Hacker News new | past | comments | ask | show | jobs | submit login

This feature doesn’t enable sync. That’s something that members of the Chrome team have been patiently trying to explain to Matthew Green on Twitter for several days now.

[0] https://twitter.com/__apf__/status/1043505744144826369?s=21




Did you even read the article? He stated several times that the problem isn’t that sync is or isn’t enabled after the change; it’s the silent push of an update that directly violates user consent, and it widens the mouth of the user funnel-trap by quite a lot.


Also, the fact that they've gone from "The user decides when to log in, and when to sync" to "We decide when to log in but the user decides when to sync" doesn't inspire trust that they won't soon move to "We decide when to log in or sync".


It doesn't for _now_. Which is no small part of his point. The next step is to automatically turn on sync etc, which is an easier step now people will start to be used to the idea they're automatically signed in to stuff in Chrome.

The main thrust though, is that this doesn't actually solve anything for end users that the Google Chrome team says it does. There appears to be absolutely no benefit in turning this on.


The main thrust though, is that this doesn't actually solve anything for end users that the Google Chrome team says it does. There appears to be absolutely no benefit in turning this on.

Over the last year or so, it feels more and more like Google, as a company, is getting desperate. Like it feels the external tide of popular opinion turning against it. But rather than mend its ways, a decision has been made somewhere to slurp up as much information as possible as quickly and quietly as possible, before it all comes tumbling down around it.

I wonder if GDPR was the turning point. Even my boss, who on a computer literacy scale of Linda Lovelace to Ada Lovelace ranks near the bottom of the scale, asked me to explain GDPR to her.


It's not GDPR. If anything, GDPR will help undo some of this as test cases in the EU are litigated.

I think the change happened shortly after Ruth Porat was brought on and the Alphabet reorganization was announced (Larry Page wanted to retire without having that be the headline). There was clearly a change in mandate to start monetizing more aggressively and you started seeing the ad load increase across all their properties. That all happened during a lull in Google's stock price. It started trending upwards after Porat signaled to investors that all the money pits would be cut back.


Is Linda Lovelace famous for having poor computer literacy? I know her for something else.


How does your boss' opinion of GDPR relate to her opinion of Google?


I think it was also more advertisers switching to facebook and new ones giving fb ads a try first and not even considering Google ads (btw the rebranding from Google adworfs is another sign that Google is losing new advertisers to FB and yet another thing pointing to that desperation).

This ultimately affects Google's future growth and it's why you'll see Google do more such "desperate" moves like trying to become a military contractor, building its own iPhone-like phones, tracking users more aggressively, and I imagine android users will soon see os-wide ads, too.


I imagine android users will soon see os-wide ads, too.

Except they won't be OS-wide, they'll be Play Services wide and mandatory if you're an vendor including Play Services.

If you don't want Google's ads, you can go do your own thing on AOSP like Amazon and other largely-flopped attempts.


> The main thrust though, is that this doesn't actually solve anything for end users that the Google Chrome team says it does.

Yes it does, it solves the exact problem described right in the article. Before this change, there would be a seperate log-in process for Chrome versus every other google service (which normally all share your current login status). Now, your login status is shared between every google service including Chrome, as a layperson would expect. Previously people who wanted to be logged into Chrome AND other google services would have to complete the login process twice which could be confusing for novice users.


> there would be a seperate log-in process for Chrome versus every other google service

Chrome is not a Google service. It is a web browser. It should act like one.


Google clearly considers Chrome to be a Google service and not just a web browser.


Is that just your opinion, or do you genuinely believe most Chrome users see it that way?


We could apply the principle of least astonishment to get a feel for correct behaviour without resorting to sterile arguments about what proportion of users understand the difference between a web site and a web browser.

If they looked at a slightly risque URL on their phone, would the average user expect Chrome on their laptop to autocomplete that URL?


The current behavior does not activate syncing by default in spite of the slippery slope arguments being made here. Furthermore i think most users would in fact expect syncing like that to work with minimal configuration in this day and age.


Please be civil with people who have a different perspective. The implication that the opposing position is outmoded is not a logical argument, it's an insulting one. "In this day and age," I'd think we could learn to be less dismissive of people.


Well he was replying to me and I didn't read him as uncivil at all.

His response ("syncing is expected") is completely on-point when talking about the PoLS. I disagree, obviously, and think syncing is scary voodoo magic. I don't see how you can say "users are unsophisticated and don't understand the difference between web sites and web browsers" and also say "users are sophisticated and expected config syncing".

Unfortunately, to get any further we have to test users.


If I’m not mistaken, this also ensures that when you sign out of Gmail, you are signed out of Chrome (no?). That seems like a win for user privacy, insofar as it addresses the likely failure mode of mistakenly leaving the browser signed in after signing out of the website.


Yes, this pauses sync when you sign out of Gmail.


No. Pauses sync but doesn't sign out Chrome. So a person could still see your history/bookmarks/passwords in the logged-in browser. They just can't wipe your cloud data (which I think was the same before this update).


You mean they can see local history? Sure, but that’s true in most browsers. That’s nothing to do with your signed in state, right?


Yes I was thinking about chrome profiles. My mistake. But from what I remember, when you choose to log out, Chrome prompts you if you want to wipe your local data. So logging out locally allows you to protect some data. I think there was a way to log out remotely (tricky/weird way), though again without the local-wipe prompt.

