
Am I logged in or not? GDPR case study on the example of Chrome browser change - krahmakt
https://blog.lukaszolejnik.com/am-i-logged-in-or-not-gdpr-case-study-on-the-example-of-chrome-browser-change/
======
tedivm
I don't understand why the Chrome team is picking this hill to die on- their
team (managers and developers) are all over twitter and reddit trying to
explain the privacy violations away as if the people upset about this are just
not understanding what's going on.

I really expect this change to push a lot of people away from Chrome, and
frankly I wouldn't be surprised if it started opening up more antitrust
possibilities due to how they're using their browser to give their services
special functionality others can't get.

~~~
Analemma_
> I don’t understand why the Chrome team is picking this hill to die on

Because they’re not “dying on a hill” at all, because nobody cares. Nobody
outside Hacker News and Twitter infosec people only followed by other Twitter
infosec people cares about this.

> I really expect this change to push a lot of people away from chrome

Care to bet on that? Because I would happily take the opposite side of that
bet. I think the feature will stay and after a few months we will see
absolutely no change in Chrome’s usage statistics.

~~~
noja
> because nobody cares

A lot of people do not understand, but we do, we're the techies. It's our job
to understand.

Don't mistake people not understanding for not caring.

Once people understand, they care.

~~~
amdelamar
Yeah, but my parents _understand_ Facebook collects/sells their data. But they
don't _care_ enough to stop using Facebook.

~~~
reificator
They may understand it on a superficial level, but do they understand it on a
practical one?

Everyone "understands" that Facebook collects user data. It's the contextual
understanding that makes techies uneasy.

~~~
throwawaymath
What you're saying is a pretty condescending way to treat other people's
opinions. You're essentially questioning whether or not they _really_
understand (complete with scare quotes) if they don't share your opinion.

It's not the "contextual understanding" \- or any kind of understanding - that
makes _some_ techies uneasy. It's their own opinions and personal
comfortability with regard to data monetization. Many people understand their
data is monetized in myriad ways and fully don't care. Asking if they actually
understand is only going to patronize them.

~~~
reificator
I get where you're coming from, but it applies to me equally in plenty of
other domains.

There are countless things I understand the basics of but am not an expert in.
That's why we specialize, because we can't be experts in everything all the
time.

I don't mean it to be condescending, I mean to express that I can know that
stars are powered by nuclear reactions and yet not have a firm grasp of what
that really entails.

Most people, including myself, have a shallow understanding of a _lot_ of
things, and a deep understanding of very few things relatively speaking.

------
munchbunny
I can see why they thought this was a good change. It makes the UX for G-suite
apps much more pleasant, almost like you get the full functionality of G-suite
productivity stuff as part of installing Chrome. For most people, that's a
good thing.

I think as tech people we systematically tend to under-think the second-order
effects of the systems we build. Case in point, Chrome and G-suite being that
closely integrated brings up serious privacy concerns, and the part where the
Chrome team doesn't seem to appreciate the nuance reflects poorly. I do
cybersecurity now (didn't used to), and a good number of problematic things I
run into just come from engineers like my previous self not thinking through
the security implications of a specific design, mostly because _not_ thinking
about security means shinier UX delivered on less resources.

Just another example I encounter regularly: I use U2F to sign into my Google
accounts. However, when you log in, the checkbox to "trust this computer" is
checked by default, meaning that if you're not paying attention your account
will get automatically downgraded to single factor authentication going
forward. It's a clear nod to convenience, but done this way it makes you shoot
yourself in the foot.

~~~
Semaphor
> your account will get automatically downgraded to single factor
> authentication going forward.

*your device

If someone has access to my desktop PC, they also have access to my yubikey
anyway.

~~~
tumetab1
Yubikey still saves you from a PC malware but I would suggest anyone not to
store your yubikey besides your computer (or laptop bag) but to attach to your
phone/keychain so it's on you all the time since it's safer that way.

~~~
Semaphor
If someone breaks into my apartment, I have more problems than losing my
Yubikey. And my threat scope does not include agencies that would get my
passwords AND be able to break in and steal my key. And if it did, I would
think they could just take it from me.

------
mulmen
Chrome has been the new IE for years. "just use chrome" is an endless refrain
from webdevs who don't want to test on Firefox. Not sure why it is so hard for
people to see what is going on here. Google has a massive conflict of interest
with their web development efforts. This is classic Microsoft-esque Embrace,
Extend, Extinguish.

~~~
manigandham
That's a bad example. In technical progress, Chrome is the complete opposite
of IE (which seems to be replaced by Safari these days) and way better than
the rest in pushing forward new features. Also 99% of the time Firefox and
Edge work just fine.

EDIT: Yes, IE was great in the beginning, but then it stagnated and earned the
wide reputation of being terrible obsolete anchor that it is now known for.
It's with this late-stage IE that I don't see the comparison since Chrome is
still on the cutting edge.

~~~
21
I think you forget that in it's time IE was massively innovative.

It was IE who added XMLHttpRequest and invented AJAX.

~~~
btilly
They did it by ironic accident.

Bill Gates wanted their browser to be the best, but also wanted it not good
enough to replace desktop apps. However the right hand didn't know what the
left hand was doing. The Outlook team was told to make a web version. They got
the IE team to add XMLHttpRequest for their use, everyone implemented what
they needed to, then went home and forgot about it.

