Google appears to be having a hard time with the concept of consent lately. Last week, the company remotely changed the battery settings on Android Pie devices without bothering to inform their owners. Now it has begun automatically logging users into Chrome sans their consent – which can lead to all your personal data getting shipped to Google’s servers.
This latest privacy bombshell comes via cryptography expert Matthew Green who shared the discovery on his blog. Titled ‘Why I’m Leaving Chrome’, the post details changes Google has made to Chrome’s login requirements in the latest software update, Chrome 69.
In short, the web browser has begun logging users into their accounts when they access other Google services such as Gmail. This is done automatically and without the user’s knowledge or consent. In ‘signed-in’ mode, your data gets shipped to Google’s servers instead of being stored locally and the veneer of privacy is completely removed.
As Green notes, this change could lead to people unwittingly turning over their browsing history to Google. According to Chrome developers Green spoke to, users still need to activate the “sync” feature before data transfers can occur. But this did little to dispel Green’s privacy concerns.
“Now that I’m forced to log into Chrome, I’m faced with a brand new menu I’ve never seen before,” Green explained in his post. “It looks like this:
“Does that big blue button indicate that I’m already synchronizing my data to Google? That’s scary! Wait, maybe it’s an invitation to synchronize! If so, what happens to my data if I click it by accident? (I won’t give the answer away, you should go find out. Just make sure you don’t accidentally upload all your data in the process. It can happen quickly.)”
Previously, Chrome users had to enter their Google credentials and manually sign into Chrome if they wanted to turn over their browsing history to Google. Following this update, the process can be achieved with a single click that is easy to do by accident.
“This is a dark pattern,” Green concludes. “Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data.”
This isn’t the first time Chrome 69 has caused controversy. The update’s decision to strip the ‘www’ subdomain from the browser search bar led to a storm of complaints from security conscious users. In response, Google hastily reserved this change, although it still intends to kill off ‘www’ entirely in future updates, if Google’s official developer statements are anything to go by.
If you’re concerned about Google tracking and collecting (more of) your data, one solution is to toggle Chrome’s Incognito Mode every time you use it. Alternatively, you could always swap to Firefox, which is reportedly faster and more user friendly.
Do you ever feel that the web is breaking? When shopping online for a toaster, you can expect an ad for that thing to stalk you from site to site. If you have just a few web browser tabs open, your laptop battery drains rapidly. And don't get me started on those videos that automatically play when you're scrolling through a webpage.Read more