Google Backtracks on Chrome Auto Sign-Ins

Posted on September 26, 2018 by Paul Thurrott in Cloud, Google with 15 Comments

Google has released an overly-glib public explanation for why it silently started forcing users to sign-in to Chrome. And it will now do what it should have done in the first place: Be clearer in the browser about what’s happening and provide people with a way to disable this behavior.

“We’ve heard—and appreciate—your feedback,” Google product manager Zach Koch writes in a post to the Google Chrome blog. “We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.”

Right.

Anyway, as you may recall, Google found itself in yet another privacy controversy when it silently began automatically signing-in users to Chrome when they signed-in to any Google web service. I described this action as an inexcusable and “sneaky breach of trust.” And I openly wondered whether the company would just explain why it did what it did or whether it would actually fix the problem.

Turns out they kind of did both.

“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on,” Google explains. “Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.”

The new UI, Google says, is there only to remind users that they are signed in to a specific Google account. But with so many complaining about this behavior, the firm will now include a new feature in Chrome version 70—due in mid-October—that will let users turn off auto sign-in to the browser.

Google is also updating its user interfaces to indicate whether you are syncing settings with your Google account.

All’s well that ends well? I guess so. But Google’s inability to do the right thing proactively is a problem. And I don’t find this explanation to be particularly satisfactory: The changes it will make in Chrome 70 should have been how this happened in the first place.

 

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (15)

15 responses to “Google Backtracks on Chrome Auto Sign-Ins”

  1. nicholas_kathrein

    Ah! They course corrected and that what matters. Google almost always course corrects when there users call them out on things which we all need to do. These big companies weigh benefits and cons to them as the company and you as the user and sometimes they do that wrong or are just oblivious to things normal people are worried about when they aren't. Either way they ended up doing the right thing and they came around quickly so that's good for all of us. It's when companies don't listen that really is the problem.

    • Sprtfan

      In reply to Nicholas_Kathrein:

      From my understanding it still auto logins you in? Its nice that they added the ability to go into settings and turn it off but the vast majority of people will probably not know that and not know that they were signed into Chrome after they signed into Gmail. If this is the case, its a step in the right direction but I wouldn't really call it quickly doing the right thing either. I'd call it a compromise. Let me know if I'm miss understanding how it is going to work.

  2. pachi

    Already uninstalled. They've shown what they're aiming for and what they will happily do again in the future. Easier to just use Firefox.

  3. Chris Payne

    Paul, curious if you buy their line about "“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on.” If this is true, your data is not being sent to google. Why is this any sort of breach of trust?

    • Wondering_Bard

      In reply to unkinected:

      Just because Chrome sync is off doesn't mean your data isn't sent to Google.


      This move isn't just to get sync usage up, it's to ensure you have a Google account associated with your browsing data. Google wants as much data in those google ads cookies as possible, even if you are actively avoiding signing in to the browser.

  4. red.radar

    Nuts....


    <standing with lit torch in one hand and pitch fork in another>

  5. IanYates82

    My problem with this is that it's really making Chrome an extension of your Google experience rather than being a browser made by Google.


    By that I mean their claim was to help let you know you've still got some Google cookies active giving you access to Gmail, gsuite, etc. It was supposed to be an aid.


    However, the same logic applies to anyone using Office 365, Facebook, Twitter, salesforce, etc. You've signed in to those and have active auth cookies, so why don't they get some prominence in the browser's non-client area too? Of course they all can't, so this is a partial solution to a problem that's really about how we handle session cookies and auto-login.


  6. skborders

    In my opinion, since google “users” are the product we should realize that google is trying to do what is best for their “customers”, the advertisers.

  7. NT6.1

    Huge mistake. Learn with the past. Where is Internet Explorer now?

  8. nerdile

    It sounds like people had a few problems with this change. But if you look deeper, they seem to be FUD problems, not real problems.


    1) I did not want my browsing data sent to Google. (Except this is already happening via their ad network beacons.)


    2) I did not want my Chrome settings and history synced between devices, or sent to their servers at all. (Great, they didn't change that.)


    3) I don't want to be "signed in to Chrome". What does even mean? At a technical level, the moment you sign in to a Google account within the browser, you are signed in to the browser. That is to say, you will be auto signed in to any website that supports google auth, your browsing data will be picked up by ad trackers and sent to Google under that account ID. Everything that happens from that point on within the browsing pane is in the context of that Google account.

    People who say #3 either really mean #2 (I don't want Chrome to send any more of my data to Google) or they want some arbitrary sandboxing of data within the chrome.exe process that doesn't really exist, for Chrome to pretend that you aren't really signed in somehow.


    Perhaps the reason most people disliked this change was that it serves to remind us - yes, Google knows who you are. You created an account and accepted their terms of service and signed in, now they're going to remember you.


    I do hope the checkbox for "disabling auto-login" is titled "I can't bear to see my face while I'm browsing the Internet while signed in as myself." That is what Incognito mode is for, folks. Or, *just sign out of your Google account*.

    • wright_is

      In reply to nerdile:

      Just heard from a friend. He works on an oil rig and they all share a single internet connected kiosk PC running Chrome. That means every single person signing onto GMail to check their mail is auto-logging onto Chrome (and probably isn't aware of it, because it has never done that until now).

      They also cannot delete their Google session cookies when they are finished, before the next employee starts using the PC.

      Personally I have around 50,000 lines in my host file blocking tracking sites (including most Google sites and all Facebook domains - 1,500 of them alone).

  9. locust infested orchard inc

    Quote by Google product manager, Zach Koch wrote, "We're heard – and appreciate your feedback. We deeply appreciate all of the passionate users who have engaged with us on this."


    In advance, please pardon my French. In a word, bollocks.


    The insincerity of the Google product manager is glaringly obvious, in the manner of his uncontrite, remorseless, self-serving statement.


    Google got caught with their pants down, and they find themselves having to backtrack on their surreptitious data-harvesting techniques.


    Yet another reason to never trust Google or its products.


    Quote continued by Google manager, "Chrome is a diverse, worldwide community, and we're lucky to have users who care as much as you do. Keep the feedback coming."


    The users of Chrome are as diverse as the users of the iPharce – penned in by the Mountain View and Cupertino herding dog, respectively.



  10. AllanSmithee

    Like many others, I suspect, I have now begun to use an alternate browser...in my case, "Brave" exclusively...especially their great recent beta version...I won't touch Chrome any longer, as much as I used to prefer it...

    I have also disabled Google search...I find "StartPage" search to be more than adequate...

    It's about all I now see that I can do in the face of the Google leviathan...

Leave a Reply