Green, who has been using Chrome for a long time after it surfaced as an alternative to Microsoft's Internet Explorer in 2008, said, a few weeks ago, an update made to Chrome quietly signed users in to their Google accounts every time they visited a Google site.
But now, he said, the sign-in occurred without asking the user or even offering any notification; the only warning was that the user's profile picture would appear in the upper right-hand corner of the browser window.
- "Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense;
- "This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this;
- "The change makes a hash out of Google’s own privacy policies for Chrome; and
- "Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly."
He said that two Chrome developers had told him that the automatic sign-in did not sync the user's data and the reason for it was to avoid a situation where a user was logged in and the data of a second user was being synced.
Explaining this, Green wrote: "...if you’re in a situation where you’ve already signed into Chrome and your friend shares your computer, then you can wind up accidentally having your friend’s Google cookies get uploaded into your account. This seems bad, and sure, we want to avoid that."
But, he pointed out, for such a situation to eventuate, one had to be already signed in. "There is absolutely nothing in this problem description that seems to affect users who chose not to sign into the browser in the first place."
Green said it was logical to assume that Google would not have made this change to Chrome unless it provided the company with data that it wanted.
Dismissing arguments that, if he wanted to keep using Google products he should expect privacy violations of this kind, Green said: "I reject this argument. I think It’s entirely possible for a company like Google to make good, usable open source software that doesn’t massively violate user privacy. For ten years I believe Google Chrome did just this. Why they’ve decided to change, I don’t know. It makes me sad."