Earlier this month, Google started rolling out the Chrome 69 update for users worldwide, introducing an updated material design theme, an updated password manager, smart answers and much more. The Chrome 10th anniversary update was soon engulfed in controversy when a number of users raised privacy related concerns regarding the new automatic Chrome sign-in link to Google websites.
— B9 Systems (@B9Systems) September 26, 2018
As part of the update, Google had released a new feature that initially went unnoticed buried beneath the visual update. The feature linked users’ Chrome sign-in with any Google site they visited without triggering any prompt to alert the user. Google called the new feature “Identity consistency between browser and cookie jar”, making it impossible for users to associate the two.
Now, Google has released an explanation for its decision behind including the new feature and has promised an update sometime next month, which would bring a new toggle giving users the option to turn off that switch. In a blog post regarding the matter, the company’s Chrome Product Manager, Zach Koch, writes:
“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on. Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync…We’ve heard-and appreciate-your feedback. We’re going to make a few updates in the next release of Chrome (Version 70, released mid-October) to better communicate our changes and offer more control over the experience.”
The company further explained that the next update for Chrome will include a “control that allows users to turn of linking web-based sign-in with browser-based sign-in”, an updated UI to provide more clear information regarding their sign-in and syncing state, and a new manner in which the company handles the cleaning of authentication cookies.
While that’s settled, I still feel the company needs to address another issue that arises out of this recent debacle. Even though the company will allow people to turn off the feature sometime next month, the company hasn’t revealed what it plans to do with the data that it has already collected in the past few weeks and will continue collecting until the next update it releases. It also isn’t clear if the sign-in link feature will be enabled by default or will the browser initially prompt the users and alert them of the option to switch it off.