I don't understand why the Chrome team is picking this hill to die on- their team (managers and developers) are all over twitter and reddit trying to explain the privacy violations away as if the people upset about this are just not understanding what's going on.
I really expect this change to push a lot of people away from Chrome, and frankly I wouldn't be surprised if it started opening up more antitrust possibilities due to how they're using their browser to give their services special functionality others can't get.
It's about privacy and also about taking away functionality that worked all these years for me. At work we use Google Apps and I sign in as with my work address for Gmail, Calendar, Docs, Drive, etc. and am used to one click access to all these apps. But I like to sync my bookmarks, extensions and settings to my personal account - and that's it - I don't want to sign in to my personal Gmail, Docs, Drive in the browser. The new Chrome not only forces me to, but it now makes my personal account the primary one (/u/0 for Gmail) and forces me to go through several clicks for other apps to change accounts. And they didn't even ask before pushing this - one fine day Chrome auto updated and forced this feature on me and it took several days and a lot of signing out/in deleting cookies, posting on groups, etc. to figure out the flags workaround.
I know the following is not welcome on HN, but I have to vent somewhere folks that think this was a good idea are reading, so here it is: A big fuck you to Chrome for forcing this feature on us!
Firefox with the "Multi-Account Containers" add-on is pretty great for managing multiple identities. Browser tabs get labels (with color-coded stripes) for which container they belong to.
I can ignore identity switchers provided by a site (google in this case) and just keep two gmail tabs, one for personal and one for work, open right next to one another. Firefox keeps each one sandboxed with its own session info like cookies etc.
I'll never understand this hesitation to Firefox, some people will bring out why Firefox is evil yet Chrome is clearly not the lesser evil product. I started using Chrome when it first came out, and then I stopped using it when it didn't have adblocking. Then when it did have adblocking it was extremely limited (I kept seeing popups and other nuisances), this was when I got dispelled then about Google being an ad focused company and never went back. I only use Chrome / Chromium (on Linux) to test web dev projects across major browsers, and sometimes Stack Overflow if I'm testing on Chrome might as well, but it's nothing all that special.
My main browsing has always been done on Firefox which has sync much like Chrome does, but oh look it's encrypted, forgot my password? Too bad, they're going to nuke my data since they don't even know my password. As it should be. My browsing data being synched is cool but it's not that precious to me, and if it was I would just not forget my password.
Also if I need to use Google services I have a Google container, if I need to use Firefox, I have a Firefox container. Good luck containing Google or Firefox on Chrome that way, and the multiple account containers are amazing for testing multiple user roles on web development projects all on one browser with multiple taps opened.
Not sure if this is a solution for you but you can have multiple Google account sessions in separate Chrome user sessions by clicking your user icon at the top then selecting to add people.
It becomes a game of “guess what user I’ll be logged in the next new window ?”
Chrome also doesn’t respect window order in the menu, so it’s just a pain to track when switching.
My solution to that was to switch to Safari for personal use.
I had been using Chrome only for G Suite stuff (forced by my employer to maintain this account) and FF for everything else. This change resulted in the deletion of Chrome from my computer and a move to FF with Multi Account Containers set to segregate various services from each other.
I'm half thankful for the Chrome team doing this because it was just the push I needed to finally rid myself of Chrome once and for all.
I plan to do a clean re-install of the OS on my Mac as well to ensure that all vestiges of Google Chrome are indeed gone. I also took the opportunity to rid myself of Google Drive File Stream.
FF itself since Quantum has been heaven for me personally.
I've always used FF and Chrome, flipping back and forth as Chrome filled in where FF had issues and vice versa, but after a week or 2 on Quantum I just didn't need Chrome anymore and uninstalled it. Haven't regretted it once.
The only thing that doesn't work for me at work with Firefox is some parts of our Google-powered meeting rooms. I can do videoconferencing just fine in Firefox, but I can't do screen sharing, even though Firefox seems to think screen sharing is enabled and working, only a black screen goes to the meeting room's projector.
This has been the one thing I've wanted since it was announced. It would make it a really powerful concept and maybe more plugins supporting container specifics. Like disabling / enabling features depending on the container you're under. I know some do, but if more did it would be amazing.
I wish Mozilla would give some kind of guarantee that they won't drop the feature, otherwise I don't feel like investing time into building a workflow around it is worthwhile. And it's sad that this is even an issue.
Sure, that makes sense for your business, because it saved money. For me, personally, I don't want spend time getting used to software that is likely to be taken away from me (i.e. forced obsolescence). That is a very frustrating experience. I'd rather use and build on software that I know is going to remain usable for a long time.
so you can be logged into 2 google accounts at the same time? two facebook accounts? two twitter accounts? IIRC multi-account containers work by domain name so they don't handle this case. Multiple profiles do, something which Chrome handles well and Firefox handles poorly
Yes, you can. It's not as smooth as could be, but I am continuously logged into three separate Google accounts (one vanilla Gmail, two for separate G Suite businesses), and it works fine.