Then Google recognized what the feature allowed, and used it in gmail and
maps. The rest of the internet said, "Wait, what, you can DO that?" Studied
it, popularized the technique as AJAX and the rest is history.

~~~
sdegutis
This origin story of XMLHttpRequest being an afterthought explains why the
class name has inconsistent capitalization which interestingly enough I never
noticed until now.

~~~
btilly
You can find verification of it in the various references provided in
[https://stackoverflow.com/questions/12067185/why-is-it-
calle...](https://stackoverflow.com/questions/12067185/why-is-it-called-
xmlhttprequest). In particular
[https://web.archive.org/web/20170424220609/http://www.alexho...](https://web.archive.org/web/20170424220609/http://www.alexhopmann.com/xmlhttp.htm)
is a snapshot of an explanation from the person who actually created the
feature.

------
jonbronson
What I find troubling about this incident is not so much the change itself, or
even how quietly they did it. It's the doubling down when users became
critical. Rather than a "Okay wow, we clearly misunderstood the impact of this
change and regret pushing the change without proper announcement or informed
consent. We'll work to fix this." the messaging feels much more like "You're
wrong to be upset. Trust us."

~~~
remus
I think it's worth remembering that the userbase of chrome is huge and largely
non-technical (i.e. they're not going to be on hn, twitter, reddit etc.
voicing their opinion on the privacy implications of this change). What if for
that big proportion of people the change is a net gain? Should it be reversed
because the change is a net loss for a small subset of people?

------
manigandham
[https://twitter.com/__apf__/status/1044109898013765632](https://twitter.com/__apf__/status/1044109898013765632)

 _> My teammates made this change to prevent surprises in a shared device
scenario. In the past, people would sometimes sign out of the content area and
think that meant they were no longer signed into Chrome, which could cause
problems on a shared device_

I can see why there is pushback against this, but the issue described above is
also understandable. There are valid reasons why "average" users would rather
have this, and having unsynced or completely mismatched logins between Chrome
and Google sites can lead to confusion for many who don't really see or care
about a difference between them.

However it would be best if Chrome kept the settings to disable this. It
doesn't make sense to remove those flags when they also have a large technical
user base. Seems like good intentions but misjudging the impact of the
decision and forcing it on everyone without recourse.

~~~
pritambaral
Except this doesn't actually "prevent surprises in a shared device scenario"
for the web, in general; it does for Google sites and services only. Logging
in to Facebook or Amazon or my personal blog does not show up as a browser
indicator, nor does logging out of the browser also log one out of Facebook or
Amazon or my personal blog.

This makes Chrome less of a _browser_ and more of gateway to Google services
that happens to include a browser. Which will also trick non-technically-savvy
people to accidentaly share their non-Google logins when sharing
computers/"browsers".

~~~
manigandham
Yes, but as I said, most people probably do consider it a single gateway to
all of their Google services, browser included.

The big difference is that your Chrome account _is_ your Google account,
unlike any of the other sites you mention.

~~~
allenz
People are perfectly capable of distinguishing between browsers and websites.
For example, users have no problem logging into Facebook with Chrome.

Auto-signin only adds confusion. Many (most?) users have no reason to
associate their browser with a Google account. This is something that Google
is pushing unilaterally, just like Google+/YouTube integration. As an
advertising company, they stand to benefit from more accurate user tracking.

~~~
manigandham
Capable? Sure. But probably not interested in the difference.

Again, the _Chrome account is your Google account_ so you're not associating
anything, you're just logging in. It's different than any other example where
the website has a different account. Signing in to Chrome and then into Gmail
is not what most users would expect because for them the browser really _is_
just another Google service.

There seems to a big (and sometimes willing) misunderstanding from HN/tech
users about the mainstream population who just want things to work.

------
wglb
I am baffled by _The particular Article 25 of GDPR is rarely seriously and
meaningfully discussed in practice, not least because probably still almost
nobody actually knows what the “data protection by design” even means_.

This seems to be a confusion straight out of a five-stages of grief denial of
GDPR principles.

Let's work this through:

Step 1: Are you collecting personal data?

Step 2: If so, are you obtaining consent _prior_ to collecting this data?

Step 3: Are the instructions to the users transparent and understandable?

Step 4: Is your system designed to handle these?

Or is it hard, and since we haven't had to do it before, I would like to get
out of this requirerment?

~~~
lknik
Hi, original author of the linked post here. Thanks for the input. However,
consent is not related to the concept. In fact it's more about taking into
account the state of the art, the cost of implementation and the nature,
scope, context and purposes of processing as well as the risks of varying
likelihood and severity for rights and freedoms of natural persons posed by
the processing, the controller shall, both at the time of the determination of
the means for processing and at the time of the processing itself, implement
appropriate technical and organisational measures, such as pseudonymisation,
which are designed to implement data-protection principles, such as data
minimisation, in an effective manner and to integrate the necessary safeguards
into the processing in order to meet the requirements of this Regulation and
protect the rights of data subjects.

Additionally, the controller shall implement appropriate technical and
organisational measures for ensuring that, by default, only personal data
which are necessary for each specific purpose of the processing are processed.
That obligation applies to the amount of personal data collected, the extent
of their processing, the period of their storage and their accessibility. In
particular, such measures shall ensure that by default personal data are not
made accessible without the individual's intervention to an indefinite number
of natural persons.

