Recently, Google released a new version of its Chrome browser (Chrome 69). It has a new sync feature that connects the browser to other Google properties such as Gmail or YouTube, so when you log into Gmail, you’re automatically logged into Chrome.
This offers convenience to end users but has also raised privacy concerns. Chrome is the most widely used browser in the world with a nearly 60 percent market share globally and about 50 percent in the US.
A ‘forced login?’ Some people are upset by the Chrome 69 change, calling it a “forced login.” It was first discussed on Hacker News. Johns Hopkins professor and cryptography expert Matthew Green has also raised privacy and trust concerns about the change on his blog.
One of Green’s primary concerns is that Google will now receive users’ browsing histories without their full understanding and consent:
In short, Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click. This is a dark pattern. Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data.
Google: ‘We don’t automatically get browsing data’: Asked to comment on Green’s post and the issue more generally, Google pointed to a tweet from Chrome engineer Adrienne Porter Felt:
Hi all, I want to share more info about recent changes to Chrome sign-in. Chrome desktop now tells you that you’re “signed in” whenever you’re signed in to a Google website. This does NOT mean that Chrome is automatically sending your browsing history to your Google account! 1/
— Adrienne Porter Felt (@__apf__) September 24, 2018
Google is saying that the browser history data doesn’t go to Google automatically and that users must opt in to have that happen. So the automatic sign-in and sync are different, according to the company. However, Green’s point about users not fully understanding what’s going on and potentially unwittingly authorizing their browsing data to be sent to Google is valid.
Users typically just “agree” and “authorize” without reading policies or terms in order to get on with whatever they’re seeking to do. Google would need to do much more communication around the login and sync changes with end users before they can be confident that they’ve obtained consent to receive browsing data.
Why it matters to marketers. Google has been in a kind of arms race with Facebook to capture and understand user data for targeting, remarketing and attribution. More data is useful for personalization of ad targeting, but these kinds of changes come with risks for Google.
The company is now on the receiving end of a lot of negative coverage and commentary about privacy, as is Facebook. This change plays into that narrative, regardless of Google’s “true motivations.”