Security Market Segment LS
Monday, 24 September 2018 08:33

Cryptographer dumps Chrome after auto sign-in feature lands

Cryptographer dumps Chrome after auto sign-in feature lands Pixabay

The decision by Google to quietly effect sign-ins for users of its Chrome browser has caused at least one prominent technologist, John Hopkins University cryptographer Matthew Green, to stop using the browser.

Green, who has been using Chrome for a long time after it surfaced as an alternative to Microsoft's Internet Explorer in 2008, said, a few weeks ago, an update made to Chrome quietly signed users in to their Google accounts every time they visited a Google site.

Prior to this, Google had offered an optional sign-in feature for Chrome. This, Green said, "presumably vacuumed up your browsing data and shipped it off to Google, but that was an option. An option you could easily ignore. If you didn’t take advantage of this option, Google’s privacy policy was clear: your data would stay on your computer where it belonged".

But now, he said, the sign-in occurred without asking the user or even offering any notification; the only warning was that the user's profile picture would appear in the upper right-hand corner of the browser window.

Outlining why this change mattered, Green said he could enumerate it in four points:

  • "Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense;
  • "This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this;
  • "The change makes a hash out of Google’s own privacy policies for Chrome; and
  • "Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly."

He said that two Chrome developers had told him that the automatic sign-in did not sync the user's data and the reason for it was to avoid a situation where a user was logged in and the data of a second user was being synced.

Explaining this, Green wrote: "...if you’re in a situation where you’ve already signed into Chrome and your friend shares your computer, then you can wind up accidentally having your friend’s Google cookies get uploaded into your account. This seems bad, and sure, we want to avoid that."

But, he pointed out, for such a situation to eventuate, one had to be already signed in. "There is absolutely nothing in this problem description that seems to affect users who chose not to sign into the browser in the first place."

Green said it was logical to assume that Google would not have made this change to Chrome unless it provided the company with data that it wanted.

Dismissing arguments that, if he wanted to keep using Google products he should expect privacy violations of this kind, Green said: "I reject this argument. I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy. For ten years I believe Google Chrome did just this. Why they’ve decided to change, I don’t know. It makes me sad."


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments