Google’s Chrome 69 hides a disturbing twist: if you log into Gmail or another Google service, Chrome seems to automatically log you into the browser as well. Theoretically, that means that you will automatically begin sharing data with Google, like it or not.
The confusion comes from a new way in which Google shows your “logged in” status. Previously, if you were signed in to Chrome, an icon would appear in the upper right-hand corner, indicating that you were signed in and sharing data. The same icon now appears if you’re logged into a Google service like Google.com or Gmail, but not necessarily to Chrome.
Update 9/26/18: Google has announced upcoming changes to the way Chrome 70 handles sign-ins to address this issue.
What does all this mean? Most people associate signing in to your Google account with signing into the Chrome browser, but that’s not always the case.
Signing into Chrome can be done at any time, but typically occurs during the Chrome setup process. After you install the Chrome browser, Google typically asks you to sign in with your Google account. Doing so allows you to enjoy benefits like sharing a browser history across multiple logged-in devices, but others refuse to do so to maintain a sense of privacy. Those users received a rude surprise with Google 69, which also includes a new password manager to make it even stickier.
Google has announced that the upcoming version 70 will change this behavior. According to a blog post, Google will be adding a new toggle that allows users “to turn off linking web-based sign-in with browser-based sign-in.” Once it’s disabled, signing into a Google website will no longer automatically sign you into Chrome. If it’s turned on, logging into Gmail or another Google service will sign you in everywhere.
Adrienne Porter Felt
The icon to the upper right has historically meant that you were signed into Chrome. Now, it means that you’re just logged into a Google service somewhere.
Google: it’s all a big misunderstanding
In a Twitter thread posted by Adrienne Porter Felt, the manager of Google Chrome, Felt said that even through the icon visually tells you that you’re signed in, it does “NOT mean that Chrome is automatically sending your browsing history to your Google account!” she wrote.
“My teammates made this change to prevent surprises in a shared device scenario,” Felt added. “In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device.”
According to Felt, signing in to sync requires an additional step, which then uploads your browsing history to Google devices. Signing into a Google service, by itself, does not do that, she added.
The problem, if there is one, certainly comes from Google’s lack of transparency about the change. Google didn’t immediately alter its privacy policy to reflect the change after launching Chrome 69. Now, however, the privacy policy has been updated. It’s still confusing, though, as this screenshot indicates. Note that signing into any Google.com Web service signs you into Chrome, but syncing is apparently optional; but the first sentence in this section seems to indicate that signing into a Chromebook or a Chrome browser automatically turns on syncing. Whew.
Google
Google’s privacy policy could be worded more clearly.
How to prevent Gmail from logging you into Chrome
If all of this is too confusing and you want to block the connection between logging in on Google’s Web services and the Chrome browser, you can, via an option called “account consistency”. (Thanks to BleepingComputer.com for this.)
Here’s the three-step solution to solving the problem:
- Open Chrome
- Type chrome://flags/#account-consistency in the address bar and press enter.
- When the “Identity consistency between browser and cookie jar” flag is displayed, set it to Disabled.
According to BleepingComputer, this prevents the Chrome browser from managing the login process to Google services, theoretically separating the two.
What this means: Google has taken plenty of heat for slurping up user data and using it to generate personalized ads—a practice employed by many other companies, including Microsoft. But even if this isn’t a case of Google logging you in to Chrome without your consent, for the purpose of grabbing your data, it certainly looked that way. The problem is that it’s difficult to extricate yourself from Google’s services, including search, Gmail, and the like. If you do, consider something a third-party browser like Firefox Quantum, connecting to DuckDuckGo for search, and configuring the browser for maximum privacy.