This blog is mainly reserved for cryptography, and I try to avoid filling it with random 
“someone is wrong on the Internet” posts. After all, that’s what Twitter is for! But from time to time something bothers me enough that I have to make an exception. Today I wanted to write specifically about Google Chrome, how much I’ve loved it in the past, and why — due to Chrome’s new user-unfriendly forced login policy — I won’t be using it going forward.
A brief history of Chrome
When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. Worse, Microsoft was making noises about getting into the search business. This posed an existential threat to Google’s internet properties.
In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.
For many years this is exactly how things played out. Sure, Google offered an optional “sign in” feature for Chrome, which presumably vacuumed up your browsing data and shipped it off to Google, but that was an option. An option you could easily ignore. If you didn’t take advantage of this option, Google’s privacy policy was clear: your data would stay on your computer where it belonged.
What changed?
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet. See further below.)
Your sole warning — in the event that you’re looking for it — is that your Google profile picture will appear in the upper-right hand corner of the browser window. I noticed mine the other day:
The change hasn’t gone entirely unnoticed: it received some vigorous discussion on sites like Hacker News. But the mainstream tech press seems to have ignored it completely. This is unfortunate — and I hope it changes — because this update has huge implications for Google and the future of Chrome.
In the rest of this post, I’m going to talk about why this matters. From my perspective, this comes down to basically four points:
- Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.
- This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.
- The change makes a hash out of Google’s own privacy policies for Chrome.
- Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly.
I warn you that this will get a bit ranty. Please read on anyway.
Google’s stated rationale makes no sense
The new feature that triggers this auto-login behavior is called “Identity consistency between browser and cookie jar” (HN). After conversations with two separate Chrome developers on Twitter (who will remain nameless — mostly because I don’t want them to hate me), I was given the following rationale for the change:
To paraphrase this explanation: if you’re in a situation where you’ve already signed into Chrome and your friend shares your computer, then you can wind up accidentally having your friend’s Google cookies get uploaded into your account. This seems bad, and sure, we want to avoid that.
But note something critical about this scenario. In order for this problem to apply to you, you already have to be signed into Chrome. There is absolutely nothing in this problem description that seems to affect users who chose not to sign into the browser in the first place.
So if signed-in users are your problem, why would you make a change that forces unsigned–in users to become signed-in? I could waste a lot more ink wondering about the mismatch between the stated “problem” and the “fix”, but I won’t bother: because nobody on the public-facing side of the Chrome team has been able to offer an explanation that squares this circle.
And this matters, because “sync” or not…
The change has serious implications for privacy and trust
The Chrome team has offered a single defense of the change. They point out that just because your browser is “signed in” does not mean it’s uploading your data to Google’s servers. Specifically:
While Chrome will now log into your Google account without your consent (following a Gmail login), Chrome will not activate the “sync” feature that sends your data to Google. That requires an additional consent step. So in theory your data should remain local.
This is my paraphrase. But I think it’s fair to characterize the general stance of the Chrome developers I spoke with as: without this “sync” feature, there’s nothing wrong with the change they’ve made, and everything is just fine.
This is nuts, for several reasons.
User consent matters. For ten years I’ve been asked a single question by the Chrome browser: “Do you want to log in with your Google account?” And for ten years I’ve said no thanks. Chrome still asks me that question — it’s just that now it doesn’t honor my decision.
The Chrome developers want me to believe that this is fine, since (phew!) I’m still protected by one additional consent guardrail. The problem here is obvious:
If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me? What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?
The fact of the matter is that I’d never even heard of Chrome’s “sync” option — for the simple reason that up until September 2018, I had never logged into Chrome. Now I’m forced to learn these new terms, and hope that the Chrome team keeps promises to keep all of my data local as the barriers between “signed in” and “not signed in” are gradually eroded away.
The Chrome sync UI is a dark pattern. Now that I’m forced to log into Chrome, I’m faced with a brand new menu I’ve never seen before. It looks like this:
Does that big blue button indicate that I’m already synchronizing my data to Google? That’s scary! Wait, maybe it’s an invitation to synchronize! If so, what happens to my data if I click it by accident? (I won’t give it the answer away, you should go find out. Just make sure you don’t accidentally upload all your data in the process. It can happen quickly.)
In short, Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click. This is a dark pattern. Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data.
Don’t take my word for it. It even gives (former) Google people the creeps.
Big brother doesn’t need to actually watch you. We tell things to our web browsers that we wouldn’t tell our best friends. We do this with some vague understanding that yes, the Internet spies on us. But we also believe that this spying is weak and probabilistic. It’s not like someone’s standing over our shoulder checking our driver’s license with each click.
What happens if you take that belief away? There are numerous studies indicating that even the perception of surveillance can significantly greatly magnify the degree of self-censorship users force on themselves. Will user feel comfortable browsing for information on sensitive mental health conditions — if their real name and picture are always loaded into the corner of their browser? The Chrome development team says “yes”. I think they’re wrong.
For all we know, the new approach has privacy implications even if sync is off. The Chrome developers claim that with “sync” off, a Chrome has no privacy implications. This might be true. But when pressed on the actual details, nobody seems quite sure.
For example, if I have my browser logged out, then I log in and turn on “sync”, does all my past (logged-out) data get pushed to Google? What happens if I’m forced to be logged in, and then subsequently turn on “sync”? Nobody can quite tell me if the data uploaded in these conditions is the same. These differences could really matter.
The changes make hash of the Chrome privacy policy
The Chrome privacy policy is a remarkably simple document. Unlike most privacy policies, it was clearly written as a promise to Chrome’s users — rather than as the usual lawyer CYA. Functionally, it describes two browsing modes: “Basic browser mode” and “signed-in mode”. These modes have very different properties. Read for yourself:
In “basic browser mode”, your data is stored locally. In “signed-in” mode, your data gets shipped to Google’s servers. This is easy to understand. If you want privacy, don’t sign in. But what happens if your browser decides to switch you from one mode to the other, all on its own?
Technically, the privacy policy is still accurate. If you’re in basic browsing mode, your data is still stored locally. The problem is that you no longer get to decide which mode you’re in. This makes a mockery out of whatever intentions the original drafters had. Maybe Google will update the document to reflect the new “sync” distinction that the Chrome developers have shared with me. We’ll see.
Update: After I tweeted about my concerns, I received a DM on Sunday from two different Chrome developers, each telling me the good news: Google is updating their privacy policy to reflect the new operation of Chrome. I think that’s, um, good news. But I also can’t help but note that updating a privacy policy on a weekend is an awful lot of trouble to go to for a change that… apparently doesn’t even solve a problem for signed-out users.
Trust is not a renewable resource
For a company that sustains itself by collecting massive amounts of user data, Google has managed to avoid the negative privacy connotations we associate with, say, Facebook. This isn’t because Google collects less data, it’s just that Google has consistently been more circumspect and responsible with it.
Where Facebook will routinely change privacy settings and apologize later, Google has upheld clear privacy policies that it doesn’t routinely change. Sure, when it collects, it collects gobs of data, but in the cases where Google explicitly makes user security and privacy promises — it tends to keep them. This seems to be changing.
Google’s reputation is hard-earned, and it can be easily lost. Changes like this burn a lot of trust with users. If the change is solving an absolutely critical problem for users , then maybe a loss of trust is worth it. I wish Google could convince me that was the case.
Conclusion
This post has gone on more than long enough, but before I finish I want to address two common counterarguments I’ve heard from people I generally respect in this area.