Each container can load any page. If you want to toggle the current domain to load in the current container, you can opt for that. Then, it will prompt you to switch to that container when you browse to that domain, and at that point you can opt to make it automatic. If you don't make it completely automatic, you can just choose to use the default container for that domain, or stick with the current container (or source container, if opening a new tab from some other container).
What would make this better would be to be able to flag a domain as openable in multiple containers, but have one be default, so I wouldn't have to decline switching to my personal Google container every time I clicked a link on an email in one of the G Suite accounts, as they redirect to a google landing page).
> I don't understand why the Chrome team is picking this hill to die on- their team (managers and developers) are all over twitter and reddit trying to explain the privacy violations away as if the people upset about this are just not understanding what's going on.
My impression is that this is the new norm at Google. It happens with everything, internal or external. The sad reality is that most decisions will deeply upset at least some people, and those people likely don't have the context into the decisions but still complain loudly.
From my perspective what happens is that it doesn't matter whether a decision was a good or bad one, there will be people who complain (ESPECIALLY internally as Googlers can be very entitled) and so at some point you're just completely immune to this.
This is not helped by the fact that people externally often think Google is on some evil plan and speculate in wild ways which are completely wrong.
To give you an idea of how these things usually happen.. it goes something like this..
Someone finds a UX problem, and makes a plan to fix it. In this case I guess it's confusion among signed on accounts. Someone on the team probably raises some concerns, likely similar if not the exact ones being raised now, and they debate it but eventually they say well, the proportion of people who seem to care about this is only 0.1% of users (Because we are objective!).
Sadly, even though it's "only" 0.1% of users, those users are extremely negatively impacted in a way that's not really reflected by the small percentage, and 0.1% of a billion is still a considerable amount.
On the other hand, there are many other decisions which were released just fine and we would not be able to do anything if we were always afraid of negatively impacting some small proportion of users. To me this is a weakness of the attempt to have everything be objective and "measurable".
Let me state that I don't think this is good or even acceptable, but I'm definitely not smart enough to know how to solve this on a wider scale than my immediate team. However I hope this at least provides some insight into why these kinds of thing happen.
'0.1% of a billion is still a considerable amount' is a very important observation, and one my colleagues at Google (before I left) rarely seemed to grasp. People think they can get away with a lot of cutting corners or lack of rigor in their engineering and design when mistakes can impact millions of people... our industry really isn't prepared for deploying products at this scale.
> >...people externally often think Google is on some evil plan...
> The real bad guys don't ever think they are evil.
At least seen from the inside, it's often funny (and sad) to see all kinds of crazy speculation about the greater evil goal of nefarious decisions made, all the while whatever is happening is usually a mixture of software bugs and incompetence on our side.
It's like a clown show, where the evil mastermind turns out to just be me incorrectly checking for a null value in some if condition, or my PM having no idea how to rationalize two features together.
I guess that comes with large corporation status, and a certain failure to communicate. Not sure if it's avoidable at all. It does teach you something about perception vs intent, I guess.
Then again, maybe we shouldn't be throwing around words like "evil", which we all know is hyperbole (even if invited hyperbole because of Google's own prior statements). Someone talks about Google being evil, and then other people push back because it's not really "evil", and they are both right, so neither ever gives an inch.
Sure, there's less impact when statements are less hyperbolic, but there's also less bikeshedding about the problem, so maybe something actually happens in the end.
You said it yourself, Google’s raison d’etre in some ways into these markets was that they were not evil anticompetetive Microsoft. Today, they very much are. Arguably they were always this way, but dark patterns like this is a new low.
And no you don’t need to be North Korea to be evil. That is a meaningless comparison. Coincidentally Google has started working with regimes similar to NK; The PRC. Is that not evil?
> Coincidentally Google has started working with regimes similar to NK; The PRC. Is that not evil?
No, it's not, because evil is a negative ideal, but I don't think it actually exists in reality.
Even Hitler wasn't evil, he was insane, and the whole situation is a case study of what happens when people, regular people, are given an easy explanation for all their problems. Placing something in the category of "evil" is placing it apart from behavior that you expect normal people to be capable of, since I think most people thing the majority aren't evil. All that does is help us feel better at the expense of helping us be better.
Evil is for fairy tales, where things are black and white. Normal people rightly get defensive when called such, because the road to hell actually is paved with good intentions. Hyperbole isn't a useful way to communicate.
Sorry to go full Godwins on this, but if you can't pull out Hitler and Nazi's when talking about evil (even to counter the point), then when can you...
You just implied that Hitler was insane, a slang and disrespectful word for mentally ill people.
I can’t even start to consider that it’s an appropriate analogy so Godwin point is dully granted.
PS: If it please your mind regexp replace "evil" by "ill intentioned" in Google related threads. But don’t forget that it’s Google that originated this terminology in the first place with their moto "Don’t be evil"...
Evil sort of loses it’s meaning when it’s thrown a google in a world where Pennsylvania just banned books that aren’t sold through their systems from prisons, where ICE kills children in concentration camps, and that’s talking domestic issues only.
I mean, if google is evil then what do you call North Korea? Super duper evil?
I'm glad you're here talking. This is hard to navigate as an employee. A company as large as Google must make it nearly impossible to anticipate every downstream effect it may have on seemingly unrelated areas of the business.
As an example in this case, I am an IT decision maker for a small group of people, I'm not that active on social media as a contributor, and losing an Apps subscription because of a browser auth decision could be one of those impacts. Its likely not, but if it were it would be impossible to understand in the aggregate, and of infinitesimal impact.
Be that as it may, user PII is now on the liability side of the ledger, and some businesses just haven't adapted to start operating like that is reality. Beyond financial hazard, the moral harm of a leak, the risk of telling the secrets of millions to the world (or a dangerous few) should be of grave concern. The best way to be trustworthy is to not know the secrets in the first place.
Bulk data collection doesn't affect 0.1% of users, that is the only group of people that understand enough to be concerned about. It affects everybody who signed up as a user. Their secrets and their safety are now in your hands.
This IS an engineering problem. I have full faith that with the right will, Google could figure out a way to offer web scale services to all manner of users and still deliver on its ambitions to deliver intelligent experiences with provable privacy at the heart of it. It probably involves data living at the edge; it probably involves renting datums from customers; it definitely involves a radical shift in business models.
Engineering a solution to a privacy-at-scale repository of human knowledge cannot happen without leadership that truly sees privacy as profit, at every level of the company.
I’m very sympathetic to your situation, delivering software that’s this popular can’t be easy however in this case it’s really not that hard ...
When I’m doubt, Google should err on the side of privacy.
That’s the safe way to go. And in this case you can clearly see that some people will freak out if their browser syncs their history to the wrong identity or that it syncs at all.
As you probably know, Google does have quite clear policies on the matter.[0]
You and your colleagues could raise that these are there for a reason, approved by senior management, and there to help you respect your users' rights.
I like the sound of "Applications that affect or change your user experience should make clear they are the reason for those changes." or "It should be clear to you when you are installing or enabling software on your computer and you should have the ability to say no." or "We believe you should be asked explicitly for your permission in a manner that is obvious and clearly states what information will be collected or transmitted."
All of these sound relevant to the grievance of the OP.
Big corporations usually pick some good rule of thumb (use data based decisions) and pervert it until it's a blind rule.
Now I can see some understand some of Google bad decisions, sentiment and grudges aren't easy to measure. I can find some aspect of a google product annoying but not bother me much. Still, annoying thinks add up and most users, like 99,9% users don't write complains publicly so they can't never tell. It's also harder to account for network effects like the family geek stop caring about chrome and moved the whole family and friends to firefox.
An estimated negative impact in 0,1% can really mean last push for 1% of users. Add several episodes like this and you can destroy a company.
When you have a checkbox for every possible customisation option, you end up with a commercial airliner cockpit - hundreds of flashing lights and switches, that you need a comprehensive manual and years of experience to properly operate.
It's clearly not the case when the checkbox you adding is an option to turn off some feature enabled by default.
No, not the feature all other components do need so much you have to work around by adding another zillion lines of code in other places of your program to deal with the case it turned off.
In fact, in modern aircraft, they're not flashing. The trend today is to not light a light unless it's important to pay attention to it. It's called "dark cockpit".
> The cluster is actually a great study in UX design.
Agreed. But it's UX design for power users clearly.
But I was talking about the way to combine 'a regular users UX' with a ton of options you need for power users. The vast majority of the people who have Ubuntu on their laptops never recompile the kernel or even know about sysfs, the vast majority of the Windows and Office users never touch the registry editor - but removing them would be a huge mistake.
I wonder if we’re not already at this point though, and it might not be a bad thing.
Not everyone uses a browser the same, but a decent part of people here will spend their working life in the browser. I think for people here it won’t be rare to have dozen of windows with each dozen of tabs, some logged in different acconts within the site they show, some in incognito, some with in developer mode.
Even with just the browser filling multiple windows worth of buttons and stuff to interact with is easy, without even going to hidden preferences and configs.
I’d argue in complexity level we’re already on par with a airliner cockpit, it’s our job to deal with that, and we do it professionaly for years. Of course not everyone needs that complexity, but at least we do.
What I am getting at is, I think we should accept we’re not a t the point where it is simple anymore, embrace the complexity and give tools to effectively manage it.
