
Product Updates Based on Your Feedback - tptacek
https://www.blog.google/products/chrome/product-updates-based-your-feedback/
======
tptacek
Like Eric Law[1], I felt like while there were some rough spots in the UX for
the Chrome login and sync features, the issue was very overblown (I'd feel
very differently if sync had been enabled automatically). I don't have much
more to say than Law does --- except maybe that when _your arch-competitor is
speaking out on your behalf_ , maybe the narrative has gone a little haywire.

I figured Google would do something cosmetic (again, that's all that I think
they really needed to do) to clear up the misconceptions here, but they've
added a Matthew Green switch (which is what we all need to call it from now
on). That's better than I'd hoped for.

[1]: [https://textslashplain.com/2018/09/24/chrome-
sync/](https://textslashplain.com/2018/09/24/chrome-sync/)

~~~
statictype
The sync thing was overblown. The cookies thing was a bit more concerning to
me.

Not so much from a privacy angle but from more of a 'Chrome has lots its way'
angle.

A lot of our software's more complex interfaces are Chrome-first since its
faster to develop - yesterday was the first time I made a serious
consideration to change that approach.

Glad to see they are listening to user feedback and reacting quickly.

~~~
pilif
The cookies thing could be seen as a bug: the button does remove the cookies,
but because your google sign in state is now tied to the browser sign in
state, new cookies will immediately be set.

To fix this, the “remove cookies” button would also have to sign you out of
chrome which would also feel weird from a UX perspective.

All in all I think this was just released a bit early before all UX edge cases
could be tackled (or even discovered. Sometimes you find things only in wider
rollouts)

~~~
cpeterso
If exempting Google's cookies from being cleared was a bug, they would not
have added a message in the UI that "you won't be signed out of your Google
Account":

[https://twitter.com/ctavan/status/1044282084020441088](https://twitter.com/ctavan/status/1044282084020441088)

------
cm2187
Won’t change my mind and will stick to Firefox after having switched because
of this. First I don’t want to be logged in in my browser at all. Second, and
probably more important, software is about trust. Even for an open source
project, no one has the time to review millions of lines of code. So
unfortunately one has to rely on what one believes is the behavior of the
authors of the software. And what google did is to shatter that trust by
sneaking that change discretely.

~~~
TekMol

        I don’t want to be logged in in my browser at all
    

Same here. Why does Chrome log you in in the first place?

I mean I know it from the companies perspective of course. They want to
consolidate as much data about you as possible. And tie you into their
ecosystem.

But what is the user facing benefit? Syncing your bookmarks across devices?

~~~
RossM
> But what is the user facing benefit?

Syncing bookmarks, recently opened tabs, passwords, autofill(?). These are
genuine benefits when you're working with laptops, desktops, phones and
tablets. Whether they're worth the cost of data mining is another matter of
course.

~~~
TekMol

        These are genuine benefits when you're working
        with laptops, desktops, phones and tablets.
    

I work with all of these devices. Yet I don't want any of that syncing.

The thought that Google wants to send my 'recently opened tabs' to their
servers makes me shudder. So they get the whole browsing history of every one
of their users? Of all the pages that have _nothing_ to do with them?

Same with passwords. So they have a gigantic database with all of their users
passwords for all the services the users use? Even those totally unrelated to
Google?

~~~
ajross
> I work with all of these devices. Yet I don't want any of that syncing.

So... you're happy that they're giving you the option to turn it off then,
right? I mean, you appear to concede that someone users want this. You want
the option to turn if off, which you're getting. That seems like good news.

Except your tone doesn't seem to match your logic.

FWIW: I use Firefox too. But... I mean come on folks. They messed up, they're
fixing it. The obsession with hatred and flamage is getting a little out of
control.

~~~
Ntrails
The issue is that trust breaches can't just be rolled back. You put people in
a situation where they don't want to get caught out by the next change that
the press doesn't pick up and/or you don't hear about.

------
dannyw
I have already switched to Firefox and loving it (Facebook container, tracking
protection enabled), but these changes are welcome and responsive.

I hope this is a wake up call that privacy implications need to be seriously
considered during product design (even if the intent was better UX), and
hidden changes without any UI/notice is going to make issues blow up far more
than if there was clear in-app communication.

~~~
seibelj
I did as well. DuckDuckGo, ublock origin, privacy badger. I haven’t used
Firefox seriously in 5 years or so and I’m very pleased with the experience.

To be honest, it’s best to use an independent company for your internet
browser. Google’s incentives and business model no longer matches web browsing
for someone who cares about privacy.

~~~
tome
> I haven’t used Firefox seriously in 5 years

Do you mean "I haven't used *Chrome" ..."? Otherwise I don't understand what
you're trying to say.

~~~
AsyncAwait
They used Chrome previously and now they switched to Firefox and are happy
with it, despite not having used it seriously in 5 years.

~~~
tome
Ah, so maybe the meaning was "I've _just_ switched to Firefox after having not
used it seriously for five years". It's interesting that that interpretation
was so obvious to so many people but not me!

------
danShumway
Unfortunately, Chrome 70 is also when `www` subdomain is slated to get re-
hidden, and when web audio breaking changes are slated to get re-introduced.

There's just too much to keep up with at this point.

I'm happy about this change, it's a big move in the right direction. But it
doesn't give me any confidence for the future. It's crazy that users have to
do this every single release. It can't continue like this.

I have no idea anymore what it would take to get me to switch back to Chrome
or to start recommending it to friends and family. I feel like Google is
actively training technical communities to distrust them. It's going to turn
into some kind of Pavlovian response.

~~~
umanwizard
A Google representative has claimed on the domain hiding bug report that the
change is shelved due to the feedback.

Edit: Permalink to the relevant comment:
[https://bugs.chromium.org/p/chromium/issues/detail?id=883038...](https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c60)

~~~
ken
Yes, I think that's exactly what danShumway meant by "users have to do this
every single release", i.e., give feedback about a big upcoming change that
should never have been made in the first place.

One week it's the domain hiding, another week it's cookie clearing. Who knows
what Google is planning to change next time? It's not sustainable for us to go
reactive every month.

There's an awfully big disconnect if the makers of the world's most-used web
browser are routinely trying to change it in ways that users force them to
immediately revert. That's not what good stewards do.

~~~
SquareWheel
>Who knows what Google is planning to change next time?

It's not exactly a secret. Go download Canary and see what's in the pipeline.

~~~
AsyncAwait
You missed paren't point. It's not about if you can see the changes
immediately in the next release, it's that you have to be constantly vigilant
as to what they're going to do next, like looking over your shoulder.

You can do that, but it's time consuming and exhausting. You're better off
switching browsers.

~~~
SquareWheel
That's overly dramatic. Both Chrome and Firefox are excellent browsers, and
are developed in the open for all to see. They are examples of open source
done right.

~~~
AsyncAwait
> Both Chrome and Firefox are excellent browsers, and are developed in the
> open for all to see.

I still think you're misunderstanding. The problem is that Google as an
organization has the incentive to pull shady shit. It may be noticed, but
watching Reddit/HN to see if your browser, which should protect you/be
trustworthy, is pulling shady stuff, or whether you may've missed a story of
it doing so is still exhausting and keeps you wondering.

~~~
SquareWheel
All companies have the potential to do shady things. The majority of Google's
changes to Chrome have benefited end-users, and not Hacker News goers. We live
in a bubble here, and lately it's been an outrage bubble. There's little
substance to any of it.

A recent example: Hackers hate the idea of removing "www". Why? Because it's
less accurate and we love accuracy. We think about what happens to the DNS if
the www isn't a CNAME for the root, and how this isn't technically accurate.

Real users don't care. The UI is cleaner and make important information like
what domain they're actually on more pronounced. This may help reduce phishing
attacks and make URLs more legible.

Integrating sync is the same way. I'm not surprised that hackers hate it, but
end users will appreciate the convenience. Android had the feature for years
already.

We need to get out of this bubble and stop assuming we're the core audience.
It isn't evil to design for somebody that isn't us.

------
ggm
One positive, is that the response was fast and direct. In the past, negative
user feedback has tended to be buried, or felt like it, or ignored, or felt
like it.

This time, somebody decided the only clean path out was to be responsive: to
make changes which reflected community concern and to _tell people about them_

Which I think, is good. I vastly prefer the google which tells people it
listened, to the one which says it listens but doesn't tell us whats happening
to the inputs we give.

 _(thats the one which lies behind any three-dots 'send feedback' hooks in
almost any google app or s/w I use: I never get the sense anyone reads it,
cares about it)_

~~~
justinclift
> ... is that the response was fast and direct.

Communication about it seems to be. The actual code changes seem like they'll
roll out in um... 3 or so months from now?

~~~
piyush_soni
They clearly write in the blog that they'll make changes in Chrome 70 which
will release in mid-october.

~~~
justinclift
k, wasn't sure. I don't track the Chrome release schedule at all, so figured
it was probably quarterly. Sounds like it's monthly then.

Looking again, yep mid-October. So, no rush then. A couple of weeks worth of
extra data collection it is then.

~~~
salvar
Yes, I'm sure the code is ready but some evil mastermind twisted their
mustache and said "No... let's collect two weeks more of data! Bwahahahaha!"

~~~
justinclift
As dumb as it sounds... that's kind of what their actions are indicating. :(

------
pipermerriam
The fact that this all happened in the first place is really telling. It's
nice that they've backed these features off (a bit) but there's a reasonably
clear signal to take away from this.

When company and customer interest are misaligned this is the result. There
are plenty of cases where a strong leader in the company with a strong
ideology can hold this stuff back, but companies normally outlast those
individuals and eventually there's nobody left to stand in the way.

It's wonderful that we were able to make enough noise and fuss that the
cost/benefit shifted sufficiently but this will happen again, and then again,
and so on... And eventually, we'll be tired of yelling or won't be able to
yell loud enough.

Vote with you attention and your data and your money. Switch to Fastmail or
Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another
not-so-great-for-developers-anymore Apple macbook pro. Choose these options
even if they aren't as good because if we don't support the handful of
companies who are trying to do something other than gobble up all of our
attention and data we're in for a really dark future for the web.

------
kettlecorn
Everyone seems to be arguing the utilitarian merit of this feature, but I just
don't like what it signals for Google's approach to the web.

They're building in features that integrate their browser into their web
pages.

As far as I'm aware no other major browser holder has done anything of that
sort, but I'm probably missing some examples.

~~~
Meai
It does seem weird that this would be lauded. I want my browser to be
completely independent of what I'm doing on the website because there is no
telling what the browser might be doing on my OS and frankly if I want to sign
into a website, I will. It's not any of my browser's business what I do on the
websites I visit. This seems like a fundamental part of sandboxing but maybe
other people don't see it that way.

I imagine more and more so called convenient features might come where Chrome
can suddenly install entire Windows apps, clean my files, and replace my OS.
Then again, why not. Who am I to tell Google how to compete, maybe they can
replace Windows with something better by gradually bloating up Chrome into an
OS inside an OS.

~~~
ux-app
> maybe other people don't see it that way

If the HN backlash is anything to go by, a lot of people see it the same way
as you (me included).

Every company will act in it's best interest not ours, particularly in the
case of Google who are blatantly building out a vision of what they want the
web to be for 1 singular purpose: to more closely monitor you for the purpose
of selling your online activity to the highest bidder.

This much influence being concentrated is bad for the web.

Viva la revolución!

~~~
clear_dg
> If the HN backlash is anything to go by, a lot of people see it the same way
> as you (me included).

HN isn't representative of most users of Chrome. I doubt that we qualify as "a
lot" to Google. An extremely vocal minority, at best.