Thanks.

------
lrem
As a Googler with no connection to the Chrome team: I'm pretty sure they made
this change in good faith and are shocked people don't like it. Just imagine
yourself in their shoes: wouldn't your first instinct be to explain yourself?

~~~
danShumway
The Chrome team has been shocked about a lot lately.

I give them the benefit of the doubt on their intentions (although I'm less
sure about upper management). But regardless of their intentions, they need to
get better at thinking ahead.

Situations like this are always a little complicated, so I don't want to
oversimplify or claim that they should have been psychic. But... it really
shouldn't have been hard to tell that people would be upset. I kind of feel
like if nobody on the Chrome team could have predicted this, then the Chrome
team is seriously out of touch with users.

I mean, heck, the change contradicted Chrome's own privacy policy, which had
to be updated after the fact. Is there seriously no process to check stuff
like that before features ship? How is anyone supposed to trust Google's
privacy policy when any team can break it inadvertently and it takes a Twitter
thread weeks later for them to find out?

The Chrome team has a nasty habit of simultaneously saying, "just trust us,
we're experts, we know what we're doing", and "there was no way we could have
predicted that users would be upset by this."

Both of those things can't be true.

~~~
lrem
There is a process where external launches need to be approved by a separate
privacy team. If you're certain you can do a better job, you can find some
listings on [https://careers.google.com/](https://careers.google.com/) (just
search for privacy).

~~~
tedivm
I don't think that using this incident as a recruitment pitch is a good idea.

~~~
lrem
"Somebody should do a better job!" "Why don't you try yourself?" Seems like a
somewhat reasonable train of thought. A lot of good things can come out of
outrage, as long as people are willing to take action (no, I don't claim going
through Google recruitment to be the optimal strategy, but it is an option)(I
actually got my first job as a result of my technical complaints, obviously
not in Google).

~~~
danShumway
> "Somebody should do a better job!" "Why don't you try yourself?"

This argument makes sense when you're talking about a problem that one or two
people control rather than a large system with higher stakeholders who may not
have interests aligned with your own.

But I'll assume you're right for a sec. Let's assume that Google cares a ton
about making sure their privacy policy is consistent, but it's just an
insanely hard job and nobody could do any better.

Why does that matter? In that scenario, I still don't trust your privacy
policy. I don't care whether it's inconsistent because people are incompetent
or because the problem is hard. In either case, the privacy policy is
unreliable. If I can't trust it in Chrome's case, how can I trust it in
Gmail's case, or in Adword's case, or in any other product?

In a way, saying it's a hard problem is even worse. I would have felt better
if you had come back and said, "oh, the Chrome team is just uniquely
incompetent, but everybody else has got their stuff together."

~~~
lrem
My thinking is more in line of: if privacy team was bigger, it would
intuitively have a way easier job keeping tabs on all the developments.
However, that's a job without talent attractors like glamorous launches. When
you're sailing smooth, nobody knows you exist. But when I mention they're
hiring in an incident, I learn this is the wrong time to mention them.

But then again, I'm neither in privacy team, nor Chrome team, know no
specifics of this case and can't really argue any position (note how I'm
neither defending nor condemning the issue of OP). Just pointing out
generalities that I don't see mentioned.

~~~
danShumway
If Google's privacy team is understaffed or doesn't have enough resources to
do its job, we should have a conversation publicly about that. I get where
you're coming from, but Google isn't a company without resources. In this
specific scenario, where there is an actual power dynamic at play, it's not
enough to just say, "well, people should get involved." The people who get
involved are not the people who are making long-term decisions about process.

If Google itself isn't acknowledging the problem, or worse, if Google is
actively thwarting or working against its own privacy team, then anyone who
gets involved will also end up starved for resources or moved to other teams.
Google is not a level playing field for people who want to change the system
from inside.

So it's not wrong at all for you to bring this up during an incident. But if
we take the premise that this incident is the result of one of the largest
companies in the world starving its own privacy team, not paying enough to
attract talent, or not giving them enough input into internal processes...
well, that's honestly something that needs to be discussed company wide.
That's a very serious situation.

And if that's the case, users should be distrusting Google's privacy
commitments until it has that conversation. The first step to fixing a problem
is acknowledging the problem -- you won't get anywhere trying to fix a system
that doesn't want to be fixed.

From the responses that have come out of Google regarding this incident, it
doesn't sound much like it wants to be fixed. Changing that is the first step.
Hiring people is the second.

By all means, let's talk about Google's privacy team. I am all for that. Let's
get productive. But let's get actually productive. Let's have an open, public
talk about management and resource allocation, and why the team is
understaffed. From Google's AI/self-driving divisions, we know what it looks
like when the company gets serious about attracting talent. And we know it has
the resources to do so.

------
twblalock
Are there any lawyers here who can tell us if this is actually a GDPR
violation?

Most of the discussion here is about why people don't like the new Chrome
feature -- but is it actually in violation of the GDPR?

~~~
gnud
As long as they don't really gather any data without an additional consent, I
can't see how it could be. IANAL, of course.

But, if I was responsible for GDPR in Chrome I would be very worried that they
are conflating "signed in" and "syncing" some places in the code, since this
appearently used to be the same concept, per the old privacy policy.

------
sp332
So, it's bad because it _doesn 't_ sync your history by default? Even if the
UI is confusing, the worst case here is thinking that your data is being
synced when it's not. It's like the opposite of a privacy problem.

~~~
rando444
It's bad because it's by default signing you into a service you didn't ask to
be signed into, and don't have an easy option of turning this off.

Sure, it doesn't automatically sync your browsing history _now_ , but we all
know change happens gradually. It's just a "feature" to be enabled later.

I've never once signed into chrome in my life (on purpose). I don't want
anything synced between browsers, I like to try and limit what gets kept in
the cloud, and with this change they've simply just taken the option away from
the user.

Yes, I'm sure that I'm in the minority, but I'm taking this opportunity to
start switching to Firefox, switching my mail provider, and am hoping to send
them a GDPR request to delete all of my data.

It's not necessarily just this issue that made me do it, it's just the tipping
point for me that says.. "ok, this company has gotten too big off people's
data, and i no longer wish to be a part of feeding that machine"

Just my 2 cents.

~~~
sp332
What is (or was) the difference between signing in to Gmail in the browser, vs
signing in to the browser without sync?

(You might feel that this is a tipping point but it's still not a GDPR issue
as far as I can tell.)

~~~
tedivm
For one thing they have completely different privacy policies. By signing into
the chrome they are automatically forcing people to accept the privacy policy
that is far less private than the when people aren't signed in.

~~~
_dmurph
This doesn't seem to be turning on Chrome Sync, so users aren't being forced
into any privacy policy:

[https://twitter.com/__apf__/status/1044109898013765632](https://twitter.com/__apf__/status/1044109898013765632)

~~~
tedivm
Read the actual privacy policy, not the tweet talking about it. Primary
sources are always best.

> The personal information that Chrome stores won't be sent to Google unless
> you choose to store that data in your Google Account by signing in to
> Chrome.

That doesn't say "unless you enable sync", it says it changes "by signing in
to Chrome". Since they're now forcing you to sign into chrome without your
consent they are also forcing you to accept that they can send your data to
their services without needing any additional permissions from you.

~~~
comex
Literally the next sentence after the one you quoted is:

> Signing in enables Chrome’s synchronization feature.

This is no longer true, so it seems most likely that that entire paragraph is
simply out of date.

------
ewjordan
I'm still not clear about what the actual change in behavior even _is_ \-
seeing some statements on Twitter from someone on the dev team, it sounded to
me like there isn't actually any difference, just a UI change to show which
Gmail account is currently logged into.

If that's really all it is, I don't really get what people are upset about.
Specifically, if there's no additional data being stored connected to your
account (which is what one of the devs seemed to be very explicitly claiming)
until you deliberately connect Chrome to your account, this seems like a whole
bunch of drama over a misunderstanding.

If I'm wrong, then that's a separate matter. Personally, I appreciate the
syncing features, but I completely understand why people would be bothered,
and it's definitely something they should roll back.

~~~
Sidnicious
I work at Google, but all statements/opinions are my own.

My understanding is that there were two changes:

1\. General responsibility for authenticating to Google services has been
moved to Chrome, and being logged into Google is equivalent to being logged
into Chrome. If sync _is_ set up, logging back into Google also fixes your
sync session, if it was broken (common — the warning in the toolbar is easy to
ignore).

2\. Sync has been separated from login as a Chrome feature, so that you can
log into Google services without syncing Chrome’s data.

Confusion between being logged into Google (the Chrome new tab page looks a
heck of a lot like the Google home page) and being logged into Chrome _was_ a
real problem. I’m not suggesting that this is the _right_ solution… or the
wrong one; this is weird territory.

It raises a question for both users and browser vendors: _What does it mean to
be logged into a web browser?_

~~~
bigiain
> It raises a question for both users and browser vendors: What does it mean
> to be logged into a web browser?

And who - exactly - ever asked for the ability to "log into a web browser"?
And what benefits are there for the user?

There would be zero confusion about "Am I logged in to Google or logged in to
Chrome?" without the unwanted and unexpected existence of a "logged in to a
web browser" status.

This is privacy disaster over a feature nobody wants. Except for the people
who actively profit from privacy disasters...

~~~
ewjordan
I use several different computers and operating systems regularly, and it's
_really_ useful to have my browser history, bookmarks, extensions and other
configuration synced up.

That's not to say I'd be miserable without it, but it's a nice convenience
that almost immediately upon starting up a new machine, my browser is set up
exactly the way I like just logging in.

~~~
amluto
This illustrates what may be the real problem. Chrome’s sync is a genuinely
useful feature. There is no reason at all it needs to be conflated with being
signed in to websites.

For that matter, sync is a fantastic use of E2E encryption, and it will be
interesting to see if using sync data for any purpose other than syncing it is
a GDPR violation.

------
noja
Well if the EU wanted to make an example, Google just handed it to them.

~~~
thrower123
Hopefully that battle comes sooner than later. Either the EU will fold, or we
would get some real guidance about what honoring this GDPR legislation
actually means. Clearly nobody has any frigging idea what is and is not in
compliance.

~~~
delecti
> Clearly nobody has any frigging idea what is and is not in compliance

The existence of a gray area doesn't mean that everything is gray area.

------
_cs2017_
I understand the general concern, but a bit confused about the details. Could
someone do me a favor and write down a simple example of how this can violate
privacy?

