Earlier this month, Google released an update to the Google Chrome browser, Chrome 69, which came with an updated user interface, enhanced password manager, and other updates. However, it is a very controversial update because it forced user-login even without the user’s consent. That is, if you sign in to a Google site like Google Search, Gmail, or YouTube, you also get logged into Chrome automatically, and there’s currently no way around it. Google originally claimed the feature was introduced to prevent data from leaking between accounts on shared computers.
Security experts are freaking out over the new way Google Chrome sign-in works and raised concerns and heavy criticism from a privacy stand point about it and how controversial the new feature is.
In previous versions of the browser, it was left up to the user whether they wanted to log in to Chrome while they used the app.
Google says it is willing to make changes to it. In a blog post, Chrome product manager Zach Koch on behalf of Google responded to the criticism in this manner
“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on,”
“Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.”
Despite clearing that up, the blowback has apparently been vehement enough for Google to tweak Chrome 70, due in October, which will offer users a clear opt-out for the auto-login feature.
“While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in – that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome.”
In addition to the change, Google says it will update the Chrome interface to make a user’s account sync state more obvious. Google says the way Chrome handles authentication cookies is also going to be tweaked to make sure they don’t hang around once the user has successfully signed in.