~~~
ux-app
you're a techie i'm guessing? How many of your friends/family ask for tech
support/advice? There's a serious multiplier effect at work. I'm a high school
IT teacher. I influence approx 600 students per year. We now cover online
privacy and I will be setting assignments that ask students to investigate and
make reasoned arguments about the impact of Google's dominance on their
privacy.

Once you annoy enough of the tech literate, word will start to spread. Slowly,
then quickly. How do you think Chrome got its foothold to begin with?

~~~
clear_dg
I won't deny that the tech crowd can influence things, but it's become quite
hard for regular users to quit the whole Google panoply of services and tech
products. Mail, browser, maps, dns, search, etc... It isn't painless and easy
to abandon all of this and I have doubts even tech-savvy influencers can
counter it at this point, only by word of mouth.

And about how Chrome got a foothold in the first place, I distinctly remember
Google agressively advertising their own product on their search engine page,
and bundling the binary with everything under the sun (Adobe Reader, anti-
virus, etc...). Every time you installed software, there was a good chance
Chrome was included with it. Tech influencers had their part in the success of
Chrome, but it definitely wasn't the only factor, or maybe even the most
important one.

------
koolba
> We’re also going to change the way we handle the clearing of auth cookies.
> In the current version of Chrome, we keep the Google auth cookies to allow
> you to stay signed in after cookies are cleared. We will change this
> behavior that so all cookies are deleted and you will be signed out.

I _really_ want to know who the internal champion was for getting the cookies
to be perma-stored in the first place. It has to be someone relatively high up
and I’m genuinely curious how high it goes.

~~~
nhf
Based on what I know of the Chrome team, it was probably the conclusion of
some UX manager or the result of a user study they did around Google
authentication. If I had to guess: their end goal is not explicitly to collect
more advertising data for Google, but it's to minimize friction around the use
of Google services. This leads to decisions like the cookie one.

~~~
fermienrico
I don’t know why but I get an intense feeling of disgust at “people at higher
position” making stupid decisions like this one.

My cynicism kicks in and I feel like they know _exactly_ what they’re doing,
but the bottom line is more important than anything including causing a PR
storm on HN and tech blogs.

Strip down emperor’s clothes and truly reveal the nature of big corporations
and their greed to ruin everything for the benefit of the shareholders and
their bonus targets - ethics, privacy and environment.

Perhaps I have a problem with extreme levels of cynicism.

~~~
romed
In my experience at Google, "people at higher positions" do not really make
these kinds of decisions. Someone at the leafmost position in the organization
comes up with some research and recommendations and if nobody stops them, they
go ahead and do it. It's actually really disorganized.

~~~
fermienrico
I feel like integrating auto sign in, tracking and Google cookies is less of a
disorganized decision and more of a premeditated, carefully snuck in effort
for their ads business. All the stars align for the bottom line.

Just look at the state of Android. Try being a cell phone OEM who wants to use
Android but without Google integration. Impossible.

~~~
lern_too_spel
> Try being a cell phone OEM who wants to use Android but without Google
> integration. Impossible.

Tell that to Vivo, Oppo, Honor, Huawei, Xiaomi, Meizu, OnePlus, Lenovo, Qiku,
Smartisan, Amazon, etc.

~~~
ascorbic
OK, try being and OEM who wants to use Android but without Google integration
_in a country where Google is legal_. I think Amazon backs up that point, not
yours.

~~~
snaky
Google is legal in Russia, and there is a rumour Yandex is going to launch
Android smartphone in a month or so. And the store.yandex.com is up.

------
gniv
This is probably the most important change:

> We’re also going to change the way we handle the clearing of auth cookies.
> In the current version of Chrome, we keep the Google auth cookies to allow
> you to stay signed in after cookies are cleared. We will change this
> behavior that so all cookies are deleted and you will be signed out.

------
niftich
For those interested in source code, one can review Chromium's implementation
of this feature in chrome_signin_helper [1], dice_response_handler [2], and
adjacent source files in the /chrome/browser/signin/ folder [3], as well as
the files in the /components/signin/core/browser/ folder [4]. To my eyes, it
seems an API call is made from the browser to Google to obtain the signed-in
state.

[1]
[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/chrome/browser/signin/chrome_signin_helper.cc)
[2]
[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/chrome/browser/signin/dice_response_handler.cc)
[3]
[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/chrome/browser/signin)
[4]
[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/components/signin/core/browser)

------
ben174
I have no doubt this is a direct result of the feedback in the hacker news
thread. Googlers read our comments and take them seriously when there is true
merit. Keep making noise folks, it matters.

~~~
ericabiz
Agreed. Now: does Mozilla read these?

I tried to switch to Firefox, but was stymied by a bug where Firefox consumes
100%+ CPU on MacBook Pro Retinas.

Firefox is basically unusable with this bug; Facebook takes forever to load,
and even Reddit r/firefox shows "A webpage is slowing down your browser" bar
at the top.

Active relevant bugs are here:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1404042](https://bugzilla.mozilla.org/show_bug.cgi?id=1404042)
[https://bugzilla.mozilla.org/show_bug.cgi?id=1429522](https://bugzilla.mozilla.org/show_bug.cgi?id=1429522)

But apparently this has been going on for 2+ years and Mozilla hasn't been
able to fix it.

Given rMBPs (I would think) would be a fairly large market share of people who
work at Mozilla or use Firefox, it's both concerning and surprising that a bug
of this proportion has gone on so long.

Edit: Jeff from Mozilla has reached out. I sent him a perf log and a
screenshot. Tracking here:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1494186](https://bugzilla.mozilla.org/show_bug.cgi?id=1494186)

~~~
muizelaar
Neither of those bugs have to do with 100% CPU on rMBP. Their about using an
inefficient presentation path which increases GPU power usage. You can
mitigate this today by setting gfx.compositor.glcontext.opaque to true.
Further, Firefox Beta has additional texture upload performance improvements
that will reduce cpu usage.