One argument is that Google already spies on you via cookies and its pervasive advertising network and partnerships, so what’s the big deal if they force your browser into a logged-in state? One individual I respect described the Chrome change as “making you wear two name tags instead of one”. I think this objection is silly both on moral grounds — just because you’re violating my privacy doesn’t make it ok to add a massive new violation — but also because it’s objectively silly. Google has spent millions of dollars adding additional tracking features to both Chrome and Android. They aren’t doing this for fun; they’re doing this because it clearly produces data they want.
The other counterargument (if you want to call it that) goes like this: I’m a n00b for using Google products at all, and of course they were always going to do this. The extreme version holds that I ought to be using lynx+Tor and DJB’s custom search engine, and if I’m not I pretty much deserve what’s coming to me.
I reject this argument. I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy. For ten years I believe Google Chrome did just this.
Why they’ve decided to change, I don’t know. It makes me sad.
A Few Thoughts on Cryptographic Engineering 
It might be possible to test to see if pre-sync data gets uploaded, by downloading Google’s ledger of your user activity before and after you sync. I’ve always been curious about what Google has on me, but didn’t feel like parsing a gigabyte file…
Why not stop using Google altogether instead? It’s not just Chrome, it’s all of this Google spying. It was a lot of work, tbh, but I’ve left Google completely:
• Google Search -> Duckduckgo, Startpage, Searx
• Gmail ->Tutanota
• Google Maps → Openstreetmap
• Youtube -> Bitchute, peerTube, LBRY, Newpipe(android)
• Google Calendar -> Lightning Calendar, Nextcloud
• Google+/Facebook → Minds, Diaspora, Mastodon
• Google Photos -> Cryptee
• Chrome → Brave, Tor, Firefox
• Play Store → F-Droid, Aurora
• Google Drive → Nextcloud, Syncthing
• Android OS/ iOS → LineageOS, PureOS (soon)
Great stuff. Many of these have great UX to match! Though Bichute looks like a breeding ground for white nationalist folk unfortunately 😦
thanks so much for this list. I’ ll check it out. I would like to add for Gmail alternative: , based in Switzerland, in Swiss cloud, so out of reach of the loose US and Chinese privacy regulations.
For some reason the name of the email program I mentioned dropped out of my line: I would like to add for Gmail alternative: Protonmail, based in Switzerland, in Swiss cloud, so out of reach of the loose US and Chinese privacy regulations.
Love this, specially suggestions for Facebook replacements. Is anybody here using them and would like to share their review?
I’m sorry, but what makes you so sure that the services you listed here ain’t doing the same thing Google does; collecting your data, pinpointing your exact location, and other stuff people are so pissed about? Maybe I’m missing something here…
Igor,
Wow, it’s like you didn’t read anything here at all. The problem isn’t necessarily the data collection, it’s inability of people to make an informed decision.
This is actually amazing news for chromium-based browsers out there, such as Yandex browser.
This change is being synced to all chromium browsers. You are not safe on a chromium fork
How so? Every company maintaining its own codebase chooses which changes to pull from the upstream and when. Even Node doesn’t blindly include V8 as a submodule (although very technically this could work most of the time).
Check out any of the more involved chromium-based browsers, you’ll be amazed how different they are in terms of features, UX, everything.
For now at least, there is an option in chrome://flags named “Identity consistency between browser and cookie jar”. It can be disabled, so any chromium-based browser can disable that by default.
really ? My chromium browser isn’t doing this …….. (for now atleast)
Right, so instead of sending data to Google we are to trust that it won’t be sent to the Russian government … Sounds like a win to me!
In all seriousness though, why would anyone care?
US companies can practically shut down your online presence | business | job opportunities, since most everything is US-based — Google, YouTube, FB, Amazon, Steam, LinkedIn, you name it.
What existential threat is the Russian govt to anyone not living in Russia? Honestly I don’t mind Yandex tracking my porn habits. (Until they get acquired by Google, and then I suddenly care a whole lot.)
Sundar Pichai had a different set of values than Sergey and Larry, they’re even working with china now. People are starting to notice this radical change and will take action soon. I moved all my email accounts in Protonmail, use Firefox or TorBrowser and use Duckduckgo for searches.
Don’t use Firefox! They are in league with the globalists. The first clue was when they chased off Brendan Eich for supporting traditional marriage. Then they worked with Gates and the Clinton Foundation on the Open Badges project for Common Core/Fed Ed (look it up). Then they came out in support of DACA.
Use Opera and Vivaldi instead. Tor is great for anonymity, but is rather slow if planned to be used like a regular browser. Plus, being used from the Firefox, albeit open source so not, hopefully, corrupted, it also tends to hog memory like Firefox does.
What a way to spin it — “supporting traditional marriage.” Prop 8 was about depriving others of their rights, not supporting the rights of people who prefer traditional marriage.
What you’ve mentioned has nothing to do with privacy and security but everything to do with your political views.
Unless you’re as far-right as this fellow, by all means — use Firefox.
This seems like Google’s workaround to ITP 2.0. In near future they will implement it in Chrome to compete with Safari and Firebox but still get to bypass it because user is still logged in.
sounds about right. similar to how Google+ was just a way to aggregate demo info to enable better ad targeting to compete with facebook.
Forget Chrome/Chromium. Brave browser is where it’s at.
Uhm, Brave is a Chromium browser.
Still, their emphasis is on privacy, so I’m sure it’s safe to assume this feature won’t migrate to them. I just wish the product would mature a little faster, so I can switch. I have many issues with Chrome.
I wish I cared about privacy as much as you do these days. I just want my life to be easy.
In there goes the problem. They are banking on folks’ laziness.
TYPICAL slave mentality , I guess you’d rather be bent over and pegged if it means making YOUR life “Easier”.
Those who trade freedom/responsibility for security/”easy” , deserve and will get neither.
You’ll be the first eliminated when the totalitarians take over.
Even if they don’t, the SJW mob will find a way to destroy you.
Something for you to consider is the following. What price your personal comfort? There is, you might have noticed, a price for most verything.
To be completely paranoid you should be aware that while you use Yandex browser, your data is transferring to soviet russia. In meanwhile, Chrome is sending your data to Google, doesn’t matter sync is active or not, do you like it or not.
But it’s cool that you note this change.
I understand being paranoid about Russia, but they haven’t been a Soviet anything for almost 30 years.
Oh, it is most soviet than ever. Just try to live in Romania these days and you’ll feel it on your skin.
This comment was written using Mozilla Firefox.
1. Get rid of the inconvenient “Dont’t be evil”
2. see above
3. PROFIT!!!
Use “Ungoogled Chromium” instead – it’s Chromium, but with none of Google or their tentacles in it.
That’s actually not true. If you install the latest bare Chromium, you’ll see that it has the same auto-login just as Google Chrome.
“Ungoogled Chromium” is not the same as “Chromium”.
Oh, so this is an extra thing? Didn’t know that. Then forgive my ignorance please.
I wonder how this is going to work for me when I have three different Gmail accounts logged in on the same Chrome browser.
For average Chrome user won’t know (or care) to do this but for those that do care, this feature can be disabled using the following flag:
chrome://flags/#account-consistency
Google has stated that no configuration flags are guaranteed to stay. So that might be deprecated without warning.
The whole point of using Google Chrome is to have all things at your disposal. You open chrome, there you go-your mail. Wanna make a quick document and print it out? No problem, you have your Cloud and documents to do shit faster. It’s all about accessibility. I just dont understand what would be the reason for you to use chrome if you don’t need that. It’s literally the purpose of this browser
The purpose of this browser is, citing its download page, to “browse fast”.
Igor,
Wow, it’s like you didn’t read anything here at all. The problem isn’t necessarily the data collection, it’s inability of people to make an informed decision.
Whoops, that comment is in the wrong place. Regarding the “point of Google Chrome” and responses saying “it’s a fast browser” – why not use a browser based on the same code w/o the google integration for those who have no plan at all to use the browser integration?
