Techcrunch: “Google has responded to blowback about a privacy hostile change it made this week, which removes user agency by automating Chrome browser sign-ins, by rowing back slightly — saying it will give users the ability to disable this linking of web-based sign-in with browser-based sign-in in a forthcoming update (Chrome 70), due mid next month. The update to Chrome 69 means users are automatically logged into the browser when they are signed into another Google service, giving them no option to keep these digital identities separate. Now Google is saying there will be an option to prevent it pinning your Chrome browsing to your Google account — but you’ll have to wait about a month to get it. And of course for the millions of web users who never touch default settings being automatically signed into Google’s browser when they are using another Google service like Gmail or YouTube will be the new normal. Matthew Green, a cryptography professor at Johns Hopkins, flagged the change in a critical blog post at the weekend — entitled Why I’m done with Chrome — arguing that the new “forced login” feature blurs the previously strong barrier between “never logged in” and “signed in”, and thus erodes user trust. Prior to the Chrome 69 update, users had to actively opt in to linking their web-based and browser-based IDs. But Google’s change flips that switch — making the default setting hostile to privacy by folding a Chrome user’s browsing activity into their Google identity. In its blog post Google claims that being signed in to Chrome does not mean Chrome sync gets turned on. So it’s basically saying that despite it auto-linking your Chrome browsing and (Google) web-based activity it’s not automatically copying your browsing data to its own servers, where it would then be able to derive all sorts of fresh linked intel about you for its ad-targeting purposes. “Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync,” writes Chrome product manager Zach Koch.
But in his blog post, Green is also highly critical of Google’s UI around Chrome sync — dubbing it a dark pattern, and pointing out that it’s now all too easy for a user to accidentally send Google a massive personal data dump — because, in a fell swoop, the company “has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click”.“The fact of the matter is that I’d never even heard of Chrome’s “sync” option — for the simple reason that up until September 2018, I had never logged into Chrome. Now I’m forced to learn these new terms, and hope that the Chrome team keeps promises to keep all of my data local as the barriers between “signed in” and “not signed in” are gradually eroded away,” Green also wrote. Hence his decision to dump Chrome. (Other browsers are certainly available, though Chrome accounts for by far the biggest chunk of global browser usage.)