If you're actually experiencing 100% cpu usage, post a profile using
[https://perf-html.io/](https://perf-html.io/) and I can try tell you why.

~~~
ericabiz
Steps to reproduce:

1) Pick a rMBP. Any one.

2) Set display options - "more space" under System Preferences.

3) Run Firefox. Load any website. No extensions; safe mode doesn't matter.

4) 100%+ CPU, fans kick up and run high, system gets hot and slows to a crawl.

Chrome and Safari run totally fine under the same conditions.

It's documented pretty thoroughly in the first Bugzilla link I posted; the
second one is an offshoot where they're trying to solve this specific issue.
If you do happen to work at Mozilla, would really appreciate your help
escalating.

EDIT: I now have a perf file showing significant issues when clicking on a
YouTube video. It gives an error when trying to upload it to the site, but if
you contact me through email (in my HN profile), I can send it over.

~~~
muizelaar
1) I'm running a MacBook Pro (Retina, 15-inch, Mid 2015)

2) My display options are set to "more space"

3) I loaded this hackernews thread.

4) Firefox and it's child processes are using <1% cpu.

If I aggressively scroll this page I can push the cpu usage up. We have a
variety of fixes in the pipeline that will help with this
([https://bugzilla.mozilla.org/show_bug.cgi?id=1429522](https://bugzilla.mozilla.org/show_bug.cgi?id=1429522),
[https://bugzilla.mozilla.org/show_bug.cgi?id=1265824](https://bugzilla.mozilla.org/show_bug.cgi?id=1265824)).
That being said, only 4.7% of our users are on MacOS so it's more difficult to
justify prioritizing work specific to that platform.

~~~
gpm
4.7% of your users, but what percentage of web developers?

If that second number is substantially higher (and I personally suspect it is,
but I don't have data backing that up) I think it would be very reasonable for
Mozilla to prioritize MacOS. Getting web developers to use firefox makes
firefox work better for everyone because it makes more sites work well with
firefox.

~~~
bholley
Yeah, we do prioritize Mac disproportionately to its market share for that
reason. It does sometimes happen that we have to make hard calls though, and
that's what Jeff is referring to.

On that note, one of the key motivators behind WebRender (our new graphics
backend) is that it provides hardware acceleration across all platforms,
including mac (whereas our current Direct2D acceleration works only on
Windows). So Mac graphics performance should generally improve once we get
that shipped.

------
allthecybers
Too late. I am already done with Google as I was done with Facebook a few
years ago. There seems to be no end to the privacy issues and user
exploitation that crops up. If it isn't one thing it is another.

These marketing / ad tech companies masquerading as consumer products will
inevitably drift toward more invasion of privacy and user exploitation.

~~~
djanogo
I agree, more people need to not accept these type pseudo apologies which
provide a toggle to turn it off after the fact, they damn well know that 99%
of people won't turn it off. And they are doing this on billions of devices.

Don't every freaking website have "Keep Me Signed In" (Don't use this on
shared computer) message for decades already?

------
fermienrico
I’ve realized something over the years: Remember how “cool” Google was in
2007!? I vividly remember.

I have learned an important fact that Ad business is rotten at the core -
meaning it has direct conflicts with users. Therefore, I can never come to
trust any Ads businesses: Facebook, Google, Snapchat, etc and recently Adobe
and Microsoft.

I’m disgusted at the state of advertisement in modern society. It ruined
cable, radio, social media, road sides, magazines and the very fabric of
society. Turns out that our attention has a huge price tag.

~~~
spectrum1234
I generally agree. However without ads, how do you expect poor people to have
(free) access to radio, magazines (well, cheaper), antenna tv?

~~~
fermienrico
At this rate, the poor are better off without tv, radio and magazines. They’re
largely just an entry portal into psychological extortion by these advertising
firms.

I’m a huge fan of publicly funded media such as NPR and your local public
radio station.

~~~
sooheon
I'm also a fan of patronizing the media you enjoy. Content makers having a
direct relationship with their consumers.

~~~
WoodenChair
Choosing to watch ads is a way of patronizing the media you enjoy.

------
ThePhysicist
I don't see how having the sign-in sync turned on by default can be compatible
with "privacy by design and default" as mandated e.g. by the GDPR. I wonder if
they will have to offer a EU version of Chrome soon therefore.

Anyway, 90-95 % of users will probably just stick with the default value
because they either don't know about the option or don't care enough to change
it, hence from Google's perspective introducing it won't hurt their data
collection efforts that much while they can at least say they did something to
protect people's privacy. This is why I think "privacy by default" is so
important, and it's sad to see that some of the largest players in the data
collection space still ignore it.

~~~
joshuamorton
Sync isn't turned on by default. Sign in is. They're different settings.

~~~
ThePhysicist
With "sign-in sync" I meant the fact that signing in to a Google service will
automatically sign you in to Google Chrome.

~~~
joshuamorton
But then the feature you mention didn't affect storage if user data.

~~~
ThePhysicist
It's not about storage it's about tracking. If Chrome syncs your web-based
login cookie with your Chrome authentication it means they will associate the
data your browser generates with your user account. I don't know what they
collect there but I assume it's something, as otherwise why bother to log
someone in?

~~~
joshuamorton
Why does it mean that?

It certainly means that it's possible, but of course it was potentially
possible before, and the code is, afaik, open source, so you're free to look
and see if they really are.

As for non-tracking reasons why this change: it improves the us for users who
use multiple accounts or share accounts on a single system.

Sometimes things are just because they want a more useful product.

~~~
ThePhysicist
Maybe, it doesn't change the fact that it's not privacy by default, because
that would require having the user explicitly opt in to the syncing of the two
sessions. That has nothing to do with wether they actually collect or transmit
any data.