I use the browser integration myself, but mainly because I wanted to share data across my devices and didn’t want to manage multiple pieces of interacting software to do it. Now that I’m doing that anyway with my keepass database, it may be time to move to a chromium based browser and sync shared data outside of the browser (and google).
I switched from Firefox to Chrome because it was a better browser, not because I was anxious to share all my data with Google.
That said, I do use the Chrome login to sync my data. But people should have the option not to. It’s an elementary principal of privacy.
Thanks for all the work you put into this…I too distrust all things Google.
I have to come down on the “other counterargument” side of this: That yes, Google was always going to do this, and that no, they aren’t just going to make nice open-source things and then not use them to harvest grist for the spy mill. They’re an ad company. This is what they do. The more they know about who you are and every detail of your life, the more they can sell their ad space for. They have a direct financial incentive to disrespect your privacy. People and companies respond to incentives, especially financial ones.
Many times I found my address saved in google chrome even though I always skip or ignore the dialog chrome popups that asks me about saving my address.
Exactly, I log into chrome because I’m bought into their ecosystem and I like convenience, even when I use Firefox I use their sync feature because I like everything to be the same no matter what device I’m on.
In 2018 privacy is kinda dead as everyone wants their devices to know you and that means giving up information about you like it or not.
Just because this is the state of the art, doesn’t make it desirable nor unavoidable.
You make it sound like there’s no choice for browsers but to ignore users’ consent.
However this is a 100% intentional design decision, so I’m with Matt here. “I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy.”
Privacy is not dead, but those who care need to do extra work, and maybe change habits, to gain some protection.
Not a Chrome user but doesn’t this sound like Google wants to turn their browser into a portal, by taking these “baby steps”? The new AOL, for example, as it signs you into all their services.
It may also help accustom new (non-savvy) users to ChromeOS devices, in general. Step one in a series of steps against other companies (MS, Amazon, Apple…) already doing similar.
I stopped using the Google Chrome browser because of the constant internet connections. I use an app called Network Connections by Anti Spy Mobile to see what was hogging my connections and it was Chrome. I disabled the the built in Chrome browser and my battery life has doubled. When checking the battery consumption, Chrome didn’t appear to be using much, but disabling it has stopped all those connections…thus increasing my battery life.
They’ve been forcing the account chooser on everyone for a long time, regardless of browser used, which for me is the same thing as this new issue. Previously there was one last way you could opt out of account chooser by visiting an “opt out” cookie, but that no longer works.
The account chooser doesn’t properly sign you out when clicking “sign out”, it keeps your name and email address on display unless you… 1: click ‘remove account, 2. click ‘X’ against the account to remove, 3. Click “yes” when the dialog asks you if you really want to [actually sign out properly].
It’s a joke, and just another example of Google being Google. They are so arrogant they think they can redefine the meaning of “signing out”. Our browsers already have the function to remember logins in form fields if we choose to, but Google wants to take over that control because they don’t want anyone truly signing out, ever. Their long term agenda is mandatory and limited control, and forced sign in. Get ready to be disqualified from using their services such as maps, or watching youtube unless signed in, even on the web. That’s where it’s headed. AKA Facebook, Pinterest etc.
“I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy. For ten years I believe Google Chrome did just this.”
For ten years you were wrong.
I know at my office we have this problem all the time. A user will login to their home gmail and connect the browser so hangout which we use through out the company gets connected to that email. Then they can’t figure out how to connect the browser and Hangouts to their work email which is logged in but now not syncing. I explain user profiles and how to set them up but people don’t get it.
Like a few commentators, I love the convenience of having access to all Google apps and services when I’m logged in. But if there’s something I don’t want associated with my account, I use the Incognito mode, often combined with a VPN. Would Google (or my ISP) still be able to track my activity? It seems relatively effortless …
I had no idea you could log into just one Google service. I always presumed that if I logged into one, all the others that I happen to browse by in the same browser would know who I was. I always presumed to be logged out of any of them, you had to be completely logged out of Google. Guess I used to be wrong, but now I’m right?
Honestly it was always super confusing that there was a difference between the Google account used to sign in to Google web sites and the Google account used to sign in to the browser. Most people would not understand and certainly not make use of the fact that you could use two different accounts. I’m glad they simplified this. If you are one of the few who use Google services but for some reason don’t want to sign in to the browser, use something else. You’re a tiny minority. Let everyone else benefit from this improvment.
I agree with much of the rhetoric above.
giving away everything by default is a really poor status quo we find ourselves in. Look at windows 10. The entire playing field is like this now. everything is fine-print, and you have to manually go in and shut it all down. I must say google are the worst currently for hiding all the stuff you’ve unwittingly opted into. We need to revolt via voting with our feet. Youtube in particular has become a steaming pile-of-shit, and the way it pushes you into the worst videos is abhorrent. Its like pick your path once with your first search and it will channel you into an extremist in whatever initial choice you make.
They showed that they would readily ignore the needs of the user before, when they removed the directly accessible menu bar in favour of that three-line-mobile-phone-extra-clicks-needed-crap.
I don’t believe Dragonfly is just for China. I think its for everyone! Google said they don’t read our mail but now we know they let others read it. Google said you can turn off location tracking in Android but now we know they collect location info whether or not you turn on tracking. Am I really ever signed out of Chrome? Probably not. As all settings are controlled by Google they can say one thing and do anything else they want and we’d never really know. Just because a software switch says something doesn’t really mean it does that. Over the past few years, based solely on the advertising I see, Google knows it’s me when I browse wether or not I’m signed in.
They already have all your data, just signing the browser in isn’t going to give them anything more. They already have it and have had it since day 1. We are just assuming they have been “true to their promise”. I’m sure they violate harder than anyone else. I definitely don’t trust that stuff is “local”. They didn’t say it is “strictly local”. So they aren’t violating their promise while probably having it all haha.
Still better than Firefox installing adware without permission.
yeah but nowadays no browser seems good and trusted 😦 ffx , chrome are both crap
Lynx 😀
So what are other options ?
Pale Moon — palemoon.org.
There is only one way to be assured to our privacy and I’m pretty sure most of us won’t do it, including me; that is to stay off of Google, Chrome, and browsers period.
Next, these browsers belong to the provider; therefore, they have the right to do what they want.
It was said by one commenting that he ” just wanted easy”, and most of us seem to want that too.
Use Firefox or Safari. No need to tar all browsers with the Chrome brush.
Safari is with Apple. They are bad too.
Firefox, owned by Mozilla, has gone to the Dark Side too. (See my post above)
This is such a non-issue that it’s not even funny. It’s remarkably helpful to be able to have it sign in to the browser. If there is something super private that I don’t want Google to know about, I’ll fire up my VPN and use incognito or another browser. For day to day use, this is just helpful.
But isn’t the sync data encrypted end-to-end? In its present form, the article may deceive readers into thinking that Google has access to all their passwords and authentication cookies, when in fact this isn’t the case.
I also have never signed into the Chrome browser in my life… my surprise after reading this article to find that I was signed in… and it had auto enabled sync and had sent off a bunch of my data to Google. =/
Thanks for the reference to turn it off in flags, hopefully that sticks around. Going to have to watch on other devices.
While I truly respect the author’s opinion and don’t disagree…I just don’t care. 20 years ago I might have cared a lot, but eight years into retirement from the tech industry and i really don’t care.
I use and love many Google apps, I’ve used Gmail since the first month it was in beta and you couldn’t pry it off my devices. I’ve lived through my Microsoft years, 14 years with Apple and iPhones, and now my digital world has been condensed to a Pixelbook and Galaxy S9+, and I’ve never been happier. I love all things Material Design, Google Play Music, YouTube and all the other Google apps that simplify and better my life.
