google chrome browser

Stephen Shankland/Flickr (CC-BY-SA)

Google now logs you into Chrome without asking

This is a questionable security practice.

Sep 24, 2018, 10:31 pm

Tech

Christina Bonnington 

Christina Bonnington

A security researcher recently made a startling discovery when it comes to Google’s Chrome browser. Normally, Chrome gives users the option of being logged in or not as they browse the web. Now, however, Chrome login is automatic—Google signs users in without their consent when they log into a service like Gmail.

The new practice was quietly included in a Chrome update that rolled out a few weeks ago and isn’t welcomed by all. Google didn’t notify users of the switch, which means that some users may be sending Google data on their browsing habits without their knowledge or consent.

“Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into—entering my Google credentials and signing into Chrome—into something I can now do with a single accidental click,” cryptographer and Johns Hopkins University professor Matthew Green wrote in a blog post titled “Why I’m done with Chrome.”

Chrome login, avatar in corner

Green outlines why this automatic login behavior is a bad idea and it boils down to two key ideas: The first is that the Google Chrome team has been unable to provide clear rationale for the change, he says. Second, it has big implications for user privacy and trust.

When questioned about the new Google Chrome login scheme, Chrome managers told Green that just because a user is logged into Chrome doesn’t mean their activities are being tracked by Google. Users need to first activate a sync feature for this to take place. Google Chrome engineering manager Adrienne Porter Felt elaborated on this publicly in a series of tweets Sunday evening.

However, Green contends that this sync consent menu was designed to be misleading so users end up sharing their data with the company. Previously, Chrome users need to enter their credentials a second time before enabling this feature; it now only takes a click.

Among other questionable security practices and trust violations a study earlier this year found that Google can collect user data while you’re in incognito mode in certain situations.

If you’re a Chrome user, you can tell whether you’re logged into Chrome or not by whether your account avatar is present in the upper right as you browse. By tapping the three-dot icon next to your account image, you can also sign out of your Chrome account.

READ MORE:

H/T Business Insider

Share this article
*First Published: Sep 24, 2018, 10:31 pm