~~~
joshuamorton
>Maybe, it doesn't change the fact that it's not privacy by default

Why? If this change doesn't impact privacy, why is having it opt out not
privacy by default? How is a no-op from a privacy perspective privacy-
anything?

~~~
ThePhysicist
Is it a no-op though? From my understanding of the privacy policy, Chrome will
send e.g. search queries along with other metrics to Google even when the
syncing is turned off. As these things are turned on by default it means they
would get associated (or at least would be associable) to the logged in user.
Is that not the case?

Also, privacy by default means that no unnecessary data is created or shared
between systems without asking the user first, regardless of what the purpose
of this data sharing is. The Chrome browser and the Google web services are
two different things, and most users will not expect that the two accounts are
automatically tied together. The nice thing to do here would be to simply ask
the user before syncing the logins. I suspect that the long-term goal here is
to tie the browser history and search queries of more users to their Google
accounts, because that information is very valuable (but also highly
sensitive).

------
prh8
I'd prefer that Google not add this "feature," instead of just issuing a blog
post that will go unread by 95% of people, and adding a setting that will go
unknown to the same 95% of people.

"Oh whoops we got caught. We'll give the few upset people an extra check box
to revert to old behavior. But luckily no one else will ever know."

------
Alex3917
"Now, when you sign into any Google website, you’re also signed into Chrome
with the same account."

I've currently got 6 different gmail accounts pinned. So which Google account
am I supposed to be signed into Chrome for?

------
delidumrul
I am one of whom has switched its browser because of this issue. I have seen
that in the blog post, they claim Chrome will offer an option not to allow
chrome sign in when you sing in on a google service. Let me describe your
mentality: hey there who is aware of what they use. I have an option for you.
You can turn this feature off. For the others, this will be default. Why don't
you simply make this option closed as default?

Do you still want to play with your users, Google? It's your product and your
choice. Good night and good luck

~~~
ajross
In the blog post, they also tell you quite clearly that they'll be pushing it
in Chrome 70.

~~~
delidumrul
You are right. I have updated my comment :)

------
mlazos
This is such a typical response that I would expect from any product
management team. "We hear you, we're making small inconsequential changes to
make you feel better, but the decision is final."

I still love the rationale for this decision:

> Over the years, we’ve received feedback from users on shared devices that
> they were confused about Chrome’s sign-in state.

Their solution: Let's add _another_ state - the "sync" state - I'm sure this
won't be confusing to users at all /s

------
s09dfhks
Made the move to firefox after the initial post came out about this "feature".

Surprised to say that not much has changed with the move. I was able to find
all my extensions in the firefox addons. Life continues

------
ux-app
for me, the latest issue was just the straw that broke the camel's back. I
switched to FF + DDG + Protonmail because I don't like the idea of a Google
web.

\- Search

\- Analytics

\- Email

\- Storage

\- Android tracking

\- Online video

\- Chrome which is now becoming a portal to the GoogleWeb

I don't want _any_ company to control this much of what I do online as a
matter of principle.

At this point they're a victim of their own success.

~~~
billylindeman
I'm basically in the same boat. This move combined with the project dragonfly
leaks has led me to conclude that google cannot be trusted with my data. That
in turn led me to evaluate just how intertwined google is into my life and its
pretty scary.

------
benatkin
Reading this was infuriating. The usability rationale is a blatant lie. They
did it to attempt to get Chrome users to adopt Google services more, just like
they have with Android, changing what were formerly simple, generic apps to
tie into google services (Play Music instead of an audio player, Downloads
advertising Google Drive, Keep instead of a note taking app, etc). I like and
use a lot of Google products but I don't appreciate my preferences being
disregarded.

------
verytrivial
My complaint is not this _specific_ change, but the thought, review and
release process that allowed this to become the default. And what was the
thinking behind not attempting to explain the cookie behavior that at the very
least is surprising, but generally just a bit creepy, right?

Did users _really_ need to explain this to Google? Perceptions of
trustworthiness are based upon behavior, and this erodes that a bit. Not a
massive amount, but enough to cast new features in a different light.

(The justification that 'most people will find this easier to understand' only
goes so far and the fact it gets trotted out so often is itself concern.
'Being logged in everywhere makes your life easier!' Okay, ... and? Who else's
life does it make easier and what are they gaining?)

------
reacharavindh
Chrome is just spyware. Move on to Firefox already. At some point, Chrome was
feeling faster than Firefox and some dev tooling warranted a try. But, with
Firefox where it is now, seriously think why on Earth do you want to run this
spyware from Google as your web browser.

~~~
a_imho
As a Firefox user: it might be less of a spyware than Chrome, but with the
Google funding Moz://a can't even plausibly deny they are not controlled
competition on the browser market.

~~~
reacharavindh
True. There is no such thing as blind trust. I use FireFox with Privacy Badger
and keep my fingers crossed that there are no creepy things going on.

------
metafunk
That switch strikes me as the perfect compromise - the default remains the
automatic log in behaviour and those who don't want it have an out. If I were
putting the automatic sign-in feature together I'd have considered this from
the outset, but the Chrome devs have always had a preference for minimal UI.
Usually this works in their favour, in this case it did not.

------
i2shar
>> Keep the feedback coming.

Don't conflate Chrome sign in with _any_ web page sign in - not even Google's
own. Call that web page neutrality.

Also, I wonder if it will allow signing in with one account and syncing to
another as it used to before the current mess. My use case: Keep myself signed
in to G Suite Apps (Gmail, Drive, Docs, etc.) with my work address, but sync
my bookmarks, extensions and settings to my personal address.

If not, the changes they announced don't help me.

------
doodliego
Claims to want more feedback. "Blog" post has no comment field.

~~~
Gustomaximus
And their 'email' button opens a email with no address:

Button: [http://prntscr.com/kyrhrf](http://prntscr.com/kyrhrf)

Email Opened: [http://prntscr.com/kyri1i](http://prntscr.com/kyri1i)

~~~
artursapek
It's obviously a "share via email" button, not a "email the senior product
managers in charge of Chrome!" button.

~~~
Gustomaximus
That makes sense.

Side point - the comment "email the senior product managers in charge of
Chrome!" feels aggressive. It could be an email to a generic address where
they sift feedback. That's hardly an unused option on the web. Is my comment
here unfair?

While 100% you are correct in the point, I feel polite discourse on HN is the
aspiration.