(Oh…and Google Assistant is twice as smart as Siri and Cortana combined.)
Why on Earth should I care what what Google does? In my case I shouldn’t…and I don’t.
Good boy!
Just a new clickbait article about Google and privacy (we know Google is doing everything it can to have our private informations we don’t need to see a new article every week that talk about it)
Well tried with the beginning of the article <>
just go on Twitter maybe it’s better like that
Google doesn’t even honor their official policy for how to turn off updates, even past unchecking Keep Chrome Up To Date. The procedure they document for how to “actually” disable updates… gets bypassed by them anyways.
If pushed for why, they just say, You should be using the most up to date browser, citizen!
But seriously, without the citizen part, it’s what they say. Search for it, I wish I was making it up. 😦
This horse is dead, Jim. Long live firefox, till microsoft buys them.
new Microsoft EdgeFX.
You read it here first.
Im ready any way I cant stay here 10 am embajada thats right
Get a Mac.
It would be helpful if you told us what browser you are leaving Chrome for. I always have four separate browsers running: Chrome, Chrome Canary, Vivaldi and Safari. I always use Safari to access Google services (not that I want to, but my employer is on Gmail), as we can rule out data collusion between Apple and Google. My instance of Chrome is set to full paranoia mode: no cookies allowed unless whitelisted, etc. That’s apparently sufficient to block Google sync.
On iOS, I have Safari, Chrome (for Facebook only, again, little risk of data collusion between FB and Google) and Opera. I never use Google services on Mobile other than through IMAP or CalDAV. And of course I use a gauntlet of content blockers with Safari.
It’s far from a perfect solution as Google uses every trick in the book to track you, from exploiting browser security bugs to abusing TLS resumption tickets.
Wahoo! Less places to sign in, works for me. Much more efficient, this is great news!
This seems to me to be more an argument against using Gmail than Chrome.
Let me tell you something even more interesting. Google Podcast doesn’t work when you turn off “Web & App Activity” tracking from your google account. Google is essentially asking you to be tracked if you want to use one of their apps.
And this is why I use Firefox.
Remember all of GAFA is building tools for the next billion. (i.e) China/India/Indonesia/{Africa}. There you have this very issue – people sharing one computer with one another. Same with AMP. HN is prominently Europe/US is missing this.
I get your point but still tend to side with the noob counterargument. Anything I want to keep seriously private will have no place on a computer with any kind of web connection. For the rest I acknowledge that privacy is just an illusion.
Come on seriously who cares. I could care less what info is being sent to Google. When is the last time you paid Google for the services or products you use. Get the tinfoil hats out already
All true. Right now I’m staying with Google because of the integration and ease – which of course, means they own me. Right now, that trade off is okay. (And I got Gmail by invite in beta, as I think Chrome, have a Google Nexus 6P, and Project Fi for service, etc.. So it’s entrenched)
But without really realizing why until now a problem has come up recently twice for me and only hinted at in this article and it’s a result of this change. Twice I’ve had to login to someone else’s personal laptop to reconstruct my search history to help solve a problem or rely on Google’s password minder. I logged out with do not remember me on this computer, but apparently not completely from what I just read. Both times the laptop owners were non- techies and complained I caused them to lose all their bookmarks etc. They didn’t complain until after going through bizarre, super Rube Goldberg means of rebuilding their bookmarks. One even said I put my picture on her desktop which I finally realized was the new photo user icon. I was confused because Google didn’t behave the way I expected and I left them unknowingly in a bad spit because of their lack of familiarity
Iguess they don’t understand user profiles and I was wrong to not see the trouble it can cause by assuming people recognize when they are logged in. Now I think I know what went wrong and feel vindicated that I wasn’t being careless and alert to prevent it next time.
Can sync be remotely triggered for lawful purposes?
If you can’t trust Google with you search history, credit card details,Chrome setting etc… Then you shouldn’t even use Gmail, Google Photos, Google Docs, Google Drive or any of their products or cloud services.
The best part about sync is that I can use any computer or even if I get a new computer, when I sign into Chrome, it will fire up exactly as I left it. My bookmarks, history, theme, and all my add ons are there.
Unless I’m wrong, Google cannot supply your search history to banks, insurance companies or even to law enforcement without a warrant.
I’m pretty sure that your internet service provider has a record of every site you’ve ever visited via their service anyway. So why aren’t you just as worried about them?
I should be able to choose what data goes through Google when Inuse their email, Docs, Drive and other products – and what does not. I used to be able to do that. The whole article above shows how Google is making it hard for me to choose to make that distinction and hard even to know what’s happening with my data. Hardly an example of informed consent.
ISPs can see domains, but not the content where protected by HTTPS/SSL. All these groups being given access to some different portions of my data doesn’t imply that any one of them should be able to see everything.
Google is being less than transparent about a change that has real effects on user privacy and consent. That’s something they should be criticised for a *even if* the change is not necessarily for the worse (and in this case it definitely is), they should *still* be open, honest, and consistent in their communications about it.
Are ISPs not able to do packet inspection on SSL connections? Pretty sure they do/can.
Yes absolutely true! I’m appalled at how many people accept this without protest. Perhaps this is what inspired Google to do the Chrome default boondoggle. I’ve known for years Google has harvested my data to ” serve me better with advertising results directed to me” . As a rule of thumb I only use Google products for commercially oriented things and do everything else elsewhere. Perhaps the most frustrating thing is to abandon Google on mobile- good bye Andriod , you have become even more mendacious and grasping than Amazon!
@Ralph B said “I should be able to choose what data goes through Google when Inuse their email, Docs, Drive and other products – and what does not.”
You can, by not using the free service you agreed to use when you agreed to their TOS. Ive been using sync for years and don’t see the issue. For me “Big Brother” applies to government. As long as Google isn’t working with the government then I don’t have an issue with them trying to sell me stuff.
Excellent comment. I’d rather have Chrome sign me in automatically, makes my user experience a lot better than any other platform can offer. Isn’t it all about the “ecosystem”? At any rate, I’m in favor of what Google is doing; sounds like you need to use another email client.
So just because you like the functionality, everyone else should like it too? The moral of the story is that the choice has been taken away from the people who don’t like the implications. You like it, you accept the consequences. Someone else may not like it but they now get the consequences shoved up their rear ends, without the pants being removed first at that too.
Fantastic that you want to bend over for Google. I am sure you love Facebook too.
@Dino Rodriguez There are always useful idiots. Big companies and governments rely on sheeple like you to get away with crap like this!
Privacy should always be the default. If one wants to share ones life with Google and trust that their ones deepest personal information in Google’s hands, then that should be ones own choice, not Google’s.
> Unless I’m wrong, Google cannot supply your search history to banks, insurance companies or even to law enforcement without a warrant.
Yes, you are.
> I’m pretty sure that your internet service provider has a record of every site you’ve ever visited via their service anyway. So why aren’t you just as worried about them?
I use a cheapass VPN.
I completely respect the ease of use you find from using Google products and I do think that if you think giving out your data is a good method of payment then you should do it. But please do not downplay privacy violations as something you’ll suffer anyway so you might as well get something from it. That’s just a copout.
How am I wrong about Google supplying my name, address and search history to a bank or insurance company?
A cheapass VPN still needs to connect to somewhere and therefore you need to trust whoever you are paying to connect to.
I’m not downplaying anything, but to the violations you are implying, there is no evidence are occuring.
Can you cite where someone was refused insurance or a job or a loan based on their internet search history? I’m specifically asking for proof that Google gave out a search history tied to a specific name to a private (not government) institution.
We don’t use any google products, for the reasons already articulated above. And we use VPN’s on our phones and computers, so our ISP’s and carriers do NOT have a list of every site we’ve ever visited.
