Mandatory sign-in – a benign UI feature or an erosion of user privacy?
Google’s recent decision to automatically log users into its Chrome browser services once they sign into Gmail will become optional next month, following a minor privacy backlash.
The auto sign-in change was rolled out in Chrome 69 at the start of September, but only became a discussion topic in infosec circles after noted cryptographer Matthew Green flagged up his concerns last weekend:
Green followed up with a blog post that explains at some length why the “forced login policy” meant he was ditching Chrome personally, despite his earlier preference for the browser.
Signing into Google’s browser services, previously optional, became automatic once a surfer signs into any Google-owned site (YouTube, Gmail, etc). Conversely, signing out of any Google-run online account means signing out of Google services.
Users will see a small icon of their Google Account picture right in the top right of their browser window when they are signed in. The login doesn’t by itself trigger a data synchronization of browsing history, passwords, or bookmarks with other devices via Google’s cloud.
Google’s techies, including Chrome engineer and manager Adrienne Porter Felt, were quick to point this out in response to Green’s criticism.
In a thread on Twitter, Felt went on to explain that the Chrome UI tweak was made to prevent surprises in a shared device scenario.
“The new UI clearly reminds you whenever you’re logged in to a Google account,” she said. “Plus, you now only need to sign out in one place before you share your computer with someone else.”
“If you want to turn on Sync, it’s an additional step after you’re signed in,” she added.
On Wednesday, Google posted a more formal blog post stating the auto sign-in will become optional with Chrome 70, which is due to arrive mid-October.
Chrome currently keeps Google auth cookies so that users stay signed in even after other cookies are cleared. This too will change with Chrome 70 so that all cookies will be deleted, and users will be consequently signed out from Google’s services.
Split opinion
Privacy and security advocates quizzed by The Daily Swig were split on whether the original mandatory sign-in feature in Google’s services was benign or an erosion of privacy.
Professor Alan Woodward, a computer scientist from Surrey University, described the forced login as a “retrograde step” by Google.
“It’s difficult not to conclude that Google’s business model is superseding their attention to users’ privacy,” Prof Woodward told The Daily Swig.
“The fact that users have real difficulty opting out of this ‘feature’ is bound to erode trust in Google.”
Google has pushed the campaign to move more websites onto https by explicitly warning that http sites were insecure, and by ranking such sites lower in search engine listings.
This latest move, according to Prof Woodward, detracts somewhat from the tech giant’s ongoing privacy-championing efforts.
“Chrome has so many good features that it makes it such a pity that they have chosen to adopt this approach,” he said. “I can only hope it is some sort of oversight on their part and they will make it easier for users to opt out.”
Google has long offered advice on how to encrypt sync data so only users themselves can read it. This and other factors have led Scott Helme, the security researcher behind the Report URI and Security Headers services, to regard privacy concerns about the auto-login feature as somewhat overblown.
“I don’t think there is a privacy concern [even] with the current setup,” Helme told The Daily Swig. “I understand why the Chrome team wanted to make this change which, by default, does not start the synchronization of user content (like browsing history). Synching requires an additional confirmation from the user.”
Initially, many users were attracted by the nimbleness of Chrome. More recently, however, the browser has come under criticism for being a memory resource hog, and its appeal started to rely more and more on feature innovation and security improvements.
Google is faced with the challenge of retaining its userbase while continuing to innovate – something that’s always a tricky balancing act for any tech company, especially when standing still is the surest path to oblivion.