~~~
snaky
Microsoft has UserVoice at least.

------
gpm
I'm pleasantly surprised by this. This is nearly as good a short-term reaction
as could have been hoped for over the current batch of issues.

Hopefully there was also an update to the privacy policy reflecting the new
meaning of being signed into chrome?

------
dazhbog
Was holding back updating to 69, and after restarting le browser, boom I'm now
im forced to use this crap with no way to go back.

Spent hours trying to figure out how to disable automatic updates on a Mac.
Everything is so deliberately hidden it's disgusting. Find
com.google.Keystone.xxx, LaunchAgents, plists, edit this XML, and edit that
UpdateDefault field, policies, etc. [1]

Then, being fed up with Chrome, lets see Chromium website, maybe those guys
without any bad motives can provide a developer friendly way to disable
updates.. It should be somewhere in about:about right? Nop, clicking on how to
turn off updates guide[2] redirects to a a Google page irrelevant to auto
updates..

This reminds me of the time that Chrome didnt have any password (keychain)
protection and they were claiming it was a Feature!

[1]
[https://support.google.com/chrome/a/answer/7591084?hl=en](https://support.google.com/chrome/a/answer/7591084?hl=en)

[2] [https://www.chromium.org/administrators/turning-off-auto-
upd...](https://www.chromium.org/administrators/turning-off-auto-updates)

------
z3t4
When I found out the Google update service secretly wake up at night to scan
all my hard drive's they where quick to remove that "feature", but I'll never
use a Google product again. (it could also have been a malware or virus). But
who cares right ? Today everyone uploads their IP to the big vendors who's
business model is far from only providing cloud storage.

------
ToFab123
Too late Google. What ever trust I had left in you are gone. I already
uninstalled Chrome and it is not coming back on my computers.

------
newscracker
Nice try, but a bit too late.

Emphasis mine:

> "While we think sign-in consistency will help many of our users, _we’re
> adding a control that allows users to turn off linking web-based sign-in
> with browser-based sign-in—that way users have more control over their
> experience._ For users that disable this feature, signing into a Google
> website will not sign them into Chrome."

Frankly, is this just more subterfuge because this is opt-out and not opt-in?
Most people wouldn't really understand whatever help text you put out there.
If you word it in a way that makes saying yes look like the better option,
people will do so (people generally say "yes" or "ok" to any dialog because
they want to get rid of them and get to work). These are dark patterns that
nobody should use, least of all a company that claimed long ago "do no evil".

------
tempestn
If sync is left disabled, what else does signing into the browser do? I
normally use Firefox, where my understanding is that when you sign in, you're
specifically signing in to Firefox sync. Since these are separate options on
Chrome, presumably there are other functions tied to browser login.

------
jhayward
I still haven't seen any clear statement from Google on whether or not being
signed in to Chrome w/out enabling sync alters what data flows from browser to
Google in any way.

If signing in to Chrome is completely without any data exchange, collection,
aggregation, or reporting, then please say so.

~~~
Zarel
Their Privacy Policy seems to suggest this:

[https://www.google.com/chrome/privacy/](https://www.google.com/chrome/privacy/)

They have two main modes:

"Basic browser mode" \- for not signed-in, or for signed-in but sync disabled

"Signed-in, Synced Chrome mode" \- for when sync is enabled

And the basic browser mode doesn't send anything particularly interesting to
Google.

Still, it would be nice to get an official statement about that.

------
dandare
>We deeply appreciate all of the passionate users who...

Sounds like a sleazy corporatespeak after covering some missteps.

------
sodosopa
I believe they're deliberately misleading around what the issue is. It's not
that Sync was enabled, it's that you were logged in period.

------
exabrial
Why does it take a damn backlash from users to get Google and Facebook to
behave? Just because it's legal doesn't means it's ethical.

------
zmmmmm
Their explanation about solving the inconsistency between the chrome browser
logged in user and the google web site logged in users makes some amount of
sense. I am sure there have been some interesting incidents where people's
browsing habits were exposed to other users unintentionally and it's
reasonable for Google to want to respond to that.

It seems unnecessary however to auto-log in a person to the chrome browser
when there is no such login in the first place to solve this though. It would
make more sense to just display a warning when the state is inconsistent
rather than start auto-logging people in (regardless of sync state).

------
kryogen1c
This is not attempting to fit user needs, this is an attempt to put out a PR
fire and salvage quarterly earnings.

I'm still leaving, maybe even more-so because of the false heartfelt "ok let's
do it your way". I will not be patronized, we're not on the same team anymore.

~~~
paradite
I don't understand, the piece looks like it promises to address all the
problems highlighted in the past few days in Chrome 70. Why are you saying it
is a PR piece?

~~~
satori99
The problems were easily foreseeable, and they did it anyway.

Anyone who accepts this as "listening the users", and addressing the issues
will likely get burned again in the future.

Google is a advertising company. Their customers are not their users, and
therefore I think things are unlikely to change.

~~~
paulcole
> Their customers are not their users, and therefore I think things are
> unlikely to change.