Why anyone would willingly use google products is perplexing. Unless you like everything you search for and view to be archived and used against you for eternity.
Used against you?
How often were telegrams used against those that used to send plain text messages nationally and internationally. THE WORLD DIDNT FALL APART THEN STOP. All that is needed is legislation at the federal level that ensures companies cannot tie names to search histories and then give out this info to the highest bidder.
I think this is a level of unwarranted paranoia. The US is not China and the federal government for the most part doesn’t care what the average citizens looks up on the internet.
ISP’s can access your search history if they wanted to, just as easy as Google, VPN or otherwise.
Why anyone would go to such an effort to hide their search history from a company that say they don’t care and don’t give out personal details is not perplexing to me.
It reeks of paranoia or of someone looking up or doing something they shouldn’t. Why would anyone care about your cat videos?
A paranoid individual is defined as one who believes that others are out to get them. Most of the time incorrectly, but not all the time, as sometimes they are correct.
Google does not care about you, really you, They are interested in personas not actual persons – behaviour, patterns around those so they can sell ads in a more relevant way. They give you convenience for data. Traffic information in maps for targeting data. Fair or not, that’s the deal. You like it you stay you don’t, you spend more time with unreliable services and you spend more money for reliable ones. It’s a very simple proposition.
Yes, that’s how I’ve understood it to work too. I would be actually very worried if Google was supplying names and their search histories to private companies for a fee. There ought to be a law against such a practise and there probably already is.
Rather quite good topic
Are we talking about Google the same company that lets users set location services OFF on Android but still tracks you even if you remove your SIM card?
With Chrome’s Incognito you can do all of the above with automatic login.
I was anticipating this, and was pretty pissed off about it too. I created a new account just for browser login. Now I toggle user profile depending on what I am using the browser for. I don’t use my main account for anything much. Glad to see other people are also as miffed about it as I am.
Firefox is great, Brave is great, why use Chrome at all?
Brave + Duck Duck Go + VPN = FTW
Another question: why use Google when you can combine Google + Bing + all the other search engines by using SearX.me ?
Even Open Street Map is becoming almost as good as Google Map. It seems like a lot of people use Google products by default just because it’s an habit.
This doesn’t happen for me. I use two profiles one for private and one for work ( –profile-directory cmd line switch), in the work profile I see the sync menu you are talking about, but I am not signed in in google there. In my private profile though I have a pinned tab with gmail, and am signed in in gmail, BUT my browser still shows the old button for “sign in for synchronising… “, so there no automatic sign in happens. I wonder why…
google like any corporation is headless, drivin only by profit margins, its a simple formula and clearly a asymmetric tradein there favor, if the risk is loosing a few million users now to gain every future users browsing data than that is a favorable trade. and of course sync is still opt in, sync data is the main service they offer you as trade for your valuable browsing data so if they can collect your valuble data without having to provide a expensive service that makes the trade even more asymmetric in there favore and that in the end is why i and many others dumped chrome, the only way google will ever care is if enough fuss is raised to hurt there reputation or bottom doller otherwise we are a calculated loss and most of the privacy concerned users didnt share data anways and earned less revenue. (sadly posted from f droid firefox )
With the value received by Google product services for FREE, I just come to the meeting with my own jar of lubricant. I always know in the end, I will be molested by the billionaire.
It makes things easier. I use so many Google products it’s nice to only log in once. I like it.
Keep
Drive
Docs
YouTube
Play music
Play movies
Gmail
When I noticed I liked the change.
Chrome is a by default keylogger that sends everything you type in the address bar to Google’s servers (except in private mode), why anyone with a grain of regard for privacy comes anywhere near Chrome is beyond my comprehension.
I think your statement here is entirely false as explained in the comment above:
> I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy. For ten years I believe Google Chrome did just this.
I’ve siloed use of browsers for a couple of decades, limiting Chrome / Chromum (Linux Mint) to a nonsense Gmail account, for a lot of information and media sites and a few comment boards, and many Google services like Maps, Keep, Docs, Youtube. The “real me” aka credit card identity is unknown to Google, though I don’t doubt it could connect us up through Android if it wants to know more than that I “want to be alone” and have disabled as much as possible in its privacy controls and installed ad blockers up its gazoo. But why would Google bother doing that, when us grumps are rare and millions are eager to self-identify?
What do you think about the solution to use the built in Guest account mode? Sure, it’s still easy to link the forced logged in account to the Guest account but still, at least in privacy policy terms “Guest” implies somehow less tracking.
An alternative might be to create an account “No thanks Google” and sign in as that which is then only used for Chrome?
Tangential question, any recommendations for a tool similar to LittleSnitch but with a little sniffer which alerts if ones personal data is flowing in packets?
Does this mean you will start using Mozilla Firefox as a browser? Or does this browser also have privacy issues?
lol Mozilla’s Firefox has freaking uplifted patches from the Tor Browser itself which can be enabled by a simple switch in about:config (privacy.resistFingerprinting, and other prefs, lookup the wiki on the Tor Uplift project on Mozilla’s wiki).
Just like “How to Serve Man”, we all should lift the cover to see and understand the implications below.
For me, I use different browsers (or devices) for different purposes.
YMMV
Salt and pepper are good.
“In the most recent fiscal period, advertising revenue through Google Sites accounted for 70.9 percent of the company’s revenues.” What more do you need to know? The killing of off Inbox makes me fee the same feelings you express, but then I have to re-calibrate to the quote above, I knew this.
Same thing back when they killed off Reader. That episode made me think it would be prudent to rely as little on Google as possible, lest they kill off anything else I’m using.
this exact thing just happened to me and I was hoping it would tell me how to undo this and it does not seem to be possible, now my porn links are on my work computer, way not cool. so no mre chrome for me at work EVER,
Found the real issue in the comments.
Your blog post is…”Why I’m Done With Chrome” what you failed to tell us is what browser you’re going to use? I read the entire article hoping for your advice on which browser you’re going to use now???
It’s really easy: Use 99% of the time the Tor Browser (which contrary to some ill-based remarks is updated exactly as Mozilla’s ESR releases – in fact builds are available much earlier from tor-qa mailing list), and 1% of the time for activities requiring personal identification such as logging into your bank account use Firefox with some about:config tweaks. So yeah.
I would be carful with TOR. Some first nodes will wait an hour and half then start testing your Ip for security vulnerabilities.
They’ve done it wrong, because when i am signed in with my company account and want to switch to my privat account to check somethting in the calendar or address book (don’t use mail of gmail, i have my own mailsetup for the important stuff), they’re forwarding me to the admin area, which is only for company users. I had to go to incognito mode to stop that behaviour. I think i will switch to back to Firefox soon.
one thing I don’t get : is this problem specific to “chrome by google” or “all chromes” ?
If it’s “only” google messing on his side, we can continue with the dozen chrome variations enjoying everything from the browser without the google specific crap ?
ie, are chromium or slimjet preserved from that autologin ?
I’m definitely interested in knowing if this applies to Chromium as well.
Excellent arguments, too bad non-geek user won’t give 2 craps about it.
The user tracking implications of this are truly scary. This seems to be yet another blatant attempt by liberal tech companies to eliminate what little anonymity and privacy the user still has on the Internet or in society. It now appears that both Google and Facebook are acting as proxies for the spy agencies of the “Big Brothers” of the world. Issues such as identity confirmation, security, and financial fraud appear to be a pretext for this despicable behavior. Why else would they be attempting to accurately chain “you” to usage of a particular physical device? E.g., see thumbprint scanner and facial recognition on iPhones, two-factor authentication on Google Mail, real identity on Facebook, …
“liberal tech companies”.
You do realize that conservatives are in this as well, yes? No, probably not with that filter of yours.