Something like "User logs into Chrome, this automatically logs the user into
???. The user then visits ???. As a result Google learns ??? about the user.
This was impossible before this Chrome change, and this sharing of information
isn't clearly agreed to by the user."

If there are several materially different scenarios that can result in privacy
violation, would be great to know.

------
LiterallyDoge
It's just about respect. If you don't give your users a heads-up when you go
to collect significant information about them, and then when they try to opt
out, you cripple their browser, you do not respect them. I'm done with Google
products.

~~~
ngngngng
I want to be done with Google products. But some of them are just so damn
good. (Typed on my Pixel 2 XL)

~~~
justtopost
Yeah, I hate cancer, but these ciggerettes are delicious!

~~~
romanovcode
Ha! That's a great analogy

------
madrox
It's a shame that this is where identity is going. Google had such a great
opportunity to do this in an open way by making this a more extensible
format...perhaps by dusting off OpenID. Identity is probably the most under-
built part of the web, and anything Google could do to positively move that
forward would've been hailed as a huge improvement.

Instead, because it's closed, it'll set the web identity conversation
backward...hopefully it doesn't set it back too far.

------
TekMol
I think that currently pretty much every service, device and website violates
the GDPR.

The GDPR requires consent or some other legitimate reason to store data about
a person.

I see dark patterns everywhere. I never give consent. But I get tracked to
death everywhere all the time. Even before I touch _anything_ on a website, it
plants dozens of cookies on my machine.

But cookies are not even the problem. Fingerprinting is. When I visit a hifi
store with my smartphone, next day my Desktop PC will show me nothing but hifi
ads. Even though I don't store cookies on any of them.

Additionally, the web turned into an arcade game. The user has to rapid fire
click away 'OK', 'I AGREE', 'I CONSENT', 'I UNDESTAND' buttons. He is not
giving consent. He is just trying to get through this pile of nonsense to
reach the content.

~~~
Xcelerate
> He is not giving consent. He is just trying to get through this pile of
> nonsense to reach the content.

Then don’t access the content? Why should the user get content that someone
has worked to create without having to give anything in return (whether that’s
in the form of payment or information). There would be no monetary incentive
to create content anymore.

~~~
deadmetheny
Guess what - the old Internet created plenty of content for free, without
incentive of monetization, yet people still did it. The Web has suffered
greatly as a result of the bullshit mindset that just because you put
something online, you are entitled to make money for it.

~~~
Xcelerate
Right, that’s why I specifically said “monetary incentive”. There will always
be non-monetary reasons to create content.

Are you proposing that trying to make money using the internet is morally
wrong? Or just that collecting user data is wrong? Or that collecting data
without consent and a clear explanation is wrong? Because if the line is drawn
at the latter, then that’s what GDPR is for, and so I don’t understand why
people would be upset about having to click through a bunch of notices that
try to make it clear how user data is being used.

~~~
icebraining
The problem is that there's no actual consent, just simulacra. The GDPR
doesn't say that you just have to "make it clear how user data is being used",
it says the user must _freely give_ consent, which means they must not only
explicitly do so, as not giving consent must _not_ mean the user loses access
to services or content (see Recital 43).

------
Zarel
> _According to Google Chrome privacy policy “signed-in Chrome mode” works
> differently than the basic (non-signed) mode. Accordingly “your personal
> browsing data is saved on Google 's servers and synced with your account.
> This type of information can include: Browsing history, Bookmarks, Tabs,
> Passwords and Autofill information, Other browser settings, like installed
> extensions”_

> _In line with privacy policy, this could be the case. However, data
> synchronisation appears not to happen by default in practice (as also
> confirmed here). It seems this behavior is not accounted by the privacy
> policy, which means either the policy is obsolete (and needs to be updated,
> which suggests potential issues in the internal privacy program, and
> possibly the priorities), or the mechanic may be subject to change in
> future._

It may have been updated in the last few hours, but right now, the privacy
policy clearly specifies that that section is for the "Signed-in, Synced
Chrome mode", and that "Sync is only enabled if you choose". Just signing in
does not automatically enable sync.

------
bhauer
Imagine if Google open-sourced their sync server as Mozilla has [1]. If you
could simply specify your own sync server, I suspect a lot of the louder
privacy complaints related to sync would disappear.

(Obviously Google would never do this.)

[1] [https://github.com/mozilla-
services/syncserver/](https://github.com/mozilla-services/syncserver/)

------
thecodingmonk
I see many people here complaining about this feature, and while I completely
agree with them I also find it difficult to imagine an effective way to
clearly explain these concerns to a random average user with limited to no
knowledge of computers. How would you go in explaining this stuff if you
wanted to convince somebody to switch to another browser?

~~~
gnud
I would say that I hate this change. I have a university education in computer
science, have worked with computers for many years, but don't understand what
my browser is doing any more. The UI is unclear, the privacy policy says one
thing, and the project manager says something else on Twitter.

It really frustrates me when applications try to guess what I want, and do
things without asking. Computers are fun and interesting because they do what
you tell them to do! When they do what someone think 90% of people want
without asking you, they are oppressive and depressing.

Lastly, it feels like Google wants to trick me into giving them my browsing
history by mistake.

So, all in all, I'll uninstall chrome from my personal computer.

------
sheeshkebab
Google search is great. The rest of stuff and all the tracking and
personalisation crap is just ridiculous.

stuff like this are the primary reasons I:

1) use Chrome only for work - hey, it's new IE

2) don't use Android

and recommend against using these to all my friends and family, carefully
explaining everytime that if they care about their data they should stay away
from these services.

