This article was published on September 24, 2018

How to escape Google’s forced logins on Chrome 69


How to escape Google’s forced logins on Chrome 69

According to security researcher S. Bálint, any time someone using Chrome 69 logs into a Google service or site, they are also logged into Chrome-as-a-browser with that user account. Essentially, Google is forcefully logging users into Chrome.

Chrome browser’s privacy policy notes that if you are is not signed in, all the information is locally stored on your system. However, all the data – including your browser history and password autofill information –is sent to Google servers once you’re signed in. That leads users to believe that Chrome 69’s forced login policy is sharing user data with Google.

 

However, Adrienne Porter Felt – an engineer and manager on the Google Chrome team – said that the user data is not getting uploaded to Google servers. But if that’s true, then why is Google is forcefully logging people in?

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Automatically logging people into browsers potentially creates an unsafe environment on shared devices: Others who use the device may be able to access your account, even when you think you’ve logged out of the services you just used.

Felt said that the new version of Chrome’s UI now uses a profile icon to the right of the address bar to indicate that you’re signed into any of Google’s services. Apparently, this change was made so that users don’t forget to sign out on shared machines. But its effectiveness may be limited, as people may not realize they’re logged into the browser – especially if they don’t notice this change.

You can change this behaviour by going to  ‘chrome://flags/#account-consistency’ and disabling ‘Identity consistency between browser and cookie jar’ flag. Some developers have also built a privacy centric fork of Chrome called Ungoogled-Chrome.

 

disabling forced login\bleepingcomputer

This feels a lot like the Google+ integration that the company previously tried to force onto folks who used its Search, Gmail and YouTube services; it later removed this functionality after receiving negative feedback.

The company has been guilty of sneakily recording userdata several times in the past. Earlier this year, it was revealed that Google was recording users’ location data even if they had turned that setting off. A few years ago, The Guardian found that Google was quietly recording all your voice searches and storing them in its server – without disclosing this to users

Companies like Google often make changes to their platforms and, instead of explicitly informing people, hide mentions of these tweaks in documentation that few users actually read. Privacy and transparency are, sadly, becoming harder to come by as we invest more in online services.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top