSY
AUTHOR: LILY HAY NEWMANLILY 09.24.1805:07 PM
THOUGH CHROME LAUNCHED in 2008 as a scrappy upstart, it
has for years been the dominant web browser, with over 60 percent market share
on both desktop and mobile. So when Chrome adjusts its features or policies, it
impacts a huge chunk of people worldwide. And a recent change to how Chrome
treats logins has shown how poorly those alterations can go over.
Even if you don't know much about the intricacies of
Chrome's settings, you probably know that you can log into Chrome with your
Google account—to sync your browsing history and other useful data across
devices—or you can use it without logging in. That choice has always been a Chrome
hallmark, emblematic of the balance between Google's business incentive to
gobble up all of your data and its stated goal of respecting user privacy.
But in its 10th anniversary release a couple of weeks
ago, Chrome started exhibiting a new behavior that alarmed users who purposely
stay logged out. If you're logged into a Google service like Gmail, an icon in
the upper-right corner of Chrome windows now shows that you're logged into
Google's browser as well, regardless of your previous preference.
"This move is a deal breaker," a commenter
known as colordrops wrote on Hacker News in early September in one early thread
about the change. The perception, understandably, was that Chrome now takes a
single login to a particular Google service as carte blanche permission to log
a user into other Google products, and starts sharing data like browsing
history.
"This was a
bright line they made. And they violated it without telling anyone, and only
updated their privacy policy after the fact when people freaked out." MATTHEW
GREEN, JOHNS HOPKINS UNIVERSITY
Over the weekend, Johns Hopkins cryptographer Matthew Green
questioned Google's motivations in a series of widely read tweets. Chrome
engineering manager Adrienne Porter Felt responded, also on Twitter, that
rather than automatically logging users into Chrome, the new icon instead
indicates a sort of in-between state. Google says that the new Chrome login
resembles Google's general Single Sign-On feature, which allows your login on
Gmail, say, to carry over to Google.com, or any other service in the ecosystem.
The company maintains that the new type of Chrome login does not result in any
more information about a user or their browsing habits going to Google’s
servers than being logged out would.
"Think of it as adding 'yo FYI you're currently
logged in to Gmail' in the corner of the browser window," she wrote on
Saturday. Porter Felt explained that the Chrome team added the feature to
reduce problems with simultaneous logins on shared computers. Things like
browsing data can get unintentionally shared when two Google accounts—one on
Chrome, another on Gmail, for instance—are logged in on the same device.
Porter Felt and other Chrome engineers also emphasized
that getting logged into Chrome because of another Google service doesn't
automatically turn on syncing features and enhanced data sharing with Google,
the way it does if you intentionally log into Chrome itself. "Simply
signing in to Gmail doesn't start syncing anything to Google," Chrome
engineering manager Mathieu Perreault wrote. "It will reuse your Gmail
credentials in case you want to sync, but ... you have an extra step to consent
to be syncing to Google."
Though the change would barely be noticeable to customers
who keep Chrome signed in all the time, these explanations still frustrate the
population of privacy-conscious users who intentionally stay signed out of
Chrome. They also argue that the move violated Google's privacy policy, which
defines two distinct modes of Chrome: "Basic browser mode" and
"Signed-in Chrome mode." The new change complicates this dichotomy.
Though Chrome developers said publicly over the weekend
that this partial Chrome login doesn't automatically cause data to sync to
Google's servers, and Google affirms this assertion, it is still difficult to
totally understand how the shadow login state differs from being fully logged in.
Chrome will start syncing if you click one of the sync buttons that shows up
around Chrome. It shows one final prompt confirming the decision with the
option "Ok, got it." Once you start syncing, it will draw on locally
stored URLs you typed into the search box, but not full browsing history from
before syncing began.
"It was a big change and they should have expected
that people would react to it" says Jim Fenton, an independent identity
privacy and security consultant who says he has been wary of using Chrome for
years for fear of policy changes like this. "So the thing people are
concerned about from a design standpoint is that this could cause users to do
what Google wants them to do. The way it was done really gave an impression
that they were doing something they weren’t being entirely up front
about."
Google updated its privacy policy on Monday morning to
say, "On desktop versions of Chrome, signing into or out of any Google web
service (e.g. google.com) signs you into or out of Chrome. Sync is only enabled
if you choose. To customize the specific information that you synchronize, use
the 'Settings' menu. You can see the amount of Chrome data stored for your
Google Account and manage it on the Chrome Sync Dashboard." The policy
revision doesn't fully clarify what the Twilight Zone third login state is or
does, though.
"Even if no data goes up [to Google's servers] it’s
still a huge change," Johns Hopkins' Green says. "This was a bright
line they made. And they violated it without telling anyone, and only updated
their privacy policy after the fact when people freaked out."
Given the dominance of Google's products and services,
the company has repeatedly come under fire for changes like the Chrome login
revision that seem to quietly and subtly consolidate the company's power even
more. And while those frustrated by the change still support the Chrome Privacy
team's desire to reduce the risk of unintentional syncing between accounts,
they note that the lack of clarity creates mistrust. Many massive Chrome
initiatives have been for the greater good—like the group's multi-year campaign
to promote HTTPS web encryption and ding sites that don't use it—but the power
to influence the entire web comes with heavy responsibility. And users who
avoid logging into Chrome say they did not feel represented or considered in
Chrome's recent change.
For privacy-conscious users who don't want to be signed
into Chrome in any way and risk another policy change that exposes more of
their data, the best option for continuing to use Chrome seems to be using a
secondary browser for your Gmail and other Google services. Which is a pretty
unappealing prospect.
Comments
Post a Comment