You’re insane. Liberals? Insane. The GOP has found its useful idiot
No, you are ignorant. Silicon Valley has been trending leftward for the past 20+ years, and it’s obvious when you look at how Mozilla treated the father of Javascript. Apple comes out with support for homosexual marriage. Google works with the Chinese and runs a cult-like work environment extremely hostile to conservatives. Remember the leak of the meeting the day after the 2016 election? Then, look at Google refusing to run ads for various companies they dislikes politically — crisis pregnancy and guns are a few that come to mind. Then YouTube censors or stacks warnings on vbloggers and channels that they don’t like, even doing this to candidates for office. Amazon demonitizes blogs and companies that the SPLC tells them are bad. FB uses the SPLC and Snopes to tell them what is fake and true news.
This is just off the top of my head.
Get informed.
Remember the old saw that ran as follows. Will success spoil Rock Hunter? So far as I know, that question remains unanswered. Whatever happened to Rock? As for a similar question applied to Google, seems like the answer is self evident and sad, the answer being HELL YES. Not only will or might success spoil Google, it obviously has. Whatever happened to their former masthead doggerel that ran as follows. Do No Harm. Seems to me that data furnished to any of these Google types operations was furnished for the sole purpose of facilitating my use of services they offered, said data not offered them as something they might transfer, sell or barter without, in each and every instance, specific authorization from me. Funny, isn’t it how it appears that the thing has worked out, where somehow the shoe came to be on the other foot, specific authorization having somehow crept into the endless pages of “mouse print” users are belabored with. What say the information mangers to this?
Privacy is an Illusion. Somewhere in some way, someone is watching. And recording. And analyzing. And waiting. Interestingly, it does not matter whether you are online or not.
Why do people insist on using Google services and products when they don’t trust the company? If you don’t trust Google with your data then DON”T use Google Chrome!
I don’t understand the level of self-entitled narcissism displayed by people who want to have their cake and eat it.
The new behavior makes perfect sense for all but the delusionally paranoid individual, who thinks Google gives enough shit about their boring lives, porn history, or sexual fetishes.
Being judgmental of others while possessing very low intelligence works great for you, please continue being an ass clown.
Maybe today Google doesn’t care about my boring life, porn history or sexual fetishes. But tomorrow is another day. What happens when Google all of a sudden decides it wants to know exactly what I am up to. Well, they will open their database and it will all be there for the taking.
If anybody wants to know exactly what you’re up to they’ll just track down your ISP or higher a private investigator. It goes without saying, if you live your life around odd hypotheticals, don’t use Google. As a matter of fact, don’t use products from any cloud service provider. In fact, don’t use the Internet. Because as long as you’re on the Internet, your activities are being tracked and stored, if not by Google, by someone else. Yes, there’s a chance I might get hit by an asteroid driving to work. However, planning my life around such an event is just bizarre.
Correct.
1) According to Julian Assange, Goolag has long been in bed with all of the major spy agencies.
2) Worried about Trump or Obama becoming a dictator and violating all of your rights? We’re not quite there yet, but 20 years from now, politicians will be able to put you away for life by mining your data. And Goolag will profit by selling it to them.
I wish everyone would understand developers are NOT making these decisions on their own. Their product managers, driven by profit managers are PUTTING the requirement onto their backlog. You are getting the carpenters answer about why he pounded a particular nail into the 2×4. You need to find out why/who told him to pound that nail. That would be the builder/owner.
In any case the answer is digital revenue, aka money. Why else??? We are all adults here right? There never is another answer.
I think only a naive fool would use anything from Google. I’ve completely de-Googled and am on the verge of blocking anything from Gmail
They are the most evil company in the planet IMHO and I want absolutely nothing to do with them
I encourage others to do the same
Oh, how suprised I am! Who woudda thought?!
As it seems to have escaped many: Google did more evil than that, far more – also in the browser context.
Amongs other misdeeds Google…
– acted biased (to avoid saying “censored and bent”) opinion with all its might against the right (Note: I’m european and don’t care about us-american politics. What I DO care about though is justice and fairness).
– did and fought to get pentagon projects
– created and acted with a browser/PKI Mafia (together with Mozilla) and i.a. brutally pushed or even all but enforced https while at the same time driving PKI to the point of insanity. What’s the worth of a letsencrypt certificate? None, nada, zero, because it assures nothing more than a self-signed certificate (which, however, are deemed inacceptable/evil).
Digest that. The raison d’etre of a certificate is to provide credible (oh well) assurance that a given server is who it says it is. That, however, is not the case anymore.
Considering the fact that SSL/TLS can to a degree be considered a vulnerability in terms of [D]DOS we have arrived at the worst point: We have no assurance thanks to worthless certificates but we must use https which leaves our servers more vulnerable (I won’t even touch the question of TLS and the security of the available implementations …).
Oh, and Google did something more: They are pushing hard to establish their quic protocol. In case you are interested: NO, quic is not secure as some studies show. But then why would Google want you to actually be secure (as opposed to security blabla)? We don’t want to have a hard time getting at all of your data, do we.
What we witness here is the slow cooking the frog. When Google started it was fresh pleasant water. This was long time ago. Now they turned the heat on again a notch. Very few will jump out.
What the author makes clear in this well argumented post is that this is a big move from Google. Obviously, we are reaching the critical point. There is less and less reason to show restraint.
Is there a way to prevent Chrome from doing this?
Yes. sudo apt-get remove chromium.
type chrome://flags/#account-consistency and set the option to ‘disabled’
ps it’s too easy to forget Netscape which was the first open-source browser that would load on Windows. Having an option besides Internet Explorer was a Very Big Deal back then.
The, later, came Chrome.
Google is way out of line here. Worse:
You can not being to imagine today the uses they will find for your data 10 years from now.
Leave No Trace or suffer the consequences.
Just say NO to anything Google
In a related and equally appalling note, the Google Home assistant device (their answer to Alexa) will not function unless you grant Goggle access to your browsing history on your phone. It won’t even respond to “what time is it?” until you let them suck in all of your browsing history and contacts.
“a terrific open source browser”
Chrome is not (and never was) open source.
Who would’ve thought that for all of this time this respected professor didn’t even bother to lookup the open source status of something he has great trust in in terms of the amount of stuff he inputs in it (a browser)?
They know who you are from your IP address anyway, your computer has to tell them which machine is talking to them, at that point, the machine is known. Given you were the only one able to log into the machine, you are known. Anything else you logged into, your GPS coordinates, etc… you’re known there too. It’s not “am I known?”, it’s “how many ways am I known?”…. 10, 20 ??? To even post a comment here… known.
They did something similar with Sketchup / 3D warehouse. To load down content, if you had logged on to Gmail / your Google account through Chrome they would not let you download without logging in. If you went through another browser , no problem. I have not used my Google account since then. As a software engineer experienced with network programming I knew right then that they create a digital fingerprint of every user. So be careful what you search for….. Google is big brother.
But I want to sign in to chrome for Sync as my personal account, but be logged on to Google and all its stuff with my business account. They are not the same thing at all.
Currently my solution is to leave Chrome signed out all the time on all devices, and selectively sign in for various purposes on Opera, Vivaldi, Firefox or Blisk (I mean, nobody actually uses Safari, right?)
Paid cerftificates use greater security.