------
mqus
IANAL, but I think the gdpr/antitrust case lies in the other direction,E.g not
in [login on google/youtube]->[logged in in chrome] but in [logged in in
chrome] ->[Can't use youtube/google anonymously].

If we take all of googles privacy controls and privacy policies for the truth,
they now have an additional way to track me and I can't disable this without
completely missing out on any other google service. This propably also
circumvents any installed cookie blockers (but only for google) which could be
interpreted as not honoring the denial of tracking.

------
torstenvl
My workaround for now, which I hope continues to work past Chrome 69, is to
use Incognito-Filter to force all google.com accesses to open in Incognito
Mode.

[https://chrome.google.com/webstore/detail/incognito-
filter/c...](https://chrome.google.com/webstore/detail/incognito-
filter/cifilbmpnkjinlkchohdfcpdkmpngiik?hl=en)

This way I can log into Gmail and it won't log me into Chrome.

Obviously not ideal, and it doesn't excuse the deceptive and user-hostile
malware Google just foisted on us, but it's a workaround.

------
faragon
Please, Google, fix those mistakes soon, and avoid a PR fiasco.

~~~
kowdermeister
Nobody really cares outside this tech bubble. There won't be a PR fiasco,
because it's hard to explain why it's bad for a non techie end user.

"Google simplifies the login experience in Chrome", is essentially what's
happening here and it's far from obvious how to sell it as a doomsday scenario
as I read the mood correctly of many HN users.

~~~
bepotts
Maybe I'm just crazy, but if I didn't like Google Chrome (or if I was a
privacy hawk), I wouldn't use Google products. Why do so many people complain
about "privacy" and still use Google products?

The people who think they can speak for their parents or the less technically
inclined are being too presumptuous in my opinion. YOU may have a problem with
these methods, but not everyone does. Heck, there's people as technical as you
that still don't have a problem with it.

~~~
Daegalus
Super technical person who doesn't care, reporting in.

But I also wish we lived in a utopian society where all information, people,
companies, govt. was public and there was no weird illusion of privacy that
everyone is clamoring for.

I long accepted privacy on the internet doesn't exist, and mostly privacy off
the internet is minimal, especially with all the technology around. If you
want privacy, you need to live like the Amish.

So, I just accepted it, and now don't care about privacy breaches, giving all
my data to google. I willingly give more data to google so they can make my
life easier.

I get hopefully 100 years on this planet, I am not going to worry about
privacy when I got better things to use my limited time and energy on.

------
justhw
I switched to Chrome in 2008. Today, I switched back to Firefox full time.
Took about 30 mins to migrate everything and install extensions.

------
AngeloAnolin
Taking things into perspective, what benefit does I, as an individual user
will get when Chrome automatically logs me in the browser when I sign into my
Google account?

Unless there's a compelling benefit for me as a consumer, then I think Google
wasted a lot of engineering hours and talent building something that majority
of people would want no part of.

------
fladrif
This is the second time I've seen the reference to Chrome being the most
secure browser. What's that based on?

~~~
landr0id
Exploit prices and complexity usually accurately reflect the security of a
product when compared to their competitors. Take a look at how much Zerodium
pays for full-chain exploits here:
[https://zerodium.com/program.html](https://zerodium.com/program.html)

    
    
      $250,000 - Chrome RCE + SBX (Windows) including a sandbox escape (previously: $150,000)
    

Whereas it's up to $100k for Edge RCE+SBX, $80k for Firefox RCE+SBX

You obviously need to factor in other things such as how popular the product
is compared to competitors, etc., but such a drastic price difference such as
this is quite telling.

~~~
faltad
You have a valid point but you are using misleading data: Don't compare a RCE
+ SBX vs a RCE w/o SBX. Firefox RCE + SBX is 80k, edge is 100k, safari is also
80k.

Another thing to take in consideration is the number of people that the
exploit could be used against. For example, following this:
[http://gs.statcounter.com/browser-market-
share/desktop/world...](http://gs.statcounter.com/browser-market-
share/desktop/worldwide), Chrome would have almost 68% of the browsing share
whereas Firefox is only close to 10% and all the others even less. It'd be
surprising this isn't taken account by Zerodium in their price calculations!

~~~
landr0id
You're correct -- I was referring to the table that was easiest to quickly
reference which is the _changelog_ , not _ALL_ current prices. The periodic
table is more accurate. I'll update my post.

------
avodonosov
If I'm logged into gmail I'm logged into Chrome? Horror. I don't know what is
a worse mistake: this or the idea to violate standards and ignore
autocomplete=off, or deprecating sync XMLHttpRequest because "it's bad for UI
and you don't need it".

------
gcb0
when my employer at the time asked for a research on ad blockers, I concluded
we could 1 offer better content with a community focus, or 2 provide the
browser with the best ad blocker, that could still show some of our ads.

we did the cost analysis of the later and decided it was too expensive at the
time. a few months later google dropped firefox support and invested heavily
on chrome.

I guess someone there did the same analysis. because everything to this point
is right on the plan. they block auto play video ads, just not theirs. they
block flash ads, just not theirs. they will implement tracking protection like
firefox rolled out last month, but before they will keep you logged on their
ad systems forever.

------
XCabbage
This is an absurd and unfair hit-job.

Let me just spell out, for emphasis, what the article actually says:

* Logging in to a Google service via its website will now automatically show you as logged in to Chrome in the top-right corner. This will provide you with the OPTION to explicitly opt-in to syncing your browser data with the Google cloud by clicking a big blue button that clearly says "Sync as <firstname>" and then clicking through one of the two clearly-labelled options to confirm that you do indeed want to turn on sync in the following dialogue (which does in fact have a prominent "Undo" button in case you clicked by mistake).

* The entire extent of the alleged practical user privacy issue is that a user might accidentally click the first button, and THEN mistakenly click on the small "Want to manage sync and personalisation before they're turned on? Visit Settings." link instead of the larger, more prominent "Undo" button. This, the blog alleges, will turn on syncing without a chance for the user to undo. (Although, at least as of 69.0.3497.100, this is just plain false - there's an "Undo" button even on the settings page. It may have previously been true; I have not checked.)

* The entire extent of the alleged GDPR violation is that the privacy policy erroneously says that when you sign into Chrome with your Google Account, data is synced with Google's servers, when in reality it isn't unless you explicitly consent. (This was true at the time that the post was written, but the privacy policy was tweaked to correct the factual error - compare [https://web.archive.org/web/20180924020748/https://www.googl...](https://web.archive.org/web/20180924020748/https://www.google.com/chrome/privacy/) vs [https://web.archive.org/web/20180924123556/https://www.googl...](https://web.archive.org/web/20180924123556/https://www.google.com/chrome/privacy/.)) For what it's worth, I see no reason why briefly and accidentally claiming to process some data in a consent-ignoring way when you don't actually do so would be a GDPR violation, and the article does not elaborate on this particular legal theory.

Other commenters here have already explained that this change offers
security/privacy benefits to some users by protecting them from a failure mode
in which they wish to sign out of Chrome on a shared computer (in order to not
sync their browsing history to a friend's or family member's account), but
instead they only sign out of, say, Gmail, and thereafter end up inadvertently
syncing their browsing history and passwords to their _friend 's_ Google
account instead of their own. Connecting the browser login and Google web
service login eliminates that privacy-violating failure mode. That seems like
a real gain to user privacy and security to me, and it seems plainly absurd to
argue that it's actually a loss on the basis of a hypothetical in which the
user accidentally clicks through clearly-labelled buttons in two different
dialogues and therefore accidentally enables syncing. That seems doubly true
given that even in that hypothetical scenario, syncing can, per the article's
own admission, then be immediately disabled (and all synced data deleted).

I'm not an uncritical fan of Google, but criticising them for this is
bullshit.

------
austinjp
I'd be interested in hearing from vendors who are tied to Chrome. Authy
springs to mind, only because their product is literally the only reason I
still have Chrome installed anywhere.

------
gowld
A possible workaround? Create a dummy account for Chrome login, and log in to
your real account on Google websites?

That may still enable undesired cross-website tracking for Google Analytics or
whatever?

------
Fej
I'm waiting with bated breath for the first _massive_ GDPR case. Doesn't
matter who, really. Just so long as the powers that be have fires lit under
their asses.

------
rhlala
Anyway, is it relevant to not be logged in? You make it a bit harder for them,
but it is easy to know who you are evn if you dont log in,

\- screen resolution,

\- browser add-ons installed,

\- ip localization

\- etc

It is called digital print i belive.

------
modzu
does chrome let you choose what to sync? opera does (which is also forked from
chromium), and you can encrypt the data with your own pw

~~~
kevingrahl
Just in case you weren’t aware; Opera is owned by a Chinese consortium. I
personally wouldn’t touch Opera with a ten foot pole.

~~~
modzu
your shirt was probably made by a chinese consortium too. why not touch opera
because of that? americans.

~~~
kevingrahl
Sorry to disappoint but I’m not American nor do I own any clothing from China
(or any other countries that may rely on sweat shops for production).

From a security and privacy standpoint though there are possible implications
when a tech-product/service is owned/controlled by a Chinese company. China’s
influence on it’s businesses (especially tech related) can’t be denied. It
wouldn’t surprise me one bit if news would break that the Chinese government
has it’s hands in Opera’s cooking pot somehow.

Sorry if I have offended you but that’s just reality. I don’t trust Chinese
tech companies.

~~~
modzu
i didnt mean to offend you either, it just seemed like more of a xenophobic
than technical argument.

apple is lauded for the security and privacy of the iphone but it is
manufactured in china. could china have their hands in that "cooking pot"?

if there were some kind of subterfuge occurring with opera at the hands of the
chinese government, it would be newsworthy indeed.

~~~
kevingrahl
I don’t even know why I’m still arguing with you but there’s a huge difference
between something being assembled in China for a US company and a browser
company with its jurisdiction in China. One can be compelled to aid the
government the other not so much. You’re comparing two entirely different
things here. It’s far easier to manipulate some lines of code than to modify
the hardware of thousands of devices.

And I do take offense at being called xenophobic and won’t further participate
in this ‘discussion’.