Airliner cockpit are so because it’s efficient to have individual switches to important action and state indicators. We shouldn’t shy away from showing important info in the interface just because we’d end up with more stuff. Having it hidden can be a worse tradeoff.
The problem is that you're in the 0.001% of people who want their software complicated like an airline cockpit.
Most people don't give a shit, they just want to check their gmail and couldn't care less. They don't even read the alert boxes that do pop up. They just click almost anything blindly.
As a result, companies get away with dark patterns and privacy-compromising changes like this.
I'm somewhere in the middle. I don't want airline-cockpit controls, but I do want the ability to not sync to the cloud/NSA if I want.
I also don't want to be tricked into syncing by some dark pattern silent update that makes an ambiguous clickbox that doesn't clearly say what the privacy implications are either.
Yes, I think the middle ground will be the majority. All the more so actual “casual” users that want stuff that “just work” will use their phone or tablet, or the default browser already installed and is good enough.
Chromebooks are in an interesting position, with a chance to have newer users. But then they will literally live their life in the browser.
In that sense, Chrome users are already set apart I think.
if you are operating something as complex and dangerous, you need the Comercial airliner cockpit! it's that way for a reason! or would you rather board a 747 with a huge colorful button "fly" and another "land"?
if you have something like a browser, that is your last line of defense accessing online banking etc, you need to see into the miriad of options. if you just browse facebook, use the default and be happy. Knowing about:config shouldn't be a gate keeper to anything! going to settings then advanced should be more than enough to communicate the concept of advanced options. anything different you are just being an entitled , incompetent UX designer.
about:config is lazy, but get some of the job done. your oh-so-perfect two options google chrome setting page, is lazy and useless.
That 0.1% doesn't take into account hours spent using the actual app. Power users tend to spend all day in a browser whereas a typical grandma might look at it for 15 minutes and close it. Meanwhile people who have multiple Google accounts and who spend literally all day in the browser are the ones that get the short end of the stick? That makes zero sense and it's why people are starting to hate Google just like any other corporation that makes decisions by committee. There should have been a product owner on the browser team that said "No this is a browser. Not an extension of GSuite."
The total indifference to people's valid use cases is what really grinds my gears.
Chrome is still the only browser that ruins my UX by putting a profile picker into the title bar. A place it has no business being. I literally made a patch and compiled my own version of Chromium for a while to get rid of it. https://github.com/hparadiz/chromium-disable-profile-button-...
I'm so tired of the arrogance. Chrome used to be a beautiful simplistic browser. Now it's just bloat. I'm done. Get off my computer. You guys had your chance and blew it.
How do you think Firefox and Chrome overthrew IE? The power users (us) who set up and fix everyone else's computers spent years telling others why IE is terrible and installed a different browser, and it slowly but surely worked (along with strong developer and media/press support).
That's very short term focused observation though. Power users are influencers. When power users leave - especially being annoyed and angry - they start to actively advise against the product left and right, to the regular users and to other power users.
But that's unfortunately how this works. I think people forget market players can, and are, self-destructive, when short-term profits interfere with long-term survival.
It's also part of the reason for the pace of the industry. You pump out as much money as you can from some space, and then move on to focus on the next thing.
Why would they repeat the Google+ linked accounts nightmare though? I never wanted a fucking chrome account, and linking my business and private accounts is the stupidest thing you idiots could have done.
I never wanted my youtube account tied to my business email.
"I don't understand why the Chrome team is picking this hill to die on"
Years of double digit percentage revenue growth sets lofty stockholder expectations.
All the low lying fruit to sustain that trajectory is gone. So, anything (AMP, this, etc) that might boost their targeting ability or impressions is important for them.
> I don’t understand why the Chrome team is picking this hill to die on
Because they’re not “dying on a hill” at all, because nobody cares. Nobody outside Hacker News and Twitter infosec people only followed by other Twitter infosec people cares about this.
> I really expect this change to push a lot of people away from chrome
Care to bet on that? Because I would happily take the opposite side of that bet. I think the feature will stay and after a few months we will see absolutely no change in Chrome’s usage statistics.
It's the early adopters who breed the late adopters. If we all stop using Chrome, and thus stop recommending it to our friends/co-workers they will stop using it too. I've personally turned dozens of people away from IE towards Chrome. Now I'll turn dozens of people away from Chrome towards Firefox. Also, I'm also IT and I'm now phasing out Chrome on my company workstations and phasing in Firefox. It will take time as it's low on my list of priorities, but every workstation I touch I'll take the time to scrub free from Chrome and setup FF. There's 30x users right there.
> Don't mistake people not understanding for not caring.
Once people understand, they care.
Conversely, don't mistake people not caring for not understanding. Many people both understand and don't care. Reasonable people can disagree about how their personal data should be monetized.
