Google has been forced to backtrack on an automatic login feature in its Chrome browser after a massive user backlash.
Until recently Google Chrome users have been able to use the browser without logging in.
However, now when people log into a service such as Gmail they are automatically logged in without their consent.
For years Google Chrome users have been able to use the browser without logging in. However, now when people log into a Google service such as Gmail they are automatically logged into Chrome without their consent
According to cryptographer and Professor Matthew Green who wrote a blog post ‘Why I’m done with Chrome’, Google quietly made these changes several weeks ago.
Professor Green revealed that people could mistakenly activate ‘sync’, which means the firm can log users’ behaviour and access their data without them knowing.
Professor Green warned that the development has ‘enormous implications for user privacy and trust’.
Google today addressed the complaints.
‘We recently made a change to simplify the way Chrome handles sign-in.
‘Now, when you sign into any Google website, you’re also signed into Chrome with the same account.,’ Google said.
‘We want to be clear that this change to sign-in does not mean Chrome sync gets turned on.
‘We’ve heard—and appreciate—your feedback. We’re going to make a few updates in the next release of Chrome (Version 70, released mid-October) to better communicate our changes and offer more control over the experience.’
Google said it will add a control that allows users to turn off linking web-based sign-in with browser-based sign-in.
For users that disable this feature, signing into a Google website will not sign them into Chrome.
The firm said it would also update the browser to make it clearer whether a user was syncing data, and also ensure all tracking cookies are deleted and you will be signed out.
‘We deeply appreciate all of the passionate users who have engaged with us on this.’
Professor Green revealed that people could mistakenly activate ‘sync’ which means the browser can log users’ behaviour and access their data without them being aware of it
A Google spokesperson previously directed MailOnline to a Twitter post by Chrome engineer Adrienne Porter Felt who explained that users still have to consent to have their data synced.
‘I want to share more info about recent changes to Chrome sign-in’, she wrote.
‘Chrome desktop now tells you that you’re “signed in” whenever you’re signed in to a Google website.
‘This does NOT mean that Chrome is automatically sending your browsing history to your Google account!’, she wrote.
A Google spokesperson directed MailOnline to a Twitter post by Chrome engineer Adrienne Porter Felt who explained that users still have to consent to have their data synced
She also said that the Chrome privacy notice was being updated ‘ASAP’ to make the syncing option more clear.
Last month a study from Vanderbilt University gave a look at the just how much data Google is harvesting from its users.
Researchers examined how the search giant collects information from Android mobile devices, Chrome browsers, YouTube and Photos, among other Google products.
But the most surprising revelation gleaned from the study is likely to be that Google continues to collect data even when users are browsing in incognito mode.
Google collects data in ‘active’ ways, such as when users sign into an application, as well as ‘passive’ ways that users are less likely to be aware of.
In this scenario, an application is designed to gather information on users when it’s running, sometimes without the user’s knowledge.
Last month a study from Vanderbilt University gave a look at the just how much data Google is harvesting from its users
‘The extent and magnitude of Google’s passive data collection has largely been overlooked by past studies on this topic,’ according to the study, which was published last month.
Most people assume that their browsing history is hidden from Google when they use incognito mode.
However, the study explains that Google can still link the data from incognito browsers to a specific user.
That’s because if a user logs into a Google account while a private browser is open, cookies left behind on the incognito window can identify them.
If they close out of the incognito window before logging into a Google account, then the data will be erased.
HOW DOES GOOGLE TRACK ITS USERS’ LOCATIONS OUTSIDE OF ‘LOCATION HISTORY’?
A new investigation led by the Associated Press found that some Google apps automatically store time-stamped location data without asking – even when you’ve paused Location History.
The investigation found, for example:
- Google stores a snapshot of where you are when you open its Maps app
- Automatic daily weather updates on Android phones pinpoint where you are each time the forecast is refreshed
- Simple searchers, such as ‘chocolate chip cookies,’ or ‘kids science kits,’ pinpoint your precise latitude and longitude – accurate to the square foot – and save it to your Google account
This information is all logged as part of the ‘Web and App Activity feature, which does not specifically reference location information in its description.
This is enabled by default, and stores a variety of information from Google apps and websites to your Google account.
When paused, it will prevent activity on any device from being saved to your account.
Leaving ‘Web & App Activity’ on and turning ‘Location History’ off only prevents Google from adding your movements to the ‘timeline,’ its visualization of your daily travels.
It does not stop Google’s collection of other location markers.
‘While such data is collected with user-anonymous identifiers, Google has the ability to connect this collected information with a user’s personal credentials stored in their Google Account,’ the study says.
What’s more, even if you avoid using Google services on an iOS device, the firm can still collect data on users.
Visits to non-Google webpages still registered a ‘surprisingly high’ number of communications with Google servers.
‘The number of times such Google services are called from an iOS device is similar to an Android device,’ the study noted.
‘In this experiment, the total magnitude of data communicated to Google servers from an iOS device is found to be approximately half of that from the Android device.’
Researchers were most concerned by the amount of ‘passive’ data collected via third-party networks and advertisers that aren’t owned by Google.
Google ‘learns a great deal about a user’s personal interests’ during a day of typical phone use – things like their location, routes taken, items purchased and music listened to,’ the study explained.