Privacy Alert: Chrome Just Made It Easier For Google To Spy On You

Image: Getty Images

Google appears to be having a hard time with the concept of consent lately. Last week, the company remotely changed the battery settings on Android Pie devices without bothering to inform their owners. Now it has begun automatically logging users into Chrome sans their consent - which can lead to all your personal data getting shipped to Google’s servers.

This latest privacy bombshell comes via cryptography expert Matthew Green who shared the discovery on his blog. Titled 'Why I'm Leaving Chrome', the post details changes Google has made to Chrome's login requirements in the latest software update, Chrome 69.

In short, the web browser has begun logging users into their accounts when they access other Google services such as Gmail. This is done automatically and without the user's knowledge or consent. In 'signed-in' mode, your data gets shipped to Google’s servers instead of being stored locally and the veneer of privacy is completely removed.

As Green notes, this change could lead to people unwittingly turning over their browsing history to Google. According to Chrome developers Green spoke to, users still need to activate the "sync" feature before data transfers can occur. But this did little to dispel Green's privacy concerns.

"Now that I'm forced to log into Chrome, I'm faced with a brand new menu I've never seen before," Green explained in his post. "It looks like this:

"Does that big blue button indicate that I’m already synchronizing my data to Google? That’s scary! Wait, maybe it’s an invitation to synchronize! If so, what happens to my data if I click it by accident? (I won’t give the answer away, you should go find out. Just make sure you don’t accidentally upload all your data in the process. It can happen quickly.)"

Previously, Chrome users had to enter their Google credentials and manually sign into Chrome if they wanted to turn over their browsing history to Google. Following this update, the process can be achieved with a single click that is easy to do by accident.

"This is a dark pattern," Green concludes. "Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data."

This isn't the first time Chrome 69 has caused controversy. The update's decision to strip the 'www' subdomain from the browser search bar led to a storm of complaints from security conscious users. In response, Google hastily reserved this change, although it still intends to kill off 'www' entirely in future updates, if Google's official developer statements are anything to go by.

If you're concerned about Google tracking and collecting (more of) your data, one solution is to toggle Chrome's Incognito Mode every time you use it. Alternatively, you could always swap to Firefox, which is reportedly faster and more user friendly.

Forget Chrome: Firefox Is The World's Best Web Browser

Do you ever feel that the web is breaking? When shopping online for a toaster, you can expect an ad for that thing to stalk you from site to site. If you have just a few web browser tabs open, your laptop battery drains rapidly. And don't get me started on those videos that automatically play when you're scrolling through a webpage.

Read more

[Via cryptographyengineering.com]


Comments

    Firefox performance is now on par with chrome, and surpasses it in many areas on all available platforms. No need to feed the machine any longer.

    Last edited 25/09/18 10:48 am

    Last month Google rolled out the 2nd Pie update without checking how it affects some Pixel XL's. Now the LH author has highlighted another.

    Maybe a future Android update will render all Android devices inoperable. This is a security issue for the world.

    In short, the web browser has begun logging users into their accounts when they access other Google services such as Gmail. This is done automatically and without the user's knowledge or consent. In 'signed-in' mode, your data gets shipped to Google’s servers instead of being stored locally and the veneer of privacy is completely removed.

    This isn't true. It logs you into "Sync", but it does not actually sync anything until the user explicitly clicks "sync".

    Google is already collecting your browsing data anonymously.

    And once the user clicks "sync", their data is uploaded, encrypted, to Google, to which they cannot access your PII.

    Thank you, Google, but I'LL decide when I log in.

    I have used sync for ages. It allows me to sync all my bookmarks across all devices.

    one solution is to toggle Chrome's Incognito Mode every time you use it.
    No. Not at all. That is blatantly false. Google still collects data in incognito mode. Incognito mode just stop sites and companies other than Google from tracking you with cookies. Its also a handy tool to bypass news site paywalls.

Join the discussion!

Trending Stories Right Now