- Google has indicated it will make changes regarding the new and controversial automatic login feature for the Chrome web browser.
- After just over a decade on the market, Google made a controversial change to Chrome: If you signed into YouTube, Gmail, or any other Google-owned site, it would log you in on the Chrome browser itself with the same account.
- Security analysts, including Matthew Green, said the automatic login resulted in less security for Chrome users – when you’re logged into Chrome, it keeps track of your browsing history and other information.
Parisa Tabriz, director of engineering at Google Chrome, indicated on Tuesday that the company is ready to make changes involving a controversial new Chrome feature that some security researchers have called a threat to privacy.
In an Twitter post, Tabriz, who calls herself the “browser boss,” said: “We’ve heard – and appreciate – your feedback from the last few days, and we’ll be making some product changes.”
We’ve heard — and appreciate — your feedback from the last few days, and we’ll be making some product changes. 4/4
— Parisa Tabriz (@laparisa) September 25, 2018
Tabriz offered no specifics about the changes.
On Sunday, Matthew Green, a cryptography and security researcher as well as a professor at Johns Hopkins University, helped bring to light that Google had quietly begun logging users into the Chrome browser without their knowledge or consent.
In a blog post titled, “Why I’m done with Chrome,” Green wrote Google tucked the login change into the latest Chrome update. The way it works is that anytime someone logs into one of Google’s properties, such as YouTube or Gmail, they will automatically get signed into Chrome.
For years, Google has given users of Chrome, the world’s most popular browser, the option of surfing the web without logging in. What’s important about that is that users had to login first and then consent to the sync feature before their private browser history was shared with Google.
Because Google was logging in people involuntarily, and because of changes to the sync-consent page, it had become much easier for users to accidentally agree to share their browser histories, Green said.
Tabriz said Google made the login change to “clarify when you’re signed in/out of the browser as well as Google websites.”
Green was sceptical and said Google’s reasoning made no sense.
Green’s blog stirred debate among Chrome fans, with many not seeing the change as a problem. Still, dozens of others criticised Google via the social networks. On Tuesday, some Chrome users were exchanging instructions on Twitter on how to disable the auto-login feature.
One of the main questions of the critics: Why would Google’s managers make this change without notifying users? Answers are not immediately forthcoming.
Business Insider Emails & Alerts
Site highlights each day to your inbox.