Hacker News new | past | comments | ask | show | jobs | submit login

"Google calls the feature "Identity consistency between browser and cookie jar" and a Chrome representative on the official Google Chrome Help Forum confirmed that this is the intended behavior.

>This is an intended behaviour if you are using the same Google Account for your Gmail and Chrome. If yes, you'll be signed out of Chrome when you signed out of Gmail account.


Good news is that it is possible currently to disable the feature. Doing to breaks the link between the Google Account in Chrome that is used to sync data and Google accounts on Internet sites.

Note: Google may remove experimental flags like the one described below at any time. As long as it turns up when you run the steps below it is supported.

Here is what you need to do:

1. Load chrome://flags/#account-consistency in the browser's address bar. Google Chrome should display the flag Identity consistency between browser and cookie jar at the top.

2. Set the flag to disabled with a click on the menu and selecting disabled from the context menu.

3. Restart the Chrome browser.

Chrome breaks the link between the Google account in Chrome used to sync data and Google accounts that you sign in using the browser on Google sites."


Alternatively just get Firefox, use https://ffprofile.com/ once, and stop dealing with Chrome.

Ta-da, no more spyware.

Yes, this move is a deal breaker. Defaults matter, so I'm switching to Firefox.

I just did the same. After having used chrome since pretty much version 1.

Thanks for the site tip, I will use that site from now on.

Calling that behavior "spyware" is a bit of a stretch.

Why? Because it’s google? I get no advantage out of the feature, and it primarily serves to gather data on me. To me, that’s spyware.

Personally, I'm going to sign into both anyway. One less thing to sign into saves me time. That makes me happy. I dunno if I'm in the minority or not. But, it's a feature that at least some people find useful, so, I think branding it spyware is unjustified. It's not like it's a keylogger sending my data to who knows where which no reasonable person could ever find useful.

People similarly dismissed concerns about information Facebook was sharing with third party apps that seemed to just provide quick entertainment like "the which celebrity are you most like quiz!" Years later, it turned out to be part of a massive data-mining operation meant to get information about voters.

You could point out reasons why this isn't the same thing, but you'd be missing the point. I, as an individual, can't fully assess the privacy impact of every single piece of technology I use, and what seems to be a benign feature backed by a corporation I trust could be anything but.

That being the case, we need to adopt certain heuristics to help defend our privacy. Granting as few permissions as possible for applications we use, and avoiding using a single identity across all of our devices is a good way to mitigate that risk.

Are you an individual that is willing to reduce your privacy a bit for added convenience? That's perfectly fine. But the ethical thing for Google to do would be to make this an opt-in feature, rather than an opt-out. The fact that they made this browser/Google Account sync the default was no accident. They want to gather more data on their users, and know if their users were stopped and prompted to think about whether or not they actually wanted this convenience, they would have less participating users. So they've made the unethical choice, and made this an opt-out feature.

I use Gmail at work. I don’t want it to auto log me in.

That's fair. Saying it's a feature you don't like is reasonable. IMO, calling it spyware is too much.

I'm curious what the privacy implications are with having a work managed gmail account. While I know that in many cases the 'employer managed gmail' can be read by the employer, it isn't clear whether this also applies to bookmarks and other stuff. Recently chrome has started associating bookmarks with gmail/google accounts (if you are logged into that account) which I have never heard of a browser doing before. Pretty lame if you ask me, and it is spyware.

Besides possible privacy issues one major problem with google accounts is that google doesn't work with "accounts". It works with "people" or "corporations". So if they think that corporate account X and private account Z are actually same person (decided by some obscure algo) they will link them in their DB and in case of any infraction, real or not, they will hellban both of them. And as we know there is no such thing as human support or appeal process with google. Don't use your private accounts anywhere where they might be linked, not even for password restore field. There are already enough horror stories about people losing gmails, youtube channels and so on, forever.

Every browser that offers "sync" (which includes Forefox) must associate your browser data with your account.

Your anecdote is a sample size of one that shouldn't be extrapolated from.

Personally having my entire browsing history linked to my name and sent off to a company for analysis and profit is a concern, and this is a deal breaker for me. As such I will no longer be using Chrome as my default browser.

Your anecdote is a sample size of one that shouldn't be extrapolated from. Right back at you.

Personally I think auto login should be opt in and never a default or requirement.

Specially when it's Google. They are super creepy and facilitators of a future where users have zero privacy but don't have the intelligence to care about it.

So, Google is making people stupider? Thank goodness we have you here to warn us with insightful analysis such as Google is "super creepy"!

I also warn kids about not following men giving them candy.

To me it's obvious, to others it's not. Just look at Google usage. They are absolutely creepy.

Google does some things that I think are very cool. Google does some things I don't think are so cool. None of the things that Google does, however, can in any way be compared to the things that a child rapist does. Making that comparison is wrong.

