Tuesday, September 25th 2018
Chrome 69 Adds Forced Login, Threatens Privacy: How to Fix it
There was a time when Chrome users could be safe and think that what they did in Google Services (Gmail, YouTube, Maps, etc) was separated from their actions in the browser. One thing wasn't necessarily tied to the other, but now things have changed - and without any public disclosure from Google.
Starting with the recently published Chrome 69, if you use this version of Chrome and log into any Google service or site, you will be automatically and magically logged into Chrome with that user account. A systems architect called Bálint disclosed a problem that changes Chrome behavior in a way that could potentially harm user's privacy.Before Chrome 69, the sign-in into the browser was optional, and it allowed you to have your cookies, history or bookmarks across all the devices on which you used Chrome. It was convenient for many people, but the user had to actually enable it with two steps: logging into Chrome, and then enabling Google Sync in the second place. Even if you were logged into Gmail, you could be using Chrome without being logged at all in the browser (or logged into it with a different user's account, for that matter).
That was the problem according to Google engineers, who have claimed the change in Chrome 69 is due to "consistency" problems. Adrienne Porter Felt, engineer & manager in Google Chrome, tweeted about this and explained that her team made this change "to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device".
The change has made a lot of people angry, though. As Bálint pointed out on his analysis, the problem lies with doing things right, and taking away that option from the user has ignited the debate on privacy. Even with Google's best intentions, the change has been seen as the latest threat on a long list of threats Google has made to their user's privacy.
Matthew Green, a cryptographer and professor at Johns Hopkins University, was even more critical about the problem when he wrote "Why I'm done with Chrome". He questioned Google rationale "for why this change was necessary", and criticized the "enormous implications for user privacy and trust" this change has.
Google engineers insist: Sync doesn't automatically turn on with the auto login, so for them the privacy problem is not that big. The problem according to Green is that user consent matters, and for many critics of the change, this is the real threat for a decision that was made to take away user consent and potentially help Google to collect more and more data.In fact, there's even more to the story: the CTO and co-founder of ContentPass, Christoph Tavan, discovered how when the user makes Chrome clear all cookies, the browser deletes all... except from Google cookies.
Fortunately, users can disable this forced login policy. To do so, you must use Google Chrome flags and change one of the parameters to avoid problems.The steps are the following:
1. Go to "chrome://flags/#account-consistency"
2. That will show the flag 'Identity consistency between browser and cookie jar' select "Disabled" from the drop-down menu
3. Click on "Relaunch now"
After that, you will be able to keep the old Chrome behavior, and logging into Google services and sites won't log you into Chrome.
Update (09/26/18): Google has announced a series of changes in Chrome 70 to address these issues. A blog post by one of Chrome product managers explains how the next version of Chrome will introduce controls to disable Chrome sign-in, for example. The "Delete All Cookies" option will take care of Google auth cookies too in order to remove then. Finally, they will update their UI to "better communicate a user's sync state".
Starting with the recently published Chrome 69, if you use this version of Chrome and log into any Google service or site, you will be automatically and magically logged into Chrome with that user account. A systems architect called Bálint disclosed a problem that changes Chrome behavior in a way that could potentially harm user's privacy.Before Chrome 69, the sign-in into the browser was optional, and it allowed you to have your cookies, history or bookmarks across all the devices on which you used Chrome. It was convenient for many people, but the user had to actually enable it with two steps: logging into Chrome, and then enabling Google Sync in the second place. Even if you were logged into Gmail, you could be using Chrome without being logged at all in the browser (or logged into it with a different user's account, for that matter).
That was the problem according to Google engineers, who have claimed the change in Chrome 69 is due to "consistency" problems. Adrienne Porter Felt, engineer & manager in Google Chrome, tweeted about this and explained that her team made this change "to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device".
The change has made a lot of people angry, though. As Bálint pointed out on his analysis, the problem lies with doing things right, and taking away that option from the user has ignited the debate on privacy. Even with Google's best intentions, the change has been seen as the latest threat on a long list of threats Google has made to their user's privacy.
Matthew Green, a cryptographer and professor at Johns Hopkins University, was even more critical about the problem when he wrote "Why I'm done with Chrome". He questioned Google rationale "for why this change was necessary", and criticized the "enormous implications for user privacy and trust" this change has.
Google engineers insist: Sync doesn't automatically turn on with the auto login, so for them the privacy problem is not that big. The problem according to Green is that user consent matters, and for many critics of the change, this is the real threat for a decision that was made to take away user consent and potentially help Google to collect more and more data.In fact, there's even more to the story: the CTO and co-founder of ContentPass, Christoph Tavan, discovered how when the user makes Chrome clear all cookies, the browser deletes all... except from Google cookies.
Fortunately, users can disable this forced login policy. To do so, you must use Google Chrome flags and change one of the parameters to avoid problems.The steps are the following:
1. Go to "chrome://flags/#account-consistency"
2. That will show the flag 'Identity consistency between browser and cookie jar' select "Disabled" from the drop-down menu
3. Click on "Relaunch now"
After that, you will be able to keep the old Chrome behavior, and logging into Google services and sites won't log you into Chrome.
Update (09/26/18): Google has announced a series of changes in Chrome 70 to address these issues. A blog post by one of Chrome product managers explains how the next version of Chrome will introduce controls to disable Chrome sign-in, for example. The "Delete All Cookies" option will take care of Google auth cookies too in order to remove then. Finally, they will update their UI to "better communicate a user's sync state".