Interesting concept. Care to expound? Would be interested in hearing more.

~~~
clear_dg
Nothing surprising: Google's revenues come from advertisers. Advertising is
its main focus. Not developing browsers, or even providing search results.
Those are merely means to an end. And of course, all the users are targets for
ads, NOT customers. A farmer's cows aren't his customers; same logic here.

It's obvious really, and Google never denied it.

------
wnevets
Of all of the things to be upset at google about this just isn't one of them
for me. I'm not quite sure why this is the thing everyone is rallying against
google about.

------
DanielBMarkham
_"...While we think sign-in consistency will help many of our users..."_

There's the nub of the thing, and it's not just Google. Like the old song
goes, everybody wants to rule the world. That is, if you have a popular
service, you buy up other stuff, add on stuff you can do. Pretty soon your
users have multiple accounts all over the place. You gotta go to some kind of
single sign-on, right?

It's not that it's a bad idea, it's that it's the kind of idea that shouldn't
apply to the universe. It's fine when it's your corporate site. Who wants to
log into three dozen corporate systems? But when you get FB tracking you
everywhere, Google integrating what you thought was a browsing app with it's
universe of offerings....it doesn't work.

Yes, users probably wanted it, just like some of them want you to turn the
damned thing off. But the key problem here is that single companies shouldn't
be in the business of controlling all the information flow. Any architectural
decision they make has social/political implications. For this chrome thing,
they're trying to position google as the internet, not a place you go on the
internet. Everybody wants to do that. And they all claim it's to help the
users. But I don't want a company being the same thing as the internet, no
matter what Aunt Sarah wants. It's not good for the rest of us. Add to that
the _way_ this was done, and then the engineering team being clueless?

It's not that they set out to do anything wrong. At some point, anything you
do is wrong. You just have too much freaking power.

Google is at that point.

------
f055
Google business model is the greatest con the Internet has ever seen. I mean,
it's a con when your front says "we do no evil, we are cool", and your back is
squeezing your users for everything they gave you (gmail monitoring, browsing
habits, location history, adsense scam, and now permanent logging). Mind you,
I just uninstalled Chrome. Luckily, I never really used it. I recommend Safari
and Firefox.

------
obmelvin
I find it interesting reading all the comments here. I can understand the
frustration of many HN users, but I also have seen "average" users be confused
about switching google accounts on a shared computer. This change is aimed at
helping the vast majority of their users understand which account is currently
active, and if my experience helping family is any indication it is a good
change.

------
bogomipz
I think the larger issue is the culture that not only thought that these
changes were OK in the first place but also thought the sneaky manner in which
they were rolled out was OK too.

Trust and good will are finite resources Google. There will be no switching
back. The horse has already left the barn.

------
dandare
> When you sign out, either directly from Chrome or from any Google website,
> you’re completely signed out of your Google Account.

Am I reading this correctly? When I sign out from one of the Gmail accounts I
keep open, I will be signed out of Chrome? I hope this is a misunderstanding.

~~~
Arn_Thor
Just tried and that certainly seems to be the case. Signing in, or out, of
either chrome or website accounts will reflect that action in the other space.

~~~
dandare
I have to check how does it work with multiple Google accounts. This is silly.

Anyway, I just spend 30 minutes searching for Firefox Add-ons replacements for
my Chrome Add-ons and I am pleasantly surprised. A new era begins!

------
exodust
> _Keep the feedback coming_

Okay sure... please provide opt-out or disable option for the "Account
Chooser" you currently force on everyone for web login.

I don't want my credentials hanging around on the page after I click 'sign
out'.

The function of remembering login details on web forms is better left up to my
browser, where saved logins are remembered according to my settings and
choice, per site. It's not Google's place to stomp all over the well-
understood concept of "sign out", with this half-baked "sort of signed out"
reinvention.

------
pyman
Goggle’s business model was built around advertisers. And they are hungry for
data.

Privacy is Google’s Achilles heel. They have no other option than to collect
and sell our data.

------
Teknoman117
product updates based on feedback? you mean you're not killing inbox anymore?
oh you're still killing it? oh well...

------
andy_ppp
He doesn't say Google doesn't track you with this stuff does he?

My guess is they know exactly which sites you visited so the fact you can't
see the History sync feature means he's being disingenuous about it not being
turned on.

And even if this isn't being used right now someone will eventually abuse that
unwritten agreement between you and Google.

~~~
joshuamorton
The privacy policy does say that it doesn't track you.

So that agreement is written down.

~~~
andy_ppp
Okay that’s something, I’m sure you can understand I always assume that if the
algorithms can track me at some point that information will be too tempting to
integrate.

------
gregknicholson
> We want to be clear that this change to sign-in does not mean Chrome sync
> gets turned on.

Huh? That's even _more_ confusing. How can you easily tell whether you're
_actually_ signed in to Chrome?

(I use Chrome at work to test. I avoid it wherever possible because Google's
interests do not align with mine.)

------
sunstone
I was part of the stampede to Firefox because of this. I guess we're all
having an effect.

~~~
reitanqild
Welcome out : )

Hope you enjoy it!

------
Spacemolte
So it will be opt-out? I'm sticking with vivaldi for now. I only used chrome
because of the dev tools, and vivaldi being a chromium based browser has that
as well, along with what seems like much less memory usage and snappier
response.

------
bubblethink
Tangential: What is this blog template ? Opening it in chromium and doing pg
up/down in quite succession makes it stutter and use 200% CPU. It's also so
bad with readability. Why does a simple paragraph of text need all this ?

------
shawnz
I have to say, I felt like I was one of the few supporters of this feature.
But these changes make it even better and clearer for users and they might not
have been made if there wasn't so much pushback. So, thanks everyone!

------
codeulike
The 'suggested articles' that they sneaked into the Android Chrome 'new tab'
page a few versions ago really get up my nose. There are some switches
somewhere to turn them off but its hard to do.

------
Fri21Sep
A classic case of two steps forward, one step backward. Google knew this would
be a big change for the tech community and devised a release strategy
accordingly.

------
borplk
Google is going to continue this pattern of behavior. Two steps forward,
backlash is too bad, one step back. Let the dust settle, another two steps
forward...

------
ggregoire
Great news! I didn’t plan to uninstall Chrome (I still prefer it to its
competitors). But I’m sure some people will reconsider uninstalling it now.

------
TimTheTinker
Is there a viable alternative to Google Search for developers? I still get
better results at Google for arcane development-related problems.

------
xuma
After Google Chrome and news about discontinuing Inbox By Google ill definetly
leave google products at all.