1. Less than 1% of the users are going to both hear about and understand those instructions.

2. Google can say >99% of users "prefer" the new setting.

3. Tighten the lock-in.

How does this tighten the lock in?

You assume that the feature will result in some net benefit for Google (at some potential expanse to users/public) but there's no such guarantee.

Historically, the great Google products are made from scratch (or bought early) and stand by themselves. Their not-so-good products or features are the result of some elaborate corporate thinking that comes out under phrases like "Identity consistency between browser and cookie jar".

So, while they (may) think it tightens the lock-in, it (may) actually end up doing the opposite and be a disservice to everyone.

Why is it harmful to log in once to both apps that use the same account in the same browser?

Gmail and Calendar already share the same login. Is that hurting anyone?

Multiple users may use the same browser/devices but different Gmail accounts.

Even ignoring the (many) privacy implications, this causes problems for syncing across devices. Lets say I share a computer with my partner, but we have separate phones. Should I need to check which Gmail account is logged in before bookmarking something? Why can't we share a Chrome profile across those 3 devices while still maintaining separate Gmail accounts?

> Multiple users may use the same browser/devices but different Gmail accounts.

Why would they use the same browser logon. Sure they might use the same be, sure, they might even not use a different user account on the computer, but your are suggesting that they would use the same Google account to log into the browser yet different Google Accounts to log into Google.

That seems improbable, and likely to have unintended privacy implication that account consistency would mitigate rather than exacerbate.

My parents share computer accounts; heck, they even share bank accounts. It is not implausible to me that you'd want to have separate emails, but also want all of your bookmarks to sync across multiple devices regardless of who they belong to.

The privacy implications here are in regards to stuff like Google stripping search terms off of urls from competing services. Caring about that doesn't mean you will necessarily care about hiding search history from your partner. Even with syncing passwords -- both of my parents know how to log into each other's Gmail accounts. Anecdotally, that is relatively common for older generations; sometimes they'll even ask each other to check their email if a computer isn't nearby.

If you have sync turned on in that scenario, you are going to end up with bookmarks and passwords that randomly disappear depending on who was logged into what when they were added.

And sure, you can get around that by just not using sync. The privacy implications are still worse in that situation, because you no longer have a choice not to log into Chrome. But even if you don't care about that, it still seems like a strict downgrade in functionality. You lose the ability to sync bookmarks between computers and you lose the ability to easily share logins.

The response to, "hey, you made this feature less useful!" probably shouldn't be, "well, but you won't notice if you just stop using it." It's hard to make that sound like an upgrade.

The most likely approach there is not to "log into the browser" at all. I don't, I have separate profiles on every system.

If you share a computer with someone else, each of you should have your own user accounts. Then each user account will have its own profile data, including which accounts are logged in.

Not sure why you're being so harshly downvoted, Chromium and derivatives have pretty solid profile switching. Doing this would actually be less work than signing out/in to other accounts.

It doesn't solve the problem I brought up - I was asking how to avoid switching profiles if I was sharing one between multiple people. GP's suggestion was to switch profiles.

Suppose I and my partner want to be able to bookmark something and have it show up on both of our phones. Is there a way to do that without sharing a Gmail account? That seems like a pretty common use case to me that was pretty easy to do before Chrome tied them together.

On Firefox, that use case would be trivial. You just sign all your browsers into one account and then use the web normally like you've always done.

> GP's suggestion was to switch profiles.

No, my suggestion was to create separate user accounts on the shared computer for each person--i.e., each person logs in to the computer with their own user account. That would make all of the website logins separate for each user, without anyone having to switch profiles in their browser.

However, I apparently misunderstood your problem; you don't want everything separate, you just want gmail separate while still sharing Chrome profiles. You're right that my suggestion won't solve that problem.

> Is that hurting anyone?

It's actually hurting me: I'd like to be able to sign into YouTube on an untrusted device without signing into Gmail at the same time.

why sign into an untrusted device in any way without two factor authentication and incognito mode enabled?

Because a lot of us have a work Gmail account and a personal Gmail account.

Sure, and this would just result in two separate profiles in Chrome.

I don't want to be switching between profiles. I want to be able to see my personal Gmail and my work Gmail, and only sync up my work profile. Or alternatively, I don't want to sync.

It appears this only breaks part of the connection. I removed all Chrome data, created a new profile, activated that flag, signed into YouTube.

While I'm not signed into the browser, it has lifted my Google Account profile image into the browser, so it's still doing some sort of "consistency". It's clear the browser still knows my Google Account.

Image: https://imgur.com/hrEwPqX.png (Note, I confirmed that the about:flag "Identity consistency..." is set to Disabled before/after this screenshot again.)

I continue to be thrilled that I moved back to Firefox around Quantum.

After following these steps, the browser says it's no longer logged in, BUT I still see my Google Account image on the top right of the browser. It's still doing some sort of syncing between my Google Account and my browser. This is too much of a breach of trust, I'm done with Chrome

Just tried this and it doesn't work.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact