Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday September 25 2018, @09:54AM   Printer-friendly
from the do-evil dept.

Privacy concerns flare over latest Chrome browser's 'forced login'

When Google LLC launched its updated version of Chrome browser, Chrome 69, earlier this month, users were told a lot of small changes would happen all aimed at boosting productivity.

But some users now are not happy about something Google wasn't exactly selling prior to the release of the browser. That is, if you’re logged into a Google website, you will automatically be signed into the browser.

What that means is that if you're using Gmail or YouTube, for instance, because it's a Google site you will be signed into Chrome 69. Users have the option to keep signed-in of course, but they also have the option to use Chrome in Basic Mode.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by darkfeline on Tuesday September 25 2018, @07:28PM

    by darkfeline (1030) on Tuesday September 25 2018, @07:28PM (#739830) Homepage

    What it means to sign into Chrome/Chromium is that the browser itself is authenticated with a Google account. The main feature this enables is the ability to sync browser settings, history, etc to the cloud so everything is shared between Chrome on different devices. Note that the Chrome sync is a standalone service and has its own Terms of Service which you should read if you're using it. Also note that the sync service isn't a core G Suite service. If you pay for G Suite, you get a different version of Gmail et al with very different ToS; however, there is no G Suite version of the Chrome Sync. If you enable Chrome Sync on a G Suite account, you're getting the regular ToS which allows advertising etc.

    The reported reason for this change is that users have trouble distinguishing being logged in to a Google service and being logged in to Chrome. It was possible for one person to be logged in to Chrome while another person logged in to Gmail using the browser. This was usually unintentional. By linking the two concepts the problem goes away.

    While the change makes it so that you are logged in to Chrome automatically, it (reportedly) does not turn on Sync automatically. I'm not sure what is sent to Google if you log in and have Sync off; presumably, only the login request and debug/usage statistics.

    Chrome allows setting a password to encrypt everything it syncs. From all indications, this is implemented securely: You must enter the password locally on all devices that sync. There is no way to change the password, you have to reset all data to reset the password. Adding a password stops any ad personalization using the synced data (but not any other data Google has of course) and it becomes impossible to view synced data from any web UIs.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4