------
VirenM
Is my only option for accessing my email/ google drive on a public computer
through incognito now?

------
hjdarnel
Great feedback. I just wish I could migrate my Chrome sync data to another
account (or away from one).

------
rhizome
> _We recently made a change to simplify..._

Next up is "we recently made a change to simplify giving us all of your
movements."

[https://twitter.com/jonathanmayer/status/1044300922149588993](https://twitter.com/jonathanmayer/status/1044300922149588993)

This is causing me to re-evaluate my personal technology stack.

------
Gatsky
For goodness sake, why are there so many articles about google on top of HN
these days!

------
mvkel
You can tell they knew this wasn’t going to be received well based on the
title.

“YOU told us you WANTED this.”

Gross.

------
trophycase
Awesome, appreciate it :)

------
wyck
It doesn't take long for the tide to turn when you compromise core values.
Sugarcoating isn't going to work, I for one see your this trajectory as
particularity troubling, if Google doesn't hold onto the reins of what little
is left.

------
gdsdfe
I guess a lot of people have moved (back?) to Firefox :)

------
gavrishgerman
Too late, I've already switch to Firefox :)

------
ssalka
I hate to say it, but it looks like they addressed all my concerns. Except for
the fact that I briefly enabled sync, thinking it was for cross-device tab
syncing (silly me).

------
hellbanner
Can you stop breaking Gmail, Hangouts and Google Voice UI and apps? There is
literally a 20 second lag on Google Voice on iOS. It's absurd.

------
hajderr
I'll be looking for a company that intrinsically doesn't sell user data. How
can you work around that?

~~~
SquareWheel
You might consider Google then.

~~~
hajderr
Tell me another joke?

~~~
SquareWheel
You wanted a company that doesn't sell your information. It would take five
minutes to read their privacy policy to confirm this for yourself. Much easier
than switching providers.

~~~
hajderr
Ok, let me rephrase that: they monetise on my personal data and online
behaviour. Selling the data would mean losing their unique position. Btw,
interesting article currently top voted at HN about ex-google employee ;)

~~~
SquareWheel
>they monetise on my personal data and online behaviour.

Indeed they do. Personally I prefer this to having to pay a monthly fee, but
others may disagree (and quality paid services do exist for them).

>Selling the data would mean losing their unique position.

That's right too. User data is their biggest asset versus their competitors.

>Btw, interesting article currently top voted at HN about ex-google employee
;)

Haven't caught it yet. If it's regarding their recent China play however, then
that story concerns me too.

------
cmurf
The more time goes on, and Google gets bigger, the more I shake my head that
Persona and Firefox OS died.

------
jiveturkey
> allows users to turn off

spin spin

google has lost it

------
progetpro
did anyone really like spam in Gmail. If not, Why Google didn't have fixed it
yet, I am having that issues from 2014, I only check my email once in one or 2
week(s).

------
jonbronson
Nice. Oddly, the published date is listed as Sept. 26, 2018.

~~~
Jellebean
Yes that is today.

------
sbr464
Thank you.

------
yAnonymous
>We appreciate your feedback

>We deeply appreciate all of the passionate users who have engaged with us on
this

If only we could believe this. The last few Chrome updates have clearly shown
that Google will undermine the users' privacy in the blink of an eye whenever
they see fit.

When there's enough backlash, they will apologize in a cringy way and make
some minor changes to appease to the community.

I had my reservations against Chrome, but changed to it anyway, because
Firefox was in a bad state at the time. Now that is no longer the case and
Vivaldi seems to be quite good, too.

Goodbye, Chrome.

------
IBM
>While we think sign-in consistency will help many of our users, we’re adding
a control that allows users to turn off linking web-based sign-in with
browser-based sign-in—that way users have more control over their experience.
For users that disable this feature, signing into a Google website will not
sign them into Chrome.

The pretext of this feature is supposedly that people who share computers are
accidentally signed into someone else's account and this solves that, but why
should this be done at the browser level?

I have a hard time believing that anyone who uses the family computer doesn't
have their own account _in the OS_ , where their Chrome profiles will be kept
separate. I also have a hard time believing that this isn't just about making
sure every session is authenticated to make cross-device tracking
easier/possible. It's why every Google app on iOS seems to want you to log in.
I think my suspicion is probably correct since they're making it opt-out
rather than opt-in (knowing most won't).

~~~
thrower123
Sadly, its remarkably rare that people have accounts on a home PC. You can
still setup a windows desktop with a password-less account, and many people
do.

~~~
keithnz
do you have any information that backs this up? I'd be quite surprised if this
was the case

~~~
thrower123
Just observing a few dozen machines over the years. Almost nobody sets up
multiple accounts on their machines.

------
Paraesthetic
Trying to put out the trashcan fire that is their product.

------
lrpublic
Too little, too late. The cat is really and truly out of the bag.

As Microsoft did with Windows 10 Google have done with Chrome they have moved
the capture of telemetry and personal data from their network to the users
platform.

In the case of Chrome the community have the choice to fork our platform and
thank google for their contribution, but say no thanks to thier continued
stuardship of it.

Sometimes I wonder if senior execs really understand how precarious open
source based business models are - like politics we can vote and change the
leaders if they stop acting for the common good.

~~~
hendzen
Who is committing to chrome? Who is fixing bugs reported by users?

Google employees. The community is... mostly users. Any fork of Chrome will
likely fail, because there is no magical community of privacy minded
developers that has the time and expertise to develop Chrome, which is a
massive and highly complex piece of software.

If you really feel this way, just switch to Firefox. Mozilla actually has a
team of developers who fix and improve it.

Note that a majority of Mozilla's funding comes from royalties paid by Google
for ads clicked on SERPs inbound from the Google search box. So Google has the
power to control Mozilla if they really needed to.

~~~
lrpublic
Look at Centos - it’s quite possible to follow Google’s releases stripping out
the ‘evil’

