Users fret over Chrome auto-login change | Cyber Security

Users were complaining this week after discovering they’d been logged in to Google’s Chrome automatically, after logging into a Google website.

Chrome has long included a feature that lets you log in, connecting the browser directly to your Google account. This lets the browser, via its sync feature, store information about your web usage on Google’s servers, including your browsing history, bookmarks, tabs, autofill information, and a list of your installed extensions. Google provides it as a convenience for users because it enables them to synchronise the browser environment across their devices.

As you’d expect, not everyone likes the idea of sending their data to Google’s servers. Chrome users have traditionally been able to surf the web, including Google’s own websites, without signing into the browser.

Web Hosting

Recently, though, Matthew Green, assistant professor at Hopkins University and a cryptography expert, discovered that an update to Chrome has been signing users into their Chrome browsers whenever they logged in to a Google website. He blogged about it in full here.

From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.

This angered the privacy-conscious Green, who doesn’t want Google seeing his web usage data. He has deliberately avoided signing Chrome into his Google account ever since he began using it.

According to Google executives, the rationale for the change stems from the fact that you can sign into Google in two ways when using Chrome. In addition to the browser’s own login feature, you can also sign in via the Google web page, as you would in any browser.