If you are one of the millions who use Google’s Chrome browser, you’re probably noticing some subtle (and not-so-subtle) changes to your browsing experience.
In case you haven’t noticed yet, to celebrate its 10th anniversary, Google recently updated its popular Chrome browser with version 69.
Chrome 69 comes with a revamped user interface including rounded tabs, a brand new menu bar and other subtle cosmetic changes based on the Material Design 2 aesthetic.
This update brings with it an overhauled password and autofill management system and a variety of under-the-hood tweaks that aim to improve security and speed up the browsing experience.
However, security researchers are criticizing Google’s decision to hide the “www” and “m” subdomains from Chrome’s address by default. Click here to learn how to undo this change.
But as it turns out, this is not the only change that has privacy and security-minded Chrome users up in arms. Read on and I’ll tell you about this little detail that Google sneaked in with Chrome 69 that may be violating your privacy.
Forced Chrome logins
Do you always keep your Google services and your Chrome browsing activity separate? For example, there may be times when you want to check your Gmail account without necessarily logging in to the Chrome browser itself. It’s all up to you.
This distinction is important for people who don’t want their personal Chrome browser data sent to Google’s servers without their permission. In the past, if you don’t log in to Chrome with a Google account, your browsing activity is only stored locally on the machine you are using.
Fun Fact: Google was founded on Sept. 4, 1998.
Well, it looks like this policy has changed in Chrome 69. Now, each time you sign in and use a Google service like Gmail, Maps or YouTube, your Google account will be automatically logged in to the Chrome browser you’re using, too.
Privacy advocates are crying foul since this “forced login” can fool unsuspecting Chrome users into handing their personal browsing data without realizing it.
In a blog post, Mathew Green, a cryptography professor at John Hopkins University, explained this subtle change has “serious implications for privacy and trust.”
“From now on, every time you log into a Google property (for example, Gmail),” Chrome will automatically sign the browser into your Google account for you,” Green warned. “It’ll do this without asking, or even explicitly notifying you. ”
In Chrome 69, the only indicator that you’re logged in is that your Google profile picture is displayed on the upper-right hand corner of the browser. For Green, it’s a worrying change since this could mean that Chrome is automatically enabling Google’s “Sync” feature without a user’s permission.
In case you didn’t know, Google Sync is a feature that automatically uploads your browser activity, bookmarks, passwords, and other data to Google’s servers so you can access them across multiple computers and gadgets. It’s convenient, for sure, but some users opt not to turn it on at all due to privacy concerns.
“Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data,” Green wrote in his blog post.
To address these concerns, Chrome engineers clarified that this change was designed simply to inform users that they were logged into the browser and it doesn’t in any way enable Google Sync automatically.
In a Twitter thread, Chrome engineer Adrienne Porter Felt explained that the new feature does not mean that Chrome is automatically sending your browsing history to Google and “Sync is not turned on unless you later turn it on.”
Felt also wrote that the Chrome development team made this change to “prevent surprises in a shared device scenario” where people would sometimes sign out of a Google “content area” without realizing that they’re still logged in to Chrome.
“The new UI clearly reminds you whenever you’re logged in to a Google account. Plus, you now only need to sign out in one place before you share your computer with someone else,” Felt explained.
She also made it clear that activating Sync still requires an additional manual step after signing in to Chrome. Merely signing in to Chrome does not automatically enable it.
It’s a question of trust
Hmm, from a usability perspective, this new change does make sense; critics of this tweak are saying that it should have been communicated more clearly to Chrome users.
With the recent controversy surrounding Google’s location tracking policy, these kinds of undisclosed changes can erode user trust in Google. As Green warned in his blog, “trust is not a renewable resource.”
Through the years, Google has always done a great job gaining user trust but is this changing? The question now becomes, “Do we trust Google?” Listen to the free Consumer Tech Update podcast below to find out.
How to disable forced Chrome logins
If you don’t want this Chrome 69 auto-login change, you’ll be glad to know that there is still a way around it.
Here’s how you disable it:
1. Open your Chrome browser then copy and paste this on your address bar:
2. Press Enter.
3. Your Chrome browser will now show a page displaying the “Identity consistency between browser and cookie jar” setting.
4. On its drop-down box, change its setting to “Disabled.”
5. Chrome will prompt you to relaunch the browser for the change to take effect. Click on the “Relaunch Now” button to restart Chrome for the changes to take effect.