In order for this problem to apply to you, you already have to be signed into Chrome. This seems bad, and sure, we want to avoid that.īut note something critical about this scenario. To paraphrase this explanation: if you’re in a situation where you’ve already signed into Chrome and your friend shares your computer, then you can wind up accidentally having your friend’s Google cookies get uploaded into your account. After conversations with two separate Chrome developers on Twitter (who will remain nameless - mostly because I don’t want them to hate me), I was given the following rationale for the change: The new feature that triggers this auto-login behavior is called “Identity consistency between browser and cookie jar” ( HN). I warn you that this will get a bit ranty. Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly.The change makes a hash out of Google’s own privacy policies for Chrome.This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.From my perspective, this comes down to basically four points: In the rest of this post, I’m going to talk about why this matters.
#Broken image links in slimjet update#
This is unfortunate - and I hope it changes - because this update has huge implications for Google and the future of Chrome. But the mainstream tech press seems to have ignored it completely. The change hasn’t gone entirely unnoticed: it received some vigorous discussion on sites like Hacker News. Your sole warning - in the event that you’re looking for it - is that your Google profile picture will appear in the upper-right hand corner of the browser window. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google - yet. It’ll do this without asking, or even explicitly notifying you. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. What changed?Ī few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. If you didn’t take advantage of this option, Google’s privacy policy was clear: your data would stay on your computer where it belonged. Sure, Google offered an optional “sign in” feature for Chrome, which presumably vacuumed up your browsing data and shipped it off to Google, but that was an option. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.įor many years this is exactly how things played out. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. In this setting, Chrome was a beautiful solution. This posed an existential threat to Google’s internet properties. Worse, Microsoft was making noises about getting into the search business. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins.
Today I wanted to write specifically about Google Chrome, how much I’ve loved it in the past, and why - due to Chrome’s new user-unfriendly forced login policy - I won’t be using it going forward. After all, that’s what Twitter is for! But from time to time something bothers me enough that I have to make an exception.
This blog is mainly reserved for cryptography, and I try to avoid filling it with random “someone is wrong on the Internet” posts.