AP
Google CEO Sundar Pichai.
- A security expert has discovered that Google had quietly made important changes to Chrome's login requirements.
- Matthew Green spotted that Google was logging them into Chrome without their knowledge.
- Google's changes also made it easier for users to unwittingly turn over their browsing history to Google.
- The company acknowledged the changes late on Sunday, but stressed that users needed to consent to a sync before their browser data was transferred.
For years, Google has given Chrome users the option of surfing the web without logging in.
But on Sunday, a security expert wrote that Google had quietly changed the requirements so when users login into a Google service, such as Gmail, Chrome will automatically sign the browser into their account without consent.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Google tucked the new login requirements into the latest Chrome update without notifying users, Matthew Green, a cryptography expert and professor at Johns Hopkins University, said in a blog post on Sunday.
The blog post, titled "Why I'm done with Chrome," began generating debate on Sunday evening and also appeared to send Chrome's managers into damage control.
By being logged in, Chrome users could unwittingly send their browser data to Google, according to Green. He disclosed that he had contacted Chrome managers and they had told him that just being logged into Chrome didn't mean a user's browsing information would be sent to Google. Users would still need to activate the "sync feature" before a data transfer occurred.
And this is where Green, who also said he had quit using Chrome, reserved some of his harshest criticism for Google. He called the Chrome consent page a "dark pattern," a common term that refers to a user interface designed to deceive or mislead people.
"Now that I'm forced to log into Chrome," Green wrote, "I'm faced with a brand new (sync consent) menu I've never seen before."
He suggested that this could lead users to mistakenly consent. He added that prior to the recent login change, a user had to key in their credentials to log in and then consent to the sync. Now, users are a single, possibly accidental, click away from turning over their browsing history to Google.
Google referred Business Insider to a series of late-night Twitter posts from Adrienne Porter Felt, an engineer and manager at Chrome.
In one tweet, she confirmed that Google has changed the login procedures. She stressed that though someone is logged on to Chrome, they must still consent to a sync before their data is transferred to Google.
Green said it is "nuts" for Google to suggest users are safe because of the sync-consent page.
Green wrote: "If you didn't respect my lack of consent on the biggest user-facing privacy option in Chrome, (and didn't even notify me that you had stopped respecting it!) why should I trust any other consent option you give me?"
Get the latest Google stock price here.
Next Story
I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
John Jacob Astor IV was one of the richest men in the world when he died on the Titanic. Here's a look at his life.
A 13-year-old girl helped unearth an ancient Roman town. She's finally getting credit for it over 90 years later.
Sell-off in Indian stocks continues for the third session
Samsung Galaxy M55 Review — The quintessential Samsung experience
The ageing of nasal tissues may explain why older people are more affected by COVID-19: research
Amitabh Bachchan set to return with season 16 of 'Kaun Banega Crorepati', deets inside
Top 10 places to visit in Manali in 2024
