Chrome Auto Login Means Google Doesn’t Care About Privacy

shutterstock_1174433119 (1)
Google Chrome hasn’t done itself any favors by changing login procedures.

Basically, it does so without consent.

And that is a big problem according to a security expert.

Just recently a  security expert found out that Google had started to make important changes to the company’s Chrome web browser and modified login requirements quietly.

Matthew Green, a security expert, recently mentioned in a blog post which he published last Sunday that Google had begun to log in users, without their knowledge, into Chrome.

According to Green, such changes did nothing but make life difficult for Chrome users as they could unwittingly and easily turn over all of their web browsing history without knowing to Google.

On the other hand, Google has actually acknowledged the fact that it has made some changes to the way Google works.

However, the company stressed the fact that Chrome users actually had to give Chrome their consent to start the syncing process before the company could begin the process of transferring their web browser data to its servers.

No one is counting, but for many years Google has actually allowed Google Chrome users to browse and surf the internet without ever logging in.

As it turns out, according to one security expert, Google has managed to change its use requirements fairly quietly.

For example, now when a user successfully logs in to any given Google service such as YouTube and/or Gmail, Google Chrome will take matters into its own hands and log the user into his/her account.

Google neatly tucked the new rules regarding login requirements into its latest Google Chrome update and did not notify Chrome users.

This is what Matthew Green who teaches at the Johns Hopkins University and is also a cryptography expert mentioned in his recent blogpost about a week ago.

Matthew titled his blog post “Why I am done with Google Chrome” and as expected, the blog post began to generate a lot of debate on the evening of last Sunday.

Moreover, it also appeared to have sent managers at Google into their damage control mode.

As mentioned before, if Chrome has automatically logged in users without their consent, then Chrome users could potentially send all their web browser data, unwittingly, to Google.

This is the gist of the message that Green appeared to want to give via his blog post.

He also added that Google Chrome managers informed him that just because Chrome had logged in a given user did not mean in any way that Chrome would send the user’s web browsing information and other data to Google servers.

For that to happen, Chrome users would need to enable Chrome’s sync feature.

Only after that will Chrome send the user’s data to Google.

shutterstock_317285564 (1)

When Green found out about it, he reserved some of the harshest criticisms he had made on Google Chrome and because of which he had decided to quit using Google Chrome as a result of the change.

However, even after getting a response from Google Chrome managers, he termed Google Chrome’s sync-consent page as a dark pattern.

What does that mean?

Well, in the design community, the term dark pattern is used to describe any given user interface that tries to deceive and/or mislead online consumers through its design choices.

Green wrote in his blog post that now he was being forced to log in to Google Chrome.

Furthermore, he said, he was faced with a pretty much brand new browser menu that he had not seen ever before.

Green clearly suggested that the new design could actually lead Chrome users to mistakenly give consent to Google Chrome to enable the sync feature.

He also added that before the latest change in login rules, Google Chrome users first had to type in their user credentials in order to log in to Chrome and then give consent to the browser.

The latest changes pretty much dictate that Chrome users are potentially a single click away, in the case of an accident, from handing over all of their web browsing history and data to Google.

Google, in order to recover from Green’s post, referred to publications such as Business Insider to a multiple number of tweets that Adrienne Porter Felt, a manager, and engineer at Google Chrome, had made the following early Monday.

In one of the tweets, Adrienne mentioned that she had confirmed with the company that Google had actually changed the latest login procedures.

After that, Adrienne stressed the point that even though Chrome users were logged in to Google Chrome, they still had to first consent to enable the sync feature before Chrome would transfer their data to Google Chrome.

However, Green suggested that it was “nuts” on part of Google to even suggest that Chrome users were safe regarding their data because of the fact that Chrome had a sync-consent page now.

He wrote that if Chrome did not respect the user’s lack of consent on probably one of the biggest user-facing online privacy option in Google Chrome then why should anyone trust any and all other consent options that Google gave the user.

Green also said that Google Chrome did not even notify him that they had stopped respecting his “lack of consent.”


Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment