ADVERTISEMENT
Google quietly started logging people into Chrome without their consent, and a security expert says it's terrible for privacy (GOOGL)
Matthew Green, a professor at Johns Hopkins, took Google to task for logging users into Chrome without notifying them and putting their privacy at risk.
Google CEO Sundar Pichai.
For years, Google has given Chrome users the option of surfing the web without logging in.
But on Sunday, a security expert wrote that Google had quietly changed the requirements so when users login into a Google service, such as Gmail, Chrome will automatically sign the browser into their account without consent.
Google tucked the new login requirements into the latest Chrome update without notifying users, Matthew Green, a cryptography expert and professor at Johns Hopkins University, said in a blog post on Sunday.
ADVERTISEMENT
The blog post, titled "Why I’m done with Chrome," began generating debate on Sunday evening and also appeared to send Chrome's managers into damage control.
By being logged in, Chrome users could unwittingly send their browser data to Google, according to Green. He disclosed that he had contacted Chrome managers and they had told him that just being logged into Chrome didn't mean a user's browsing information would be sent to Google. Users would still need to activate the "sync feature" before a data transfer occurred.
And this is where Green, who also said he had quit using Chrome, reserved some of his harshest criticism for Google. He called the Chrome consent page a "dark pattern," a common term that refers to a user interface designed to deceive or mislead people.
"Now that I’m forced to log into Chrome," Green wrote, "I'm faced with a brand new (sync consent) menu I’ve never seen before."
He suggested that this could lead users to mistakenly consent. He added that prior to the recent login change, a user had to key in their credentials to log in and then consent to the sync. Now, users are a single, possibly accidental, click away from turning over their browsing history to Google.
ADVERTISEMENT
Google referred Business Insider to a series of late-night Twitter posts from Adrienne Porter Felt, an engineer and manager at Chrome.
In one tweet, she confirmed that Google has changed the login procedures. She stressed that though someone is logged on to Chrome, they must still consent to a sync before their data is transferred to Google.
Green said it is "nuts" for Google to suggest users are safe because of the sync-consent page.
Green wrote: "If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome, (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me?"
JOIN OUR PULSE COMMUNITY!
ADVERTISEMENT
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.ng
ADVERTISEMENT