Google has decided to throw in the towel on its controversial new auto-login feature in the Chrome. In Chrome 70, users will have the ability to opt-out of the tool which has been criticized by privacy experts.
In Chrome 69, which launched earlier this month, Google automatically logged you into your Google account if you signed into another Google property, such as Google Search, Gmail, or YouTube. Previously, you had to log into your account in Chrome separately.
Not surprisingly, this didn’t sit well with privacy advocates. For example, Matthew Green, a cryptography expert, and professor at Johns Hopkins University said Google’s move “fundamentally changes the sign-in experience.”
Tying my browsing history to an identity *implicitly* has privacy implications, even if I somehow avoid the option that uploads this data to Google.
— Matthew Green (@matthew_d_green) September 22, 2018
Jim Fenton, an independent identity privacy and security consultant, expressed similar concerns, noting:
It was a big change and they should have expected that people would react to it.
So the thing people are concerned about from a design standpoint is that this could cause users to do what Google wants them to do. The way it was done really gave an impression that they were doing something they weren’t being entirely up front about.
In a Tuesday blog post, Google defended auto-login saying the change was intended to “simplify” the way Chrome handles the process.
Further, “We want to be clear that this change to sign-in does not mean Chrome sync gets turned on. Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.”
Beginning with Chrome 70, being released in mid-October, users will see an option to opt-out of auto-login.
Chrome product manager Zack Koch explains:
While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome.
Also in Chrome 70, Google plans on updating its UIs in Chrome to better communication a user’s sync state. In doing so, you’ll be able to tell whether or not you’re syncing data to your Google Account.
Are you happy that Google will soon offer a way to opt-out of auto-login? Should more be done to protect our data? Let us know your thoughts in the comments below.