Why experts are freaking out over the new way Google Chrome sign-in works

The internet has erupted over Google’s latest Chrome release — and not in a good way.

With an updated user interface, enhanced password manager, and a slew of other updates, you would assume the latest version of Google’s popular web browser, Chrome 69, would be eliciting some pretty good responses.

But security experts just shined a light on a controversial feature that came with the latest Google Chrome that previously wasn’t announced by the search giant.

A Google Chrome user recently pointed out on Hacker News that Google now forces you to login to your Google account on Chrome if you login to any other Google service using the browser. Logging out of a Google service will also force log you out of Google Chrome.

While there are a number of concerns being leveled at Google here, the issue is essentially two-part. The major issue is the obvious one. Users don’t understand why logging into Gmail, Google Docs, or any other Google service would need to force Google Chrome to also connect to their Google accounts, presumably giving Google access to its browser history, saved passwords, and other personal information. The other issue of focus is Google’s decision to be so quiet about such a major change.

Google’s Adrienne Porter Felt, an engineer and manager for the Chrome browser, took to Twitter to explain a little bit more about the forced login changes.

Felt, tackling the first main concern, points out that Chrome’s Sync feature, which shares browser information such as history with Google so it can be shared across your devices, is turned off by default.

Felt also explains that the reason Google decided to make this change was to put an end to any confusion users may have had when trying to sign out of public or shared devices. Basically, Google tied Chrome and Google accounts together so you wouldn’t sign into a service on Chrome and accidentally sync information with someone else’s account.

But a number of security professionals simply weren’t buying it.

Matthew Green, a cryptographer and professor at Johns Hopkins University, wrote a lengthy blog post explaining why this move from Google was enough cause for him to stop using Google Chrome entirely. In his post “Why I’m done with Chrome,” Green points out that a user would have had to be signed into Google Chrome to begin with for this to be a problem needing a fix to begin with. So, why force users to sign in?

Additionally, Green makes the case that if this was such a positive fix to a major issue, Google would have presented it publicly along with all the other new features and changes. He also points to an issue Mashable has discussed before: dark patterns. With settings options presented by a design and in a language Google sees fit, do Google Chrome users even know what they’re really opting in for if they choose to opt-in to Sync?

Going a step further, security expert Bálint made the case that Google Chrome is essentially a Google service now as opposed to a separate application that can live on its own without being tied to a Google account. The argument here is if you wouldn’t trust Google with your documents, files, or photos due to privacy concerns, then you now can no longer trust Google Chrome with your information either.

The issue here is that there’s no simple fix. Google Chrome is the most popular web browser. According to StatsCounter, Chrome holds nearly 60 percent of the marketshare, so opinions are bound to be all over the place. You can agree with the security experts who find the changes to be a massive privacy issue. You can agree with those who find Google’s new forced login changes to be helpful. There’s certainly truth to both. But there’s no doubt Google self-sabotaged whatever its intentions were by keeping mum about it.

Google Chrome – Sign in to Chrome

When you sign in to the Chrome browser, you can save and sync things like your bookmarks, history, passwords, and other settings to your Google Account, so you can get to them on any device.

Only sign into Chrome from trusted devices. To keep your data safe, we recommended you don’t sign in if you’re on a public computer.


What signing in to Chrome means

 
How it’s different from signing into a website
 

Website sign-in: Signing in to a website allows the website to remember some of your preferences and information.

Chrome sign-in: Signing in to Chrome connects your Google Account to your browser for a more personalized browsing experience. All your Chrome data, like your bookmarks, history, passwords, and other settings, is synced to your Google Account and available on any device where you sign in to Chrome. You’ll also be automatically signed in to Gmail, YouTube, Search, or other Google services.

 

How signing in to Chrome helps you

  • Your browsing data, like your bookmarks, history, passwords, and other settings, are saved and synced to your Google Account. That way, your data is available on any device where you sign in to Chrome with the same account. Any changes you make to your data on one device sync to all the devices where you’re signed in to Chrome.
  • If your device is stolen or broken, you can get back your bookmarks, history, passwords, and other settings just by signing in to Chrome again on your new phone or computer.
  • When you sign in to Chrome, you’re signed in to other Google services, like Gmail, YouTube, and Search.
 
Keep your data safe when signed in to Chrome
 

Don’t sign in to Chrome if you’re using a public or untrusted computer. A copy of your data is stored on the computer you’re using when you sign in, and other people who use the same computer can see it. To keep your information more secure, synced data is encrypted when it travels between your computer and Google’s servers.

You may choose to also encrypt all your synced data. You can remove your synced data from your account at any time.

You can control what gets synced.

How Chrome works with Web & App Activity

You can also get a more customized experience in other Google products when you link your Chrome history with your search and browse activity from Web & App Activity.

If “Include Chrome browsing history and activity from websites and apps that use Google services” is checked on the Web & App Activity controls page, Google uses your synchronized browsing data to provide personalized Google products and services to you. You can change your preference any time, and manage individual activities associated with your Google Account.

Steps to sign in to Chrome

To sign in to Chrome, you’ll need a Google Account. When you have an account, follow these steps:

If you have more than one account or you share your computer with others, learn how to manage multiple people in Chrome.

  1. Open Chrome.
  2. In the top right, click the button with your name or People People icon.
  3. Click Sign in to Chrome.
  4. Sign in with your Google Account.
  5. To customize your sync settings, click More More icon and then Settings and then Advanced sync settings. You can choose what information to share across other devices where you’re signed in to Chrome.

Note: If you’ve already created a sync passphrase to protect your data, you’ll need to provide the passphrase when you sign in. If you forget your passphrase, you’ll need to reset sync.

Sign in on a Chromebook

Learn how to change your sync settings on a Chromebook.

By signing in to Google Chrome with your Google Apps login your bookmarks and preferences will be synced across all your devices.

One of the first things we recommend to someone when showing them Google Chrome is the Sign In feature. When you sign in to Google Chrome with your Google Apps account your settings, including bookmarks, extensions and preferences, on that computer are saved to your Google account. When you sign in using another computer Goo

This is a great way to ensure that you have the same environment wherever you log in and ensures that you do not lose those valuable bookmarks, themes, extensions and preferences – even if your computer has a melt down!

The sync is automatic, fast and encrypted to ensure security of your data.

To sign in to Google Chrome, click on the Spanner (top right) and select Sign in to Chrome You can also see whether you are signed in and manage your sync data through Settings > Personal Stuff > Sign in.

Once you’ve signed in and synced, check out how to set up more than one Chrome profile and keep multiple users or accounts separate.