Bloody Hell! All you critics posting how smart you are for NOT using Chrome & stupid everyone else for still using it need to either stop your b.s. self-adulating post that don’t actually say one useful frigging thing OR you need to start including in your so far worthless, fladulent claims the name or names of the browsers you trust &/or use in Chrome’s place! If you don’t at least name your preferred alternative browser – & preferably some basic justification as to why it’s the better, safer option – then your snotty little insulting posts only do one thing: they reveal to your readers that you are as clueless as to viable alternatives as the Chrome-users you are attempting to slander & as stupid as the Chrome-users who say they are fine with they privacy being violated in secret because it makes their lives easy, their experiences better, & it always happened & always will happen no matter what anyone claims or attempts to do about it (that’s a totally defeatist surrender of your rights to the rule of fascism, it is the “slave mentally” that allows millions of the strong be subjegated & abused by a far weaker minority, & an uneducated, underinformed copout!)! If you are so freaking smart & actually know of & use a “magic panacea” solution then you would be just as eager to share it to prove you really are the superior surfer &/or power-user! So share or just shut-up, because you’re only making fools & liars of yourselves!
I avoid Google like the the plague! Because I value my privacy and also refuse to be a data gathering bot for them. I mainly use YouTube (sadly a google entity) and maps and that’s it. Watch the Fox News report on how much data hey gather (they track events like you disembarking from a vehicle for God’s sake! How is that useful for an ad?) and also look up how they geotag your PC even though it has no geo information devices on it AT ALL!
A company that does such deeds is not worthy of any trust regardless of how good their products seem to be. Note: they’re not that good, a ton of better alternatives exist
I dont like Google always making me always really have to make me create my password
“Google needs to stop treating customer trust like it’s a renewable resource”
Google takes good care of its customers. As a user, you are the product, not the customer. Google’s customers are those who pay for your information Google collects daily (hourly/by the minute).
There is one thing and only one thing that the operators/owners of Google and similar mobs want from The Great Unwashed, and that is MONEY, in whatever form, from whatever direction it comes or is acquired. Comments and or questions are not included in the above, short list of operator wants.
Technology is being dominated by few giant corporations like google, facebook, apple etc. Slowly but surely, people are not recognizing how deep they are immersed with the ‘free’ services offered by these companies. This latest update by chrome, appears to be in line with the tightening of the noose around privacy and personal freedom online. These companies are offering all these ‘excellent’ services at no cost, and presently it is a fact that most people are signed up with one or several of such free ‘excellent’ services. Here I would like to add another twist to the line of the ongoing so called progress.. I will emphasise specifically the importance that such free services are placing on peoples lives these days, and this point begs another question – what if in the future these services become embedded with the person, e.g become part of government criteria for identification, profiling, data gathering and so on. Sure, you may think it is far fetched, but already many western countries are asking people to include their social media profiles on visa or job applications.
I guess people loose their sensitivity just like a frog doesnt feel the water getting hot until its too late.
I use only Icognito mode – is info collected by ‘keylogger’ Google anyway? Does it have my browsing activity (including banks etc) before I close Chrome and erase cookies, browsing history and so on?
You’re the one in the right here. People who stand up against privacy issues tend to come under attack from those with vested interests. Pay no attention to them; the frog should always jump out as soon as they feel the water heating up.
Eric Law reacting probably means Microsoft are planning to do the same thing with Edge [which as an Edge user—using a Local Account—I also don’t want].
I left Chrome years ago. Chrome still can’t handle more complex web apps, also the native font rendering is horrible (mostly needs extra CSS)…
In addition to this Google has more aggressively modified it’s Recaptcha free Robot eliminating program to recognize only the Browsers that comply to Googles criteria. Most interactive internet Social sites, such as Twitter, are integrating Recaptcha into their search for Robot Users.
BTW: a good Robot App when confronted by the Recaptcha Test would simply alert a Human to take the test for it. Once the Human has taken the Test the Robot would resume doing it’s dirty work.
This is a first time I even heard of Chrome login. So another useless feature with goal of data slurping?
And don’t use use Lynx, use NetSurf, it’s much better 😉 (in addition to images and videos, it even supports JavaScript, quite a feat for console browser)
It’s shocking to me that many people don’t seem to care about their privacy. It seems to me that many comments on this page come from very tech savvy people who are well versed in Googles capabilities and strategies. But what about the millions who are not so savvy? Why would people have to find out about this change from a blog and not Google themselves? This is a pure and simple abuse of their market dominance and lack of transparency. Not good, thanks for the information……Google is gone from my universe
Re Google abusing it’s market dominance, as you describe it, I do not take exception to what you say, who or what is going to check their antics.
So if I loan my computer to a visiting friend so that he can check his Gmail and then log off, my later browsing/search/youtube activities would start to be synchronized to HIS Google history (if he has permitted that behaviour earlier on his own computer)….
Doesn’t this violate GDPR? I haven’t consented to the browser logging me in. I am from Europe. This is so wrong on so many levels.
I have NEVER considered Google to be trustworthy! They have always collected user data to be used for their advertising business. I have always believed that collecting ANY data on users is totally wrong, and the collecting of user data without clear explanation of exactly what this data will be used for, and without an actual signature on paper allowing the exactly described data to be collected should be highly illegal, with 6 digit fines and 3 digit jail sentences for each violation!!
I agree: this seems to be a basic breach of GDPR. It also seems to open up one or two competition issues. I anticipate a legal fight with the EU that Google contests that ends in a multi-billion dollar fine, several years down the line.
Just use Firefox now. I made the switch when they released Quantum. It’s way better with memory than chrome and Mozilla has a good history of protecting privacy.
I use Opera. Anytime I want to hide, I use VPN placing my server in Russia.
Which is pretty hilarious. You should see what Google does to you if they think you are in Russia. Their ‘captcha’ or ‘Im not a robot’ technique is ludicrously long and tedious.
Regarding this CAPTCHA, I’m Not a Robot or the same or similar blather run by anyone else, garbage that has infected the internet, putting it politely, The Hell With Them.
If you’re concerned about privacy use Firefox and startpage. Startpage is Goog’s search w/o saving your IP address, so there’s nothing to track. Use CCleaner to rid those pesky cookies when it’s shut-down time.
I have used Firefox for some time now, never used Crome. FF seems to be a pretty good system, though not without faults, in particular often frequent and unexplained crashes, which are certainly troublesome/annoying.
Privacy died years ago. Whether you sign into Google or not, whether you use chrome or not, Google will get your data. Get over it and move on. I like being synchronized and Google knowing everything about me actually makes my experience in Android and my life better.
Yup all too true. Its funny. People talk about privacy NOW (years post Snowden, years post Wikileaks reveals) when to even make an email account on gmail, yahoo, outlook, you need a phone number. We should have been talking about privacy 10 years ago to create the laws to protect consumers. Google did not want this, and have been effectively lobbying for years to make ‘tech’ companies free from intervention.
Phones are much more pernicious in terms of privacy violations. Frankly, I could honestly care less about computers at this point. Government will never ever support the masses in favor of privacy so it is up to you. Thankfully, computer OSs has been around so long that there is tons of software out there that masks your information – VPNs, ‘zombie’ protocols, sandboxing, etc.
Your phone is a whole other story. First of all, it tracks geolocation basically always, even if your phone it ‘off’. So, Google already knows the following if you use Android:
Name
Address
SS#
Phone Number
Where you work and live
Where you eat
With this information, it should be relatively easy to see how geolocation/cell tower logs can easily be crosslinked to IP adresses in the area since the whole internet/cable game is a monopoly. Also, anytime you login to wifi on your phone, your entire network is compromised. You have no control over google sending your IP address. Anytime you go into virtually any application, your photos, phone calls, history, etc is all compromised.
Google talks a big game about being transparent with privacy. The only thing I can tell you is dont fall for the smoke and mirrors: the definition of words can be changed, easily, in the court of law. Saying they dont log ‘your data’ doesnt mean anything. First, you can never verify what has been stored where. Secondly, the browser doesnt have to necessarily log your data. Any website can do it. And google owns quite a few that are hard to get away from.