~~~
modzu
i was not calling "you" xenophobic, i was saying the sentiment of distrust for
anything chinese seemed xenophobic to me, barring an explanation (which you
provided, thanks. the exchange of ideas is good!). but i will call you a
special snowflake

------
DennisP
I'm currently logged into Gmail. When I click the little upper-right icon in
Chrome I see a button saying "Sign in to Chrome", implying I'm not currently
signed in. "About Google Chrome" tells me I'm on version 69.0.3497.100 (on
OSX). So I don't appear to be experiencing this issue. What am I missing?

~~~
_dmurph
You're missing nothing - this is the intended behavior. People are falsely
reporting that you are automatically signed in to chrome sync, which isn't
true.

------
thx4allthestuff
Did Google Chrome just fire us as users?

------
jimmaswell
"apt-get install apache2" violates GDPR (logs IPs). It's not a difficult line
to cross at all.

~~~
hyperman1
Lets try the law on this one:

Is the IP personal data for the GDPR? If I read the GDPR, the Debian
foundation is not capable to pinpoint 1 person so it seems to me it is not (An
ISP or someone receiving an IP to person mapping from them is something
different):

    
    
      ‘personal data’ means any information relating to an
      identified or identifiable natural person (‘data subject’); 
      an identifiable natural person is one who can be
      identified, directly or indirectly, in particular by   
      reference to an identifier such as a name, an
      identification number, location data, an online identifier 
      or to one or more factors specific to the physical, 
      physiological, genetic, mental, economic, cultural or
      social identity of that natural person;
    

Furthermore, the Debian foundation has a legitimate interest in monitoring
their machines and protecting them against attacks. Logs containing IPs are a
common practice, so there is a legal base for processing IPs even if they
would be personal data:

    
    
      processing is necessary for the purposes of the legitimate
      interests pursued by the controller or by a third party, 
      except where such interests are overridden by the 
      interests or fundamental rights and freedoms of the data 
      subject which require protection of personal data, in 
      particular where the data subject is a child.
    

All of this assuming they use the IP for apache logs only, and don't send
these logs to third parties for data mining or whatever.

~~~
yorwba
Debian also has a privacy policy where they explain what kind of data they log
and how long it is retained
[https://www.debian.org/legal/privacy](https://www.debian.org/legal/privacy)

However, I can't recall ever having seen this privacy policy before now. IANAL
and don't know what kind of notice needs to be given for necessary data usage,
if any, but maybe apt-get should display the privacy policy on first use.

~~~
jimmaswell
I meant you're violating GDPR by letting that apache2 server run with its
default config, not that the apt maintainers are violating it.

~~~
hyperman1
And I meant you're not violating GDPR by letting apache2 run with default
config, as the GDPR allows you to capture these IP adresses for 2 different
reasons.

------
jwilk
[http://info.iapp.org/dz0uBmdUa20MA00Z5o100E0](http://info.iapp.org/dz0uBmdUa20MA00Z5o100E0)
redirects to:

[https://blog.lukaszolejnik.com/am-i-logged-in-or-not-gdpr-
ca...](https://blog.lukaszolejnik.com/am-i-logged-in-or-not-gdpr-case-study-
on-the-example-of-chrome-browser-change/)

Please update the submission URL.

~~~
dang
Ok, done. Thanks.

------
stesch
Real URL in case you don't allow JavaScript for the redirect:
[https://blog.lukaszolejnik.com/am-i-logged-in-or-not-gdpr-
ca...](https://blog.lukaszolejnik.com/am-i-logged-in-or-not-gdpr-case-study-
on-the-example-of-chrome-browser-change)

------
mankash666
I'm assuming here that the changes are GDPR compliant (given the large army of
lawyers working for Google).

If they are, all this brouhaha is from the technophile echo chamber of
opinions. The average joe gives a rat's ass for this, as evident from all the
non-noise coming out of the regular world. Techonopiles have made an art of
outrage - typing on their $3000 laptop or $1300 iPhones built by slave-grinded
employees toiling 16 hour days in China - NO HN COMMENTING ALLOWED AT WORK FOR
THEM, BTW

Please go use FF & pretend to have privacy online or be better humans. Mozilla
- the world leader in disappearing money [1]. Does it really take $225M to
build & maintain the quantum browser? And why $135M for 'marketing'?

Mozilla 2016 revenues: $520M

Mozila 2016 R&D: $225M

Mozilla marketing: $135M

Remaining $160M - ???

[1]
[https://assets.mozilla.net/annualreport/2016/2016_Mozilla_Au...](https://assets.mozilla.net/annualreport/2016/2016_Mozilla_Audited_Financial_Statement.pdf)

------
IBM
Paging Max Schrems.

------
delbel
Google is going back to China but this time they are requiring user's to sign
in to their browser to be identified to search -- to tie their phone number to
their account

Yet, the same exact thing just happened world wide in Chrome 69.

------
yobuko
I see a lot of comments on HN and other sites which could be summarized as
whatabout-ism or defending the changes on the premise that "I know
someone|people that will welcome this change."

The problem is that I can't help shaking the feeling that those comments are
either written by people who do not consider privacy to be a right, or fail to
understand GDPR, or are Google paid shills / fanatics.

Ultimately the changes represent dark patterns and I fear the worst is yet to
come for the darling browser of the web. Someone somewhere at Google made the
decision to turn Google Chrome in to AOL v2.

I take solace in the fact that AOL's walled garden approach ultimately failed.

------
_dmurph
This doesn't enable sync.

See thread:
[https://twitter.com/__apf__/status/1044109217903198210](https://twitter.com/__apf__/status/1044109217903198210)