I also just tried signing in to chrome (69.0.3497.100), and it tried to sync immediately again, so I'm not sure where the "sync is optional" idea comes from?


> there would be a seperate log-in process for Chrome versus every other google service (which normally all share your current login status).

Sorry, not much of a Chrome user here. Why would I want to “sign in” to a web browser? I’ve been browsing the web successfully for decades without doing so. I don’t sign in to my text editor either.


I understand the privacy concerns, but I find it very useful as I go between desktop and laptop often. It syncs bookmarks, history, tabs, settings, autofill, extensions, etc.. There have been plugins for this stuff for decades as well, so it is something that people find useful.


"We had to enable the sync by default because it was causing confusion with people that are already signed in and are expecting to have all their info in sync".

It's not hard to imagine that this could be their reasoning around the change in the future.


It shows a big blue banner (or is it a button? I don't dare click it) announcing the current state as "Sync as <username>". If the developers need to explain this repeatedly over twitter to a professional, what impression do you think normal users who don't follow a niche twitter discussion get?


I received a call from a client complaining about no longer being able to switch between their gmail accounts (which you normally do by clicking on your avatar in the top right corner of the gmail app on desktop).

After a bit of back and forth, I asked for a screenshot. They sent me a photo of the screen and it became apparent that they were clicking on this new avatar embedded in the browser chrome rather than the gmail app avatar below it.


> what impression do you think normal users who don't follow a niche twitter discussion get?

I imagine they don’t care one way or the other.


My father is a retired biochemist, inventor, and small-business owner. He does not use Twitter.

If he came across this, I expect that he would definitely notice that something seemed unusual. Once it became clear what was happening, I expect he would switch away from Chrome.


How little you think of people.


I think most people have more important things to do than worry about whether Google knows where they’ve been online.

Edit: To clarify, I care about whether Google knows where I've been online. That's why I don't use Chrome. I just don't think most people care.


If it were only that simple.

Now that Google knows, who else can find out? Someone Google trusts? Someone that pays Google enough money?

Lets sell your browsing data to whoever wants to buy it. What kind of risks would that create for you and your family?


> I just don't think most people care.

Every single person I've explained how much data Google et al's regularly collect has cared a lot. My mother's first comment after hearing what Android and Chrome collect was, "Why aren't the in jail?"

Unfortunately, most of these people continue to use Google's services because they often don't have a choice or are not aware of alternatives. Please, actually talk to people outside your bubble and get their actual opinion (which might require educating them about the specifics of what the tech is doing).


I’m sure people at FaceBook said the same smug things until they crossed a line they never saw coming, and now it’s all congressional hearings and “heartfelt” apologies. It’s true, you can dick a lot of people over for a long time, but you’re just breeding backlash. It will come, in waves, and if your history is defined by a kind of arrogant dismissal of their concerns you’ll be screwed.


Yes, but that's because they are uninformed about the humongous amount of data they're voluntarily handing out and how much can be deducted about their day-to-day lives using that data. If they'd know, like - really properly understand, I suspect that they might not be so eager to hand it over.


Well I went to turn this login thing off and the only way to do it was to click a button under the heading "Sync" that said "Turn Off."

But if these things are unrelated, I guess we'll just have to chalk that up to Google's famously shitty product management and design skills.


Sync and log in are two unrelated settings. They were never related (except that you had to be logged in to be able to sync).

You could always be logged in and not sync. You just had previously chosen to be logged in and synced.

By disabling syncing, you turned off a feature that you previously had to have opted in to.


No, previously if you logged in sync was enabled - TFA and googles own privacy policy explain this quite clearly.


I'm pretty sure you could still turn it off while remaining logged in.


You could uncheck the boxes, but by default they were all checked and everything started syncing the moment you signed in.

I remember because it bothered me to have to wipe my passwords from some random pc I was using just because I wanted my bookmarks.


Nope, clicking "Turn Off" under sync says:

> This will sign you out of your Google accounts.

And sure enough, it signs you out of gmail and the browser. So it's sign in to the browser, or no gmail for you.


Sync and log in are two unrelated settings. They were never related

I know what I saw. I was logged in, then I wasn't after I turned off Sync. They may not be related technically, but in the UI they are part and parcel.


Interesting, that's not what I recall, but apparently that's how it was.

Thanks for correcting me!


He understood it and it's mentioned there in the blog post.


For now. The next step in the dark pattern is to note the "User confusion that arises when chrome is logged in to the account, but the data is not synced", and automatically turn on sync.


And as he describes in the blog, this fact is utterly irrelevant.


I’m wondering where the source of truth for the sync setting is stored. If I enable sync on one chrome browser — then in another chrome browser on another device log into gmail (triggering chrome login) — will browser history sync be enabled on that second device?


Reading that thread, Green knows this and his argument is more subtle then that.


From the response quoted in the article:

So in theory your data should remain local

That doesn't sound very reassuring to me. Especially long term.


> response quoted in the article

tbf, this is followed by

> This is my paraphrase


Wow, I don't know how I missed that. Thank you.

(Side note sort of related from another related article - apparently you can opt-out of the unified login, but the flag that lets you opt-out is broken as of chrome canary 71)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: