I really expect this change to push a lot of people away from Chrome, and frankly I wouldn't be surprised if it started opening up more antitrust possibilities due to how they're using their browser to give their services special functionality others can't get.
I know the following is not welcome on HN, but I have to vent somewhere folks that think this was a good idea are reading, so here it is: A big fuck you to Chrome for forcing this feature on us!
I can ignore identity switchers provided by a site (google in this case) and just keep two gmail tabs, one for personal and one for work, open right next to one another. Firefox keeps each one sandboxed with its own session info like cookies etc.
My main browsing has always been done on Firefox which has sync much like Chrome does, but oh look it's encrypted, forgot my password? Too bad, they're going to nuke my data since they don't even know my password. As it should be. My browsing data being synched is cool but it's not that precious to me, and if it was I would just not forget my password.
Also if I need to use Google services I have a Google container, if I need to use Firefox, I have a Firefox container. Good luck containing Google or Firefox on Chrome that way, and the multiple account containers are amazing for testing multiple user roles on web development projects all on one browser with multiple taps opened.
In my case, I don‘t switch to Firefox because they don’t support AppleScript and it’s a feature I use every day.
Less than an hour ago, on another HN thread, I saw another macOS user claiming they won’t switch to Firefox because it doesn’t support Keychain.
Every time there’s this conversation, I see a bunch of macOS users complaining about performance.
In sum, a bunch of users (particularly macOS users) don’t switch to Firefox because it plain sucks for their needs.
Chrome also doesn’t respect window order in the menu, so it’s just a pain to track when switching.
My solution to that was to switch to Safari for personal use.
I'm half thankful for the Chrome team doing this because it was just the push I needed to finally rid myself of Chrome once and for all.
I plan to do a clean re-install of the OS on my Mac as well to ensure that all vestiges of Google Chrome are indeed gone. I also took the opportunity to rid myself of Google Drive File Stream.
I've always used FF and Chrome, flipping back and forth as Chrome filled in where FF had issues and vice versa, but after a week or 2 on Quantum I just didn't need Chrome anymore and uninstalled it. Haven't regretted it once.
Hopefully that'll be fixed soon...
(also, I'm 90% FF now too)
Currently the global history is shared between all containers.
You could look at it as silly, but in those 6 months it saved around 700 work hours after it had paid for its dev time.
Each container can load any page. If you want to toggle the current domain to load in the current container, you can opt for that. Then, it will prompt you to switch to that container when you browse to that domain, and at that point you can opt to make it automatic. If you don't make it completely automatic, you can just choose to use the default container for that domain, or stick with the current container (or source container, if opening a new tab from some other container).
What would make this better would be to be able to flag a domain as openable in multiple containers, but have one be default, so I wouldn't have to decline switching to my personal Google container every time I clicked a link on an email in one of the G Suite accounts, as they redirect to a google landing page).
> I don't understand why the Chrome team is picking this hill to die on- their team (managers and developers) are all over twitter and reddit trying to explain the privacy violations away as if the people upset about this are just not understanding what's going on.
My impression is that this is the new norm at Google. It happens with everything, internal or external. The sad reality is that most decisions will deeply upset at least some people, and those people likely don't have the context into the decisions but still complain loudly.
From my perspective what happens is that it doesn't matter whether a decision was a good or bad one, there will be people who complain (ESPECIALLY internally as Googlers can be very entitled) and so at some point you're just completely immune to this.
This is not helped by the fact that people externally often think Google is on some evil plan and speculate in wild ways which are completely wrong.
To give you an idea of how these things usually happen.. it goes something like this..
Someone finds a UX problem, and makes a plan to fix it. In this case I guess it's confusion among signed on accounts. Someone on the team probably raises some concerns, likely similar if not the exact ones being raised now, and they debate it but eventually they say well, the proportion of people who seem to care about this is only 0.1% of users (Because we are objective!).
Sadly, even though it's "only" 0.1% of users, those users are extremely negatively impacted in a way that's not really reflected by the small percentage, and 0.1% of a billion is still a considerable amount.
On the other hand, there are many other decisions which were released just fine and we would not be able to do anything if we were always afraid of negatively impacting some small proportion of users. To me this is a weakness of the attempt to have everything be objective and "measurable".
Let me state that I don't think this is good or even acceptable, but I'm definitely not smart enough to know how to solve this on a wider scale than my immediate team. However I hope this at least provides some insight into why these kinds of thing happen.
The real bad guys don't ever think they are evil. (consider Al Capone, hero of the people)
> The real bad guys don't ever think they are evil.
At least seen from the inside, it's often funny (and sad) to see all kinds of crazy speculation about the greater evil goal of nefarious decisions made, all the while whatever is happening is usually a mixture of software bugs and incompetence on our side.
It's like a clown show, where the evil mastermind turns out to just be me incorrectly checking for a null value in some if condition, or my PM having no idea how to rationalize two features together.
I guess that comes with large corporation status, and a certain failure to communicate. Not sure if it's avoidable at all. It does teach you something about perception vs intent, I guess.
Sure, there's less impact when statements are less hyperbolic, but there's also less bikeshedding about the problem, so maybe something actually happens in the end.
And no you don’t need to be North Korea to be evil. That is a meaningless comparison. Coincidentally Google has started working with regimes similar to NK; The PRC. Is that not evil?
No, it's not, because evil is a negative ideal, but I don't think it actually exists in reality.
Even Hitler wasn't evil, he was insane, and the whole situation is a case study of what happens when people, regular people, are given an easy explanation for all their problems. Placing something in the category of "evil" is placing it apart from behavior that you expect normal people to be capable of, since I think most people thing the majority aren't evil. All that does is help us feel better at the expense of helping us be better.
Evil is for fairy tales, where things are black and white. Normal people rightly get defensive when called such, because the road to hell actually is paved with good intentions. Hyperbole isn't a useful way to communicate.
Sorry to go full Godwins on this, but if you can't pull out Hitler and Nazi's when talking about evil (even to counter the point), then when can you...
I can’t even start to consider that it’s an appropriate analogy so Godwin point is dully granted.
PS: If it please your mind regexp replace "evil" by "ill intentioned" in Google related threads. But don’t forget that it’s Google that originated this terminology in the first place with their moto "Don’t be evil"...
I mean, if google is evil then what do you call North Korea? Super duper evil?
Google is evil in the same way now, that Microsoft was back in the day.
As an example in this case, I am an IT decision maker for a small group of people, I'm not that active on social media as a contributor, and losing an Apps subscription because of a browser auth decision could be one of those impacts. Its likely not, but if it were it would be impossible to understand in the aggregate, and of infinitesimal impact.
Be that as it may, user PII is now on the liability side of the ledger, and some businesses just haven't adapted to start operating like that is reality. Beyond financial hazard, the moral harm of a leak, the risk of telling the secrets of millions to the world (or a dangerous few) should be of grave concern. The best way to be trustworthy is to not know the secrets in the first place.
Bulk data collection doesn't affect 0.1% of users, that is the only group of people that understand enough to be concerned about. It affects everybody who signed up as a user. Their secrets and their safety are now in your hands.
This IS an engineering problem. I have full faith that with the right will, Google could figure out a way to offer web scale services to all manner of users and still deliver on its ambitions to deliver intelligent experiences with provable privacy at the heart of it. It probably involves data living at the edge; it probably involves renting datums from customers; it definitely involves a radical shift in business models.
Engineering a solution to a privacy-at-scale repository of human knowledge cannot happen without leadership that truly sees privacy as profit, at every level of the company.
Unfortunately, and with a long list of "accidental" blunders Google is long beyond the point of deniable plausability.
When I’m doubt, Google should err on the side of privacy.
That’s the safe way to go. And in this case you can clearly see that some people will freak out if their browser syncs their history to the wrong identity or that it syncs at all.
You and your colleagues could raise that these are there for a reason, approved by senior management, and there to help you respect your users' rights.
I like the sound of "Applications that affect or change your user experience should make clear they are the reason for those changes." or "It should be clear to you when you are installing or enabling software on your computer and you should have the ability to say no." or "We believe you should be asked explicitly for your permission in a manner that is obvious and clearly states what information will be collected or transmitted."
All of these sound relevant to the grievance of the OP.
Big corporations usually pick some good rule of thumb (use data based decisions) and pervert it until it's a blind rule.
Now I can see some understand some of Google bad decisions, sentiment and grudges aren't easy to measure. I can find some aspect of a google product annoying but not bother me much. Still, annoying thinks add up and most users, like 99,9% users don't write complains publicly so they can't never tell. It's also harder to account for network effects like the family geek stop caring about chrome and moved the whole family and friends to firefox.
An estimated negative impact in 0,1% can really mean last push for 1% of users. Add several episodes like this and you can destroy a company.
No, not the feature all other components do need so much you have to work around by adding another zillion lines of code in other places of your program to deal with the case it turned off.
I won't say you cannot make toys but I'd be happy if ux designers everywhere could take a break and stop dumbing down working applications, thanks.
PS: they don't need to be flashing.
In fact, in modern aircraft, they're not flashing. The trend today is to not light a light unless it's important to pay attention to it. It's called "dark cockpit".
Also, it's Boeing or I'm not going.
Agreed. But it's UX design for power users clearly.
But I was talking about the way to combine 'a regular users UX' with a ton of options you need for power users. The vast majority of the people who have Ubuntu on their laptops never recompile the kernel or even know about sysfs, the vast majority of the Windows and Office users never touch the registry editor - but removing them would be a huge mistake.
It's not hard.
And you don't have to do every possible customisation options, just the ones that people are enraged about.
Not everyone uses a browser the same, but a decent part of people here will spend their working life in the browser. I think for people here it won’t be rare to have dozen of windows with each dozen of tabs, some logged in different acconts within the site they show, some in incognito, some with in developer mode.
Even with just the browser filling multiple windows worth of buttons and stuff to interact with is easy, without even going to hidden preferences and configs.
I’d argue in complexity level we’re already on par with a airliner cockpit, it’s our job to deal with that, and we do it professionaly for years. Of course not everyone needs that complexity, but at least we do.
What I am getting at is, I think we should accept we’re not a t the point where it is simple anymore, embrace the complexity and give tools to effectively manage it.
Airliner cockpit are so because it’s efficient to have individual switches to important action and state indicators. We shouldn’t shy away from showing important info in the interface just because we’d end up with more stuff. Having it hidden can be a worse tradeoff.
Most people don't give a shit, they just want to check their gmail and couldn't care less. They don't even read the alert boxes that do pop up. They just click almost anything blindly.
As a result, companies get away with dark patterns and privacy-compromising changes like this.
I'm somewhere in the middle. I don't want airline-cockpit controls, but I do want the ability to not sync to the cloud/NSA if I want.
I also don't want to be tricked into syncing by some dark pattern silent update that makes an ambiguous clickbox that doesn't clearly say what the privacy implications are either.
Chromebooks are in an interesting position, with a chance to have newer users. But then they will literally live their life in the browser.
In that sense, Chrome users are already set apart I think.
if you are operating something as complex and dangerous, you need the Comercial airliner cockpit! it's that way for a reason! or would you rather board a 747 with a huge colorful button "fly" and another "land"?
if you have something like a browser, that is your last line of defense accessing online banking etc, you need to see into the miriad of options. if you just browse facebook, use the default and be happy. Knowing about:config shouldn't be a gate keeper to anything! going to settings then advanced should be more than enough to communicate the concept of advanced options. anything different you are just being an entitled , incompetent UX designer.
about:config is lazy, but get some of the job done. your oh-so-perfect two options google chrome setting page, is lazy and useless.
Put it on a screen called advanced options or something, even about:config, and let us decide!
That is, if you're really not just manipulating your users.
But will it be there forever?
Some other post on HN on this topic implied these options tend to vanish over time. (I'm not sure if they so or don't)
The total indifference to people's valid use cases is what really grinds my gears.
Chrome is still the only browser that ruins my UX by putting a profile picker into the title bar. A place it has no business being. I literally made a patch and compiled my own version of Chromium for a while to get rid of it. https://github.com/hparadiz/chromium-disable-profile-button-...
I'm so tired of the arrogance. Chrome used to be a beautiful simplistic browser. Now it's just bloat. I'm done. Get off my computer. You guys had your chance and blew it.
You can figure out the rest.
That’s not a problem or an indictment. Just an observation of how systems work st scale.
It's also part of the reason for the pace of the industry. You pump out as much money as you can from some space, and then move on to focus on the next thing.
I never wanted my youtube account tied to my business email.
Would you please read the site guidelines and follow them when commenting here?
If you don't want to be banned, you're welcome to email firstname.lastname@example.org and give us reason to believe that you'll follow the rules in the future.
Years of double digit percentage revenue growth sets lofty stockholder expectations.
All the low lying fruit to sustain that trajectory is gone. So, anything (AMP, this, etc) that might boost their targeting ability or impressions is important for them.
Because they’re not “dying on a hill” at all, because nobody cares. Nobody outside Hacker News and Twitter infosec people only followed by other Twitter infosec people cares about this.
> I really expect this change to push a lot of people away from chrome
Care to bet on that? Because I would happily take the opposite side of that bet. I think the feature will stay and after a few months we will see absolutely no change in Chrome’s usage statistics.
A lot of people do not understand, but we do, we're the techies. It's our job to understand.
Don't mistake people not understanding for not caring.
Once people understand, they care.
Conversely, don't mistake people not caring for not understanding. Many people both understand and don't care. Reasonable people can disagree about how their personal data should be monetized.
Everyone "understands" that Facebook collects user data. It's the contextual understanding that makes techies uneasy.
It's not the "contextual understanding" - or any kind of understanding - that makes some techies uneasy. It's their own opinions and personal comfortability with regard to data monetization. Many people understand their data is monetized in myriad ways and fully don't care. Asking if they actually understand is only going to patronize them.
There are countless things I understand the basics of but am not an expert in. That's why we specialize, because we can't be experts in everything all the time.
I don't mean it to be condescending, I mean to express that I can know that stars are powered by nuclear reactions and yet not have a firm grasp of what that really entails.
Most people, including myself, have a shallow understanding of a lot of things, and a deep understanding of very few things relatively speaking.
The only thing that’s different is that they can remain blissfully unaware of it.
The answer on all that is advocacy.
They may still not care, and that is fine. At least it is with eyes wide open.
Professionals do that sort of thing. It is consideration, not condescension.
Your comment basically implied "maybe they don't really understand which is why they don't care".
So I am refuting the original statement because I presumably do understand, and I still don't care.
They know what's happening is wrong. They don't know how to stop it. But they do still need to browse the web.
Ive always loved google. Installed chrome when it was released. I'm writing this from a pixel 2 XL because I broke my pixel 1 XL. I've had a Gmail account almost since it's been possible (I have my email@example.com).
I now use firefox. I don't know what mail I'll switch to, and I can't bring myself to an iPhone, but I'm leaving.
Google's increasing anti-user posture is enough, personified by the removal of their slogan "don't be evil". Legal move though it surely was, it's all too fitting.
Goodbye Google - you broke my heart.
That document has been reworded and the slogan is now at the end, but it's been there continuously. While I agree it's more of a passing mention than in the old wording, the end is one of the most prominent placements possible for such a statement other than the beginning.
The common Internet belief that they removed this came from the Code of Conduct of Google's new parent company Alphabet, which says "Do the right thing" instead, combined with the subsequent rewording. But Google's still applies to Google as well.
I'm thoroughly embarrassed to have regurgitated internet gossip without reading the source material.
However, as you mentioned, I stand by my sentiment. Google has clearly telegraphed their desire to put making money over users privacy and security (my definition of security being safe from Google, whereas Google's is safe from everyone BUT google)
To attack this issue from Google's side, the targeted ads I receive are straight garbage. The ads I get on my Google YouTube account from my signed in chrome Google account on my signed in Google phone are not in the least bit relevant to me or my interests. I don't use ad blockers of any kind. If I have to watch the ad about Dr. Gunter zolof solving Carmichael's toshent conjecture one more time, my phone might suffer an "accident" and I will take that opportunity to switch to a different provider (ANGRY SIDE RANT: I haven't watched that ad to completion or clicked on it a _single_ time. Stop showing it to me. 50 times. Consecutively)
Hop on https://www.gandi.net/, choose a domain name that looks professional (such as mylastname.me or some other clever variation) and never have to ask that question again.
If you ever want to go back to gmail, bring in your domain with gsuite (https://gsuite.google.com/).
As for an alternative UI&host recommendation, go for fastmail: https://www.fastmail.com/
It's always interesting to see how the most technical users seem to take such an irrelevant vague throwaway marketing line so seriously.
It's also still in the code of conduct but now moved to the end so it was never actually removed from anything anyway, if it actually matters.
The public needs to start changing their mindsets and begins to accept that all information in your private life is being recorded. The only important aspect that needs to be questioned is to what extend the data is going to be used. Are some companies not going to hire you simply because of something you did in your private life three years ago that they may not agree with? That would be unacceptable to me as it would definitely cross the line. It is what I consider similar to the "social credit" system being implemented in China, in which everyone is under surveillance at all times and given scores for activities such as grocery shopping. There are always two sides of the extremes, and the balance we should strive for is somewhere in the middle.
It's impossible to ask U.S companies like Google not to conduct data mining on their users. How do you expect them to compete with companies in other countries that monitor their users 24/7 and have access to larger and more accurate data? In the age of information and artificial intelligent, those companies will win the battles simply because they will have better insights that Google won't ever have. Companies in the West cannot readily admit what they're doing because the public mindset is not yet ready for this change. It's too drastic and against many values we have been familiar with our entire life. But our world is changing very quickly, it is not the same world as before, it's understandably very difficult for most people to wrap their head around this but we need to update our mindsets even if that means changing our values. Companies like Google cannot disclose what they do because of public backlash they will receive. If people are just going to switch to another company, all their investments will have been lost, and the next company will be forced to do the same anyway. Google's recent move was probably the best way to test out public water, and it is already not looking very good. I don't know if governments from the West will ever be able to crack this issue.
Also, why do companies need to "compete"? There's no reason that core software like internet browsers or operating systems need to be commercial in the first place. I will happily continue using Firefox.
Let me give an example, suppose no countries on earth had nuclear weapons. We all know how deadly and devastating its effects can be to humankind. Let's say initially all nations agreed that it's bad for all of us and nobody should pursue it. However, if ONE country broke the contract and started developing nuclear weapons on their own. Do you think the remaining countries can afford to stay at their same positions and not start developing it too? Once someone starts doing it, all bets are off! You can apply the same logic to any unethical technological experiment, such as cloning human. Google really had no choice, if they don't adapt they will be out of the game within the next 10 years.
At least for me, Google's behavior means that I can no longer recommend Chrome.
Fortunately it's not. On average people are only about 6 degrees apart, so in reality a relatively small number of people can get a surprisingly large amount of coverage in a frighteningly short amount of time, should they choose to apply themselves.
Much like the slide from IE and FireFox to Chrome, by the time Mozilla and Microsoft reacted, it was already too late. Time will tell if this is the start of such a momentum flip or if it's just another blip.
Now computers are easy to use, and the massmarket does not need to rely on techies for guidance, and non
-techies can be early adopters. The general public relies on mainstream popular culture / fashion influencers.
Ever since I updated to 69 I've been absolutely loving it. The most noticeable improvement is it feeling incredibly faster, but as someone who's been using 4-5 profiles on Chrome for over a year the new user management stuff just feels so much more intuitive/integrated.
I was super surprised to see people complaining about it on HN this morning, and I'm still not entirely sure what the problem is. FWIW, I also severely disagree with a lot of the implementations of GDPR, so maybe I'm just not the audience who cares here. To me, this update has been nothing but improvements so far.
Chrome 69 is simply the best. Not for me, but for the average user. The reading and work flow is incredible for casual browsing.
The negative reaction on HN is understandable, but it's not relevant for most people.
The goal of Google is merging the user experience of Android, Chrome, Google search and personal Google accounts into one, and it will get increasingly difficult for users to get out of this ecosystem.
Assuming this isn't fixed, the ick factor of being in-your-face followed across the web will be quite strong, I think.
You are conflating "don't understand" and "don't care." Those are not the same things at all. This conflation seems to be a stable of Big Tech now where matters of privacy are concerned.
>"Nobody outside Hacker News and Twitter infosec people only followed by other Twitter infosec people cares about this."
Awareness of issues and a dialogue concerning them generally starts with people have domain-specific knowledge. The idea that this somehow detracts from an issue's importance is absurd.
"You're signing into Gmail. Would you like to link Chrome to firstname.lastname@example.org? This will enable automatic notifications in Gmail, sync passwords and web history, and also automatically log into other Google websites when you visit them".
"Yes / No / No, and don't ask again"
"Yes / Ask again later"
... We passed the point where dark UX patterns deserved the benefit of doubt a few years ago.
If it benefits the company, it's intentional.
Theres almost never a true choice.
"Update now / Update in 1 week"
I think you're being a little optimistic.
> This will enable automatic notifications in Gmail
> sync passwords and web history
Chrome 69 does not enable either of these things just by signing into Gmail. (Sync being a separate opt-in has been well discussed. I just tested notifications on a new profile: they're not automatically enabled, and if I try to enable them in Gmail settings, I still get the usual browser permissions dialog.)
> and also automatically log into other Google websites when you visit them.
...and this one would happen regardless of any browser involvement.
If I have chrome sync enabled in browser on desktop a, then login to gmail in chrome on desktop b — is the browser history on desktop b now synced ...?
Also curious whether sync implies that old browser history in desktop b is synced to my account or is it guaranteed to be the case that “only browser data collected while logged in” is eligible for being synced between devices ...?
Google services are getting preferential treatment over the rest of the web on a browser with a market share big enough to be subject to an anti trust case. Vestager must be licking her lips right now...
I do not want synced browsers between my two environments.
This change makes it inordinately difficult to maintain that separation while utilizing other parts of the google ecosystem.
Maybe the Chrome team was wrong to introduce signing in to a browser at all?
maybe, but that would mean that all browser vendors did it wrong. (including mozilla)
I think that's the case, and Mozilla is one of all your friends who are jumping off the proverbial bridge. (Posted from FF, not signed-in.)
They are tying website login to browser login, with the intent of merging the two - that's the problem.
To users are Google who are fully invested in that corp having total control of their online life, this fuss will seem quaint and odd, but I do think it will have serious implications long term - people are turning away from search too for similar reasons - abuse your monopoly enough and people will actively seek out other options.
I know they were working on removing the need for plugins in other browsers. Ut last time I checked it was still a bit iffy.
This is what’s keeping Chrom(e|ium) installed on my machines right now. (I have a customer that uses it extensively).
If Hangouts works in Firefox I think I'll uninstall Chrome.
I have noticed Xero doesn't work on Brave. Not my product so not so concerned but I'm going to investigate to see what Xero is doing that we are not. ie why my dev's stuff works and xero's does not.
Agree with you up until this point. The vast, vast majority of people won't even notice this has happened, or really care much.
Anecdotal of course, but I haven't heard a single complaint among my non-tech friends, and I'm usually the first person they talk to about this stuff (because I'm "in tech"). I also believe Google when they say this change results in a lot less confusion from users (and just so happens to be a strategic benefit for Google, too...)
Now I've done making an excuse for it, I think it's a shame that Microsoft fucked up so bad with IE that both Edge and Safari face an uphill struggle. They're both pretty decent browsers that are kind to your battery and aren't bloated with features you're unlikely to ever use.
The extension support is fairly poor for both but at the same time, that's not exactly a bad thing. You browse the web with them and that's more or less it.
Being able to make something with an extension have having a behavior turned on by default in the browser are very different things.
link to said threads?
> Q: I don’t get, though — if you’re signed in to the browser but sync is off, then what does it mean to be signed in to the browser? What does it do besides sync?
> A: Not much, you can think of it like a Gmail login state indicator.
If that's fully the case, then there's nothing to see here and people are freaking out over nothing. Am I missing an important element here, other than that people don't trust Google?
I almost never visit the Economic Times, and I certainly never log in, but now it gets a chance to log me in using my 'real' identity, and there's even a popup to nudge me in that direction. Any site that implements Google Logins can do this, as far as I can tell. I'm pretty sure most people who chose to enable browser sync in Chrome didn't opt for this.
I think the Chrome team really screwed up on this by not considering how Google IDs are used across the web. And for what? The rather marginal scenario of eliminating confusion in shared-browser situations?
Or they knew the full implications and did it anyway, which is even more disturbing.
I simply don't trust a single corporation that much.
Their current argument is that they aren't actually collecting that data- just getting permission to- but that's kind of sketchy and still leaves them open to other changes that do start collecting things.
The other big issue people have with this is that the use case they're talking about- accidentally logging into a site and not logging out- is an issue with all websites, not just Google. Adding a UI for Google services explicitly is something only Google could do, which makes their browser less "neutral". This is why people keep bringing up antitrust. By taking advantage of their monopoly to further entrench that monopoly they are breaking the trust of their users.
They aren't actually collecting that data because you haven't turned sync on.
Really? That one is easy to understand. Google is a malware company and anyone that cares about privacy wouldn't work there in the first place.
That's literally their jobs as Chrome evangelists. They're just doing what they're told.
I've never signed into Chrome, but I am able to access 2 Google accounts... and Chrome still shows me the "Sign into Chrome" option.
Version 69.0.3497.100 (Official Build) (64-bit)
(I normally just use Chrome for development)
I think as tech people we systematically tend to under-think the second-order effects of the systems we build. Case in point, Chrome and G-suite being that closely integrated brings up serious privacy concerns, and the part where the Chrome team doesn't seem to appreciate the nuance reflects poorly. I do cybersecurity now (didn't used to), and a good number of problematic things I run into just come from engineers like my previous self not thinking through the security implications of a specific design, mostly because not thinking about security means shinier UX delivered on less resources.
Just another example I encounter regularly: I use U2F to sign into my Google accounts. However, when you log in, the checkbox to "trust this computer" is checked by default, meaning that if you're not paying attention your account will get automatically downgraded to single factor authentication going forward. It's a clear nod to convenience, but done this way it makes you shoot yourself in the foot.
It's a good change only if you are permanently logged in to google services, which is probably why it seemed like a great idea to the Chrome team, who probably have no idea how much distrust Google has started to build up. It moves the browser closer to an app runner for google services - I'd understand that if this was on Chrome OS or a specific 'Google' app, but in a general purpose browser the browser chrome should never indicate login state about specific websites, nor should my browser be logging in to google itself. It was bad enough when that was a choice for users, now it is one policy change away from being obligatory.
This is how we end up living in a world where google has access to all your data. I've switched browsers due to the move, not just because of this specific action, but because combined with all the other dark patterns Google has engaged in recently, and their clear moves to abuse their monopoly in search, it tipped me over the edge.
I no longer use google search (have been using ddg for a while), and now no longer use google browsers as a result of their disregard for user privacy.
Copy that. Thats a serious privacy leak, Referrers, none of the adblockers handle today.
I'm hoping CDN's get the same privacy treatment as facebook and the like have been getting lately and we can go back to a self hosted world.
Also, it not just fonts, but jquery and other stuff. And two places to check: Referrers HTTP header and meta element Referrer Policy of the page
If someone has access to my desktop PC, they also have access to my yubikey anyway.
If Google switched it to not trusting by default, you could still trust whatever device you want, just without the risk of a default behavior working against you.
EDIT: Yes, IE was great in the beginning, but then it stagnated and earned the wide reputation of being terrible obsolete anchor that it is now known for. It's with this late-stage IE that I don't see the comparison since Chrome is still on the cutting edge.
For example, the FF team felt that flex/grid should become the new layout standard, and deprecated or accidental behaviors of the past could be sunset by doing it right on Flex/Grid. So, for example, margin-top: 10% would be percent of height instead of percent of width when on a flexbox or grid item.
Chrome did it their way and wouldn't discuss the issue, and eventually FF caved because Chrome has a near-monopoly.
This idea of implementing bad design and forcing it on the world, won't end well for the user.
Not to mention the whole recent hullaboo about hiding the www / m / whatever prefixes.
Dynamic HTML as it was called, CSS, encryption, and so much more stuff came to IE before any of the competitors.
Then it became the IE6 we all came to know. The analogy with Chrome starting as a trail blazer and progressively taking the same trajectory is perfect, really.
As far as I can tell, it's still on the bleeding edge and only recently met there by new advancements from Firefox.
This is directly out of the Microsoft playbook and is why IE became as despised as it is.
Meanwhile Safari and Edge continue to lag behind with basic features. Either way extinguish only works if there's no ready competition, which is not the case here for the majority of users.
That's a bad example. In technical progress,
Chrome is the complete opposite of IE
Only little-by-little did Microsoft start adding in features no other browser supported. By the time the mid-late 00's roll around and Chrome was released. IE was this red-headed step child, with a lot of unique Microsoft only extensions.
Chrome is walking the same path, a technological superior browser slowly breaking compatibility with the rest of the web. But in such a way that developers _arent too unhappy_, but enough that most business users, and home users keep using it.
Saying Safari is the new IE is a short sited look at only the tail end of the problem from IE7 or so out. When IE was this slow laggy thing people kept around from Windows XP. Instead you need to look at Chrome like somebody would look at IE4 compared to Netscape Navigator. Sure IE4 breaks standards, but custom webfonts, OpenSSL encryption, ActiveX containers! All these new tools developers can use to make a richer more interactive web experience!
It was IE who added XMLHttpRequest and invented AJAX.
Bill Gates wanted their browser to be the best, but also wanted it not good enough to replace desktop apps. However the right hand didn't know what the left hand was doing. The Outlook team was told to make a web version. They got the IE team to add XMLHttpRequest for their use, everyone implemented what they needed to, then went home and forgot about it.
Then Google recognized what the feature allowed, and used it in gmail and maps. The rest of the internet said, "Wait, what, you can DO that?" Studied it, popularized the technique as AJAX and the rest is history.
Furthermore I remember gmail's keyboard shortcuts being a shock to a lot of people. Me included.
It's possible that Microsoft's style guide at the time set three characters as the limit.
...in 1999. Then IE6 was released in 2001, and then Microsoft scrapped the Internet Explorer team and didn't release another browser for 5 years, leaving us with 90%+ of users stuck on IE6 bugs and non-standard features.
That's what the GP is talking about.
This. I get to hear this from my colleagues at work all the time.
Not at all. I used to start developing while netscrape was still a thing. Chrome is (and it was) a bless for developers. I try firefox like once a year and see no reason to switch.
THe actual case is also no reason to switch (for me) but ill watch it.
I develop in Chrome because that's where the majority of our conversions come from.
I (my QA team) also tests Safari, Firefox and other browsers where a significant number of conversions come from. I never heard "just use chrome" in any professional environment.
> My teammates made this change to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device
I can see why there is pushback against this, but the issue described above is also understandable. There are valid reasons why "average" users would rather have this, and having unsynced or completely mismatched logins between Chrome and Google sites can lead to confusion for many who don't really see or care about a difference between them.
However it would be best if Chrome kept the settings to disable this. It doesn't make sense to remove those flags when they also have a large technical user base. Seems like good intentions but misjudging the impact of the decision and forcing it on everyone without recourse.
This makes Chrome less of a browser and more of gateway to Google services that happens to include a browser. Which will also trick non-technically-savvy people to accidentaly share their non-Google logins when sharing computers/"browsers".
The big difference is that your Chrome account is your Google account, unlike any of the other sites you mention.
Auto-signin only adds confusion. Many (most?) users have no reason to associate their browser with a Google account. This is something that Google is pushing unilaterally, just like Google+/YouTube integration. As an advertising company, they stand to benefit from more accurate user tracking.
Again, the Chrome account is your Google account so you're not associating anything, you're just logging in. It's different than any other example where the website has a different account. Signing in to Chrome and then into Gmail is not what most users would expect because for them the browser really is just another Google service.
There seems to a big (and sometimes willing) misunderstanding from HN/tech users about the mainstream population who just want things to work.
Then Chrome should be just a Google Services Client app. It shouldn't pretend to be a browser. It shouldn't allow one to log into "any of the other sites", in the first place.
That would follow the users expectation (based on their observation).
Logging the user into the browser, on the other hand, is not directly related. And potentially unexpected for the user.
They could have had one without the other.
In fact, it could also sign you in to local applications like Photoshop and Word.
They could call it the 'logon screen'.
In other words, the given motivation for this change rings hollow.
Their excuse sounds like parallel construction, as I refuse to believe one of the top IT companies in the world can't see why this solution is so bass ackwards.
They know exactly what they're doing, and it's the reason I went from a huge fan of Google products and early-adopter/beta-tester of everything possible, to scrubbing their existence from my and my family's life.
This seems to be a confusion straight out of a five-stages of grief denial of GDPR principles.
Let's work this through:
Step 1: Are you collecting personal data?
Step 2: If so, are you obtaining consent prior to collecting this data?
Step 3: Are the instructions to the users transparent and understandable?
Step 4: Is your system designed to handle these?
Or is it hard, and since we haven't had to do it before, I would like to get out of this requirerment?
Additionally, the controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.