Adding to the information google collects:
Phone history
Voicemails
Pics
Contact Information
Purchase History
Exactly were, in dealing with Android, which I never have so done, do Social Security Numbers come in. Please advise, so that I will be “pre warned”, and therefore avoid wasting a phone call or any of my time.
Seems to me, possibly incorrectly, that the general public, respecting computer users anyhow, has to readily sacrificed important artifacts, they being personal privacy, for the pittences offered. Of course it is possible that I’m all wet here, or that people simply do not care anymore, having been “conditioned” to, without a thought, complying to the demands of seeming Officialdom or might it be Officialdumb, without so much as a raised eyebrow.
How about Chromium? There’s a “no sync” release at chromium.woolyss.com?
Thank’s for the hint, I’ll give it a try.
I get notified anytime a device accesses my account. I get how it was accessed and where, and time. Right on my phone? I don’t see this bypassing the feature. I tried several times on 5 devices. I got the phone notification every time.
FUCK OFF GOOGLE!!!
I’m working in a company that requires a google account. It took me a long time to convince myself it’s bearable to use chrome. After less than two years I’ll switch back to FIREFOX even if it’s technically a bit behind. I think it will take years to have a look at chrome again. This is my last post on your browser, google. Bye!
Try Opera. Free, fast, easy to use. Has built in VPN just hit + + ‘N’ and it will enter privacy mode (like Chrome) except it has a VPN icon on the search bar. Hit that, and you will (from Google’s point of view) be somewhere in Russia. You can also specifically select a location if you want, say, to appear like your in Canada.
CTRL + SHIFT + N
I use Opera (portable).
You also can encrypt the sync data with a passphrase. Sadly this possibility is not easily accessible when the browser is being set up. I just tried it with a clean Chrome browser.
Fortunately, using RHEL6, for which Chrome does not install.
I never felt I was missing out.
I usually don’t care about data collection as long as the browser is lightning fast and loads web content in the blink of an eye. Sadly Chrome stopped doing that a long time ago. After a week or so of usage after a fresh install, the speeds greatly deteriorate. Same can be said about Firefox too, but it happens at a different pace.
Chrome is a memory hog of which no other browser (besides maybe Edge or IE) can top. Insane amounts of memory for just a few windows.
I sort of feel Google slowly implemented a pro sign in with Chrome. Over time it has become more about Google services and cloud syncing and less about Chrome just being a browser for users. Even if you were not interested in other Google services. Well it appears Google feels it needs to collect more of what you do all the time and any time you use Chrome, Google services or anything Google. I guess we should not be surprised by this, but I also feel it as implemented a little bit incognito and that is concerning to me. No I do not use Chrome anymore and there are plenty of Chrome clones to satisfy the compatibility benefits of Chrome without the added Google stuff. Or use Firefox which is the best at trying to be a good browser for users not a company.
Yes, just like how Youtibe slowly introduced ads, Google realizes that the easiest way to get people to adopt something is to slowly feed it to them over time, since humans are wired to accept small changes and get stressed with large changes.
Its insidious and disgusting IMO. Ive always hated Alphabet for their arrogance. Lets be honest, they brought relatively nothing new to the table except faster search algorithms, which also, eh, not that great an invention.
Surpise today, after i sent my phone number to a friend via gmail (i made sure before never to “verify my identiity” with it), i get a message “please help us to secure your account and send you a key if needed.. at *** my number”.
For someone who has checked off all the history/tracking “options” of gmail… it hurts.
As for youtube it has been years now (since they bought youtube) that when one is already with a gmail account opened on one tab and checks something on youtube on another tab, the synchronization is made and the email account appears as connected to youtube.
Well, apparently Google just listened to its users, in Chrome v70 this “issue” will desappear.
Source?
Do we have any reason to believe they’ll actually not do the bad thing, rather than concealing it?
In case anyone noticed, it also syncs once you visit Youtube. Horrible
have you ever tried https:/ /www .dillo . org/ ? I think this beast do not send data anywhere 🙂
also chromium portable is a good choice if you want to have it unbranded and without google features, not sure about “auto login” function.
also you mentioned that mFF is a bit behind… what do you mean by that?
I liked this thread: http:// openbsd-archive.7691. n7.nabble. com/chromium-and-firefox-myths-and-facts-td345018.html
Are there any privacy-conscious users who actually use this software (Chrome) without substantial cognitive dissonance/sense of irony/corporate requirements? Your browser fingerprint with Chrome is unique for each device, get that in your head next time you come anywhere close to it.
“I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy”
Sure, and it’s also “entirely possible” for Jeff Bezos to donate half his fortune to charity, but businesses don’t operate on what’s just “possible”, they’re prime directive is to make money, preferably in a legal way. I’m one of those who think you really “ought to be using lynx+Tor and DJB’s custom search engine” if Google’s shenanigans bother you. (btw, I stopped using Chrome more than two years ago)
Why use it in the first place???? Do you need anything other than “Chrome ain’t open source”, “Browser fingerprint is unique” and “Chrome’s addressbar is a by default keylogger since it sends everything you type to Google search”??????
This cognitive dissonance astonishes me like no tomorrow.
Great article – however I do have a small correction. The articles implies that Google does not generate a significant amount of revenue from Google Chrome ‘Even if the browser never produced a scrap of revenue for Google’. This is not true – by definition, Google Chrome points all the web searches to Google, and those searches worth billions and billions of dollars.
Installing a 3rd-party search engine (i.e. Yahoo, Bing, Duckduckgo) or New Tab browser extension would trigger Google Chrome to ask the end-user to re-confirm the change from the default setting (i.e. Google) upon opening the New Tab (i.e. for most users, once Chrome launches) or conducting a web search, ***even if the 3rd-party search provider extension installation has been completed months ago***. Needless to say that it only take one click to disable the 3rd-party search extension and restore the default settings back to Google.
This suggests an answer to the question I’ve had since September 17th, when I became unable to access Gmail and Google Calendar through Firefox — i.e., I rig FF (& CrapCleaner) to reject as much as possible. In order to keep up with company mail, however, I fired up IE; Gmail became accessible but not GCalendar. Subservient to my mate’s reliance upon GC, however, I fired up Chrome on a laptop to restore both — and there in that ‘hard sandbox’ it will remain.
Thank you, Matthew Green and most Commentators — despite confirming there’ll be no end to the contortions needed to preserve any shred of privacy today.
Just think encryption – in everything you do.
The question isn’t whether someone is collecting data, it’s whether someone is ABLE to. I sure as hell don’t trust anybody, least of all Google, with my data. So:
– use VPN / Tor to ensure you browse anonymously
– use end to end encrypted email services like Protonmail / Tutanota
– use end to end encrypted online storage like Tresorit
And yes, DuckDuckGo works just fine.
You simply don’t need any of Google’s crap.
This whole blog reads like: “Oh just realized Chrome/Chromium/Chrom* does nothing to actually protect my privacy!” C’mon people, you’re better than that. You don’t need to have a PhD in mathematical logic to figure out that Chrome is bad for your privacy (and hence health unless you’re ok with people seeing you upstairs).
Interesting post. I’m definitely skeptical about Google having so much of my browsing data. This may be the straw that breaks the camels back.
Google is doing so many stupid moves lately, overplaying their hand while feigning to be dumb, that i can’t wait for the EU -the US being a malignant joke- to tear them a new asshole, to sue them to death if not break their company into many pieces. Glad to see that i wasn’t alone to freak out to that forced consent-less auto-login crap.
Obviously I immediately looked on how to disable it, starting with “settings” then “flags”, but somehow missed that chrome://flags misnamed as “Identity consistency between browser and cookie jar”, setting now disabled until i switch for something else than chrome.