Security experts say Chrome 69’s ‘forced login’ feature violates user privacy

A new feature in the latest version of Google Chrome that logs users into the browser when they sign in to a Google site has come under heavy criticism.

Until recently, it was the user’s choice to log-in to the browser. Now, any time that you sign in to a Google site in Chrome 69 — like Google Search, Gmail or YouTube — Chrome will also log you in, too.

But the change has left users unclear why the “feature” was pushed on them in the first place. Many security folks have already panned the move as unwanted behavior, arguing it violates their privacy. Some users had good reasons not to want to be logged into Chrome, but now Chrome seems to takes that decision away from the user.

Matthew Green, a cryptography professor at Johns Hopkins, rebuked the move in a blog post over the weekend, arguing that the new “forced login” feature blurs the once-strong barrier between “never logged in” and “signed in” — and erodes user trust.

“Where Facebook will routinely change privacy settings and apologize later, Google has upheld clear privacy policies that it doesn’t routinely change,” said Green. “Sure, when it collects, it collects gobs of data, but in the cases where Google explicitly makes user security and privacy promises — it tends to keep them.”

“This seems to be changing,” he said.

Google staff defended the change on Twitter, said there was little to worry about — that the change was designed to only alert the user that they were logged in, and that the browser wouldn’t sync their bookmarks, browsing history and passwords across devices without permission.

Green conceded that although Google is not syncing data from the beginning, the user interface makes it difficult to know if browser data is shared with Google once a user is logged in. The “dark pattern” of the browser’s logged-in user interface now makes it possible to trick a user into switching on sync by mistake. Once your data is shared, there’s little a user can do to pull back. Without giving his explicit consent to have his data synced in future, he said Google could later decide, as it did with the “forced login” feature, to switch on the browser sync feature without telling anyone.

“Just because you’re violating my privacy doesn’t make it OK to add a massive new violation,” he said.

Trust is a fickle thing. Chrome isn’t just seen as secure and trustworthy, but many see it as neutral, Green said — a free and open source tool, rather than an extension of Google other core businesses. By breaking down that “sacred wall” between the two has users rattled — and some wanting to switch from Chrome altogether.

What may have been a helpful feature on paper to stop users from accidentally using someone else’s account on a shared computer has blown up in Google’s faces — and not because of the decision, but because users weren’t given a choice.



from www.tech-life.in
Share:

Related Posts:

No comments:

Post a Comment

Search This Blog

Blog Archive

Powered by Blogger.

Edo raises $12M from Breyer Capital to measure TV ad effectiveness

Edo , an ad analytics startup founded by Daniel Nadler and actor Edward Norton, announced today that it has raised $12 million in Series A f...

Unordered List

  • Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
  • Aliquam tincidunt mauris eu risus.
  • Vestibulum auctor dapibus neque.

Sample Text

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation test link ullamco laboris nisi ut aliquip ex ea commodo consequat.

Pages

Theme Support

Need our help to upload or customize this blogger template? Contact me with details about the theme customization you need.