This can't be overstated. The update did not even mention this feature change, making it even more difficult for non-techies to know something has changed, and what it means.
What you're saying is a pretty condescending way to treat other people's opinions. You're essentially questioning whether or not they really understand (complete with scare quotes) if they don't share your opinion.
It's not the "contextual understanding" - or any kind of understanding - that makes some techies uneasy. It's their own opinions and personal comfortability with regard to data monetization. Many people understand their data is monetized in myriad ways and fully don't care. Asking if they actually understand is only going to patronize them.
I get where you're coming from, but it applies to me equally in plenty of other domains.
There are countless things I understand the basics of but am not an expert in. That's why we specialize, because we can't be experts in everything all the time.
I don't mean it to be condescending, I mean to express that I can know that stars are powered by nuclear reactions and yet not have a firm grasp of what that really entails.
Most people, including myself, have a shallow understanding of a lot of things, and a deep understanding of very few things relatively speaking.
And yet, given a parallel into what is happening as if it were a different company ‘e.g. would you be fine with our man standing outside your house and observing your every movement as a condition of service’, most of these people that ‘understand’ switch to WTF?! No! If you then ask them to stop using Chrome or Facebook it’s suddenly ‘different’.
The only thing that’s different is that they can remain blissfully unaware of it.
Most people incorrectly think along the lines of "they have all my data already, so there's nothing I can do." Most probably also believe that many of the things that are going on are illegal and that someone is watching out for their interests. If they really understood the consequences of the data collection on a deeper level, most people wouldn't agree to it.
I can confirm: there are a lot of things that friends, coworkers, and family all think are illegal and yet when I tell them to call law enforcement, they then ask "but who do I call?" followed by "I can't afford to hire a lawyer"
They know what's happening is wrong. They don't know how to stop it. But they do still need to browse the web.
I'm typically out of touch with normal people so I'm probably proving your point, but this has pushed me off chrome and Google.
Ive always loved google. Installed chrome when it was released. I'm writing this from a pixel 2 XL because I broke my pixel 1 XL. I've had a Gmail account almost since it's been possible (I have my firstnamelastname@gmail.com).
I now use firefox. I don't know what mail I'll switch to, and I can't bring myself to an iPhone, but I'm leaving.
Google's increasing anti-user posture is enough, personified by the removal of their slogan "don't be evil". Legal move though it surely was, it's all too fitting.
I respect your feelings, but with respect to one of the factual details you listed: the "don't be evil" slogan never got removed from Google's Code of Conduct.
That document has been reworded and the slogan is now at the end, but it's been there continuously. While I agree it's more of a passing mention than in the old wording, the end is one of the most prominent placements possible for such a statement other than the beginning.
The common Internet belief that they removed this came from the Code of Conduct of Google's new parent company Alphabet, which says "Do the right thing" instead, combined with the subsequent rewording. But Google's still applies to Google as well.
I'm thoroughly embarrassed to have regurgitated internet gossip without reading the source material.
However, as you mentioned, I stand by my sentiment. Google has clearly telegraphed their desire to put making money over users privacy and security (my definition of security being safe from Google, whereas Google's is safe from everyone BUT google)
To attack this issue from Google's side, the targeted ads I receive are straight garbage. The ads I get on my Google YouTube account from my signed in chrome Google account on my signed in Google phone are not in the least bit relevant to me or my interests. I don't use ad blockers of any kind. If I have to watch the ad about Dr. Gunter zolof solving Carmichael's toshent conjecture one more time, my phone might suffer an "accident" and I will take that opportunity to switch to a different provider (ANGRY SIDE RANT: I haven't watched that ad to completion or clicked on it a _single_ time. Stop showing it to me. 50 times. Consecutively)
Hop on https://www.gandi.net/, choose a domain name that looks professional (such as mylastname.me or some other clever variation) and never have to ask that question again.
I had the same mindset as yours perhaps a year or two ago, until I realized a couple of things that completely changed my mind. This is a little off the main topic but you see, when it comes to privacy, we like to think that we have it in our control but in fact we don't. As Snowden has proven, what the NSA is doing is far worse than Google. You just don't know it because it's completely hidden and sealed off from the public. But why do they have to conduct such extreme level of data mining you ask? Well, we are not living in manufacturing age anymore, that was maybe 40-50 years ago, we are living in an information age now. Everybody agrees that information is the new oil or the new currency. For the United States to continue being the leader of the world, it would be absolutely foolish for anyone to think that they don't have a complete and total full control of this key component.
The public needs to start changing their mindsets and begins to accept that all information in your private life is being recorded. The only important aspect that needs to be questioned is to what extend the data is going to be used. Are some companies not going to hire you simply because of something you did in your private life three years ago that they may not agree with? That would be unacceptable to me as it would definitely cross the line. It is what I consider similar to the "social credit" system being implemented in China, in which everyone is under surveillance at all times and given scores for activities such as grocery shopping. There are always two sides of the extremes, and the balance we should strive for is somewhere in the middle.
It's impossible to ask U.S companies like Google not to conduct data mining on their users. How do you expect them to compete with companies in other countries that monitor their users 24/7 and have access to larger and more accurate data? In the age of information and artificial intelligent, those companies will win the battles simply because they will have better insights that Google won't ever have. Companies in the West cannot readily admit what they're doing because the public mindset is not yet ready for this change. It's too drastic and against many values we have been familiar with our entire life. But our world is changing very quickly, it is not the same world as before, it's understandably very difficult for most people to wrap their head around this but we need to update our mindsets even if that means changing our values. Companies like Google cannot disclose what they do because of public backlash they will receive. If people are just going to switch to another company, all their investments will have been lost, and the next company will be forced to do the same anyway. Google's recent move was probably the best way to test out public water, and it is already not looking very good. I don't know if governments from the West will ever be able to crack this issue.
What? I should just ignore Googles harvesting of my data because "everyone does it"? That's ridiculous.
Also, why do companies need to "compete"? There's no reason that core software like internet browsers or operating systems need to be commercial in the first place. I will happily continue using Firefox.
I understand your logic and I fully agree because I was on your side. If there really is a choice nobody would want it to be this way. Unfortunately our current world is not a utopia.
Let me give an example, suppose no countries on earth had nuclear weapons. We all know how deadly and devastating its effects can be to humankind. Let's say initially all nations agreed that it's bad for all of us and nobody should pursue it. However, if ONE country broke the contract and started developing nuclear weapons on their own. Do you think the remaining countries can afford to stay at their same positions and not start developing it too? Once someone starts doing it, all bets are off! You can apply the same logic to any unethical technological experiment, such as cloning human. Google really had no choice, if they don't adapt they will be out of the game within the next 10 years.
But the tech-savvy community has influence. We set up computers for our friends and families. We write IT policies. We are web developers, tech reporters, and more.
At least for me, Google's behavior means that I can no longer recommend Chrome.
I can't imagine the impact is significant even if we consider two degrees of acquaintances (you tell someone to not use Chrome and they tell someone else).
Fortunately it's not. On average people are only about 6 degrees apart, so in reality a relatively small number of people can get a surprisingly large amount of coverage in a frighteningly short amount of time, should they choose to apply themselves.
The world is very small, and privacy is a mainstream concern these days. The impact of one story or one action is limited, but in the end, users do get their say. Otherwise, we would still be using Internet Explorer.
Maybe not in a few months, but things like this are funny. People who were looking for a reason to leave Chrome may use this to justify it, and while it may be a small audience, small audiences can be trendsetters, especially if they are passionate.
Much like the slide from IE and FireFox to Chrome, by the time Mozilla and Microsoft reacted, it was already too late. Time will tell if this is the start of such a momentum flip or if it's just another blip.
Part of Chrome rise to success was, on top of its (at the time) superior performance, the massive marketing from the biggest advertising company in the world.
10+ years ago, techies were the trendsetters in computer technology, because computers were hard to use.
Now computers are easy to use, and the massmarket does not need to rely on techies for guidance, and non
-techies can be early adopters. The general public relies on mainstream popular culture / fashion influencers.
I would take a small bet. We're the trend-setters in technology. We're the ones who got everyone on Chrome to begin with. Otherwise they'd still be on IE. If all the tech people abandon Chrome, they will start recommending FF or IE again and discourage Chrome use. The impact is slow, but it is significant.
>Because they’re not “dying on a hill” at all, because nobody cares. Nobody outside Hacker News and Twitter infosec people only followed by other Twitter infosec people cares about this.
Ever since I updated to 69 I've been absolutely loving it. The most noticeable improvement is it feeling incredibly faster, but as someone who's been using 4-5 profiles on Chrome for over a year the new user management stuff just feels so much more intuitive/integrated.
I was super surprised to see people complaining about it on HN this morning, and I'm still not entirely sure what the problem is. FWIW, I also severely disagree with a lot of the implementations of GDPR, so maybe I'm just not the audience who cares here. To me, this update has been nothing but improvements so far.
I wrote elsewhere that Chrome 69 marks a big change for the browser world.
Chrome 69 is simply the best. Not for me, but for the average user. The reading and work flow is incredible for casual browsing.
The negative reaction on HN is understandable, but it's not relevant for most people.
The goal of Google is merging the user experience of Android, Chrome, Google search and personal Google accounts into one, and it will get increasingly difficult for users to get out of this ecosystem.
I find this reality highly disturbing, but, as you mention, the average user is impartial if not completely ignorant. I think Google is very clearly exploiting both its monopoly and this end-user ignorance to centralize and control all aspects of the web and user devices. It's not far-fetched to consider that soon there will be no OS on the PC, but rather just Chrome as an interface to everything Google and the web. And so controversy like this is momentary and seen only in a vocal minority, quickly forgotten. Just a couple months ago, Chrome was found to be scanning user files for malware - this was quickly forgotten, probably even by the very same vocal people discussing Chrome on HN today. At this point, it's almost faux outrage.
A lot more "lay users" will care when random sites they visit start picking up their Google identity and showing it in the web page, all because the user signed into the browser. This is what it looks like: https://imgur.com/a/nFvxI0U
Assuming this isn't fixed, the ick factor of being in-your-face followed across the web will be quite strong, I think.
Just a small meta-point that betting is a great way for both sides of a debate to tone down rhetoric, engage in dialogue, and discuss objective terms or processes for evaluating a disagreement. It looks like another commenter is taking you up on the bet and I hope neither of you were being sarcastic, because I think betting isn't something to joke about but a wonderful tool that we don't use often enough.
>"Because they’re not “dying on a hill” at all, because nobody cares."
You are conflating "don't understand" and "don't care." Those are not the same things at all. This conflation seems to be a stable of Big Tech now where matters of privacy are concerned.
>"Nobody outside Hacker News and Twitter infosec people only followed by other Twitter infosec people cares about this."
Awareness of issues and a dialogue concerning them generally starts with people have domain-specific knowledge. The idea that this somehow detracts from an issue's importance is absurd.
I personally know people who think they are signing into Chrome when they sign into google.com. Maybe the Chrome team is right about their larger user base?
They could support both use cases by popping up a dialog on sign-in to a Google web property:
"You're signing into Gmail. Would you like to link Chrome to joebloggs@gmail.com? This will enable automatic notifications in Gmail, sync passwords and web history, and also automatically log into other Google websites when you visit them".
You're on the right track but it'd probably be a modal popup with "Google is making things better by inventing foo and elevating bar to the height of technology, as part of this change we'll be cloudifying some technical data. [Accept and Continue?]" with a teensy tiny little x in the corner... possibly burying all these in a EULA update.
I’m thinking just a banner along the top of the viewport with “Dismiss” and “Learn more…” buttons. The latter pops up a window with a small gray “More options…” link at the bottom, which invokes a modal with the options “Continue signed in as Alice” and “Manage Profiles…”, the latter of which allows you to disable syncing while simultaneously deleting all your local bookmarks and browser history.
These last couple of comments were probably some exaggerating pun... But after this story I was running privacy checkup, surprisingly found that my location history was on (after turning it off several times long before, which is a separate question why it turns on), turned it off again and then got 404 when trying to delete it. All this in a labyrinth of often circular links without much clue where the actual switch is.
Judging by all those post-GDPR popups I frequently receive the text would also contain some text like “by clicking ‘accept’ or ‘X’ you consent to XYZ.”
> This will enable automatic notifications in Gmail
> sync passwords and web history
Chrome 69 does not enable either of these things just by signing into Gmail. (Sync being a separate opt-in has been well discussed. I just tested notifications on a new profile: they're not automatically enabled, and if I try to enable them in Gmail settings, I still get the usual browser permissions dialog.)
> and also automatically log into other Google websites when you visit them.
...and this one would happen regardless of any browser involvement.
I’m still not clear about how exactly this new feature is decoupled from sync. Where is the source of truth for the sync setting — is it in cloud or locally in every browser profile?
If I have chrome sync enabled in browser on desktop a, then login to gmail in chrome on desktop b — is the browser history on desktop b now synced ...?
Also curious whether sync implies that old browser history in desktop b is synced to my account or is it guaranteed to be the case that “only browser data collected while logged in” is eligible for being synced between devices ...?
The question is, what about other sites? Do they also think they're signing into Chrome when logging into amazon.com?
Google services are getting preferential treatment over the rest of the web on a browser with a market share big enough to be subject to an anti trust case. Vestager must be licking her lips right now...
I expect this is the case... I know I myself was thinking a few months ago why Chrome doesn't have the ability to keep the logins in sync. However, why in the world did they enable this by default for people who didn't want their browser to do anything with their Google accounts? It would make sense to keep them in sync when users request to connect their browsers to their accounts, but not when people don't want the two to be connected at all.
I don’t doubt that the Chrome team is right about the problem the majority of their users are facing. It’s just that those users are also unaware of the privacy implications, and supplanting a bad problem with a worse one ain’t a fix.
Safari doesn't do this (it's part of iCloud, which syncs all docs, not just Safari), and Mozilla doesn't tie signing in to website signing in. I do think this is quantitatively different, esp. considering Google's near monopoly on email accounts.
They are tying website login to browser login, with the intent of merging the two - that's the problem.
To users are Google who are fully invested in that corp having total control of their online life, this fuss will seem quaint and odd, but I do think it will have serious implications long term - people are turning away from search too for similar reasons - abuse your monopoly enough and people will actively seek out other options.
I've been considering switching over to Firefox after being a day-one adopter of Chrome and this helped become a tipping point to get me to switch over. Though, full disclosure: I've been working to limit Google services in my day-to-day life (Maps, Gmail, and now Chrome) in the last couple of months over privacy concerns.
I've been using Firefox for quite awhile as my primary browser. I'm now to the point that I only use Chrome for checking websites I'm working on. I've had no complaints about Firefox. For me it is fast and stable.
After reading a little I randomly plonked on Brave. Selfishly, I wanted to know if our stuff worked on it- encryption, chunking etc. To my joy, it does and.... Brave is pretty cool. Converted.
I have noticed Xero doesn't work on Brave. Not my product so not so concerned but I'm going to investigate to see what Xero is doing that we are not. ie why my dev's stuff works and xero's does not.
> I really expect this change to push a lot of people away from Chrome
Agree with you up until this point. The vast, vast majority of people won't even notice this has happened, or really care much.
Anecdotal of course, but I haven't heard a single complaint among my non-tech friends, and I'm usually the first person they talk to about this stuff (because I'm "in tech"). I also believe Google when they say this change results in a lot less confusion from users (and just so happens to be a strategic benefit for Google, too...)
Not that I want to advocate for Google, but I imagine you could create a Firefox extension that works something like that into Firefox's sync mechanism. It sounds like they're scanning a cookie and then using that to change some other aspect of the browser; unless they've also added some stuff that only Chrome could recognise and work with.
Now I've done making an excuse for it, I think it's a shame that Microsoft fucked up so bad with IE that both Edge and Safari face an uphill struggle. They're both pretty decent browsers that are kind to your battery and aren't bloated with features you're unlikely to ever use.
The extension support is fairly poor for both but at the same time, that's not exactly a bad thing. You browse the web with them and that's more or less it.
>I don't understand why the Chrome team is picking this hill to die on- their team (managers and developers) are all over twitter and reddit trying to explain the privacy violations away as if the people upset about this are just not understanding what's going on.
Yeah...and that thread says that the change is basically nothing, just a UI indicator:
> Q: I don’t get, though — if you’re signed in to the browser but sync is off, then what does it mean to be signed in to the browser? What does it do besides sync?
> A: Not much, you can think of it like a Gmail login state indicator.
If that's fully the case, then there's nothing to see here and people are freaking out over nothing. Am I missing an important element here, other than that people don't trust Google?
@__apf__ is being slightly disingenuous when she says "Not much ... like a Gmail login state indicator." Google logins are used across the web by a lot of sites. For instance here's what happens when you visit an Indian financial paper, the Economic Times, using Chrome 69: https://imgur.com/a/nFvxI0U (some personal info has been blurred out).
I almost never visit the Economic Times, and I certainly never log in, but now it gets a chance to log me in using my 'real' identity, and there's even a popup to nudge me in that direction. Any site that implements Google Logins can do this, as far as I can tell. I'm pretty sure most people who chose to enable browser sync in Chrome didn't opt for this.
I think the Chrome team really screwed up on this by not considering how Google IDs are used across the web. And for what? The rather marginal scenario of eliminating confusion in shared-browser situations?
Or they knew the full implications and did it anyway, which is even more disturbing.
It all makes sense if the end goal is for the browser to push google login across the web, and make google accounts the preferred way to log in to websites. In that case they're doing you a favour, it's all in your best interests, as well as Google's of course. [/sarcasm]
I simply don't trust a single corporation that much.
They are not doing me a favor. Software companies need to stop believing their own paternalistic propaganda. Nobody at Google is in a position to determine whether they are doing me a favor or not.
It's not the case though. Google's privacy policy has two different "modes" for Chrome, one for being logged in and one for being logged out. By tricking people into logging in without their consent they are also tricking people into allowing that extra data to be collected.
Their current argument is that they aren't actually collecting that data- just getting permission to- but that's kind of sketchy and still leaves them open to other changes that do start collecting things.
The other big issue people have with this is that the use case they're talking about- accidentally logging into a site and not logging out- is an issue with all websites, not just Google. Adding a UI for Google services explicitly is something only Google could do, which makes their browser less "neutral". This is why people keep bringing up antitrust. By taking advantage of their monopoly to further entrench that monopoly they are breaking the trust of their users.
You're misreading the privacy policy. Google's privacy policy has two modes, one for sync on, and one for sync off. Logging into Chrome does not turn sync on, so you can be logged into Chrome and still covered by the "basic" privacy policy.
They aren't actually collecting that data because you haven't turned sync on.
Yeah, well, but what keeps them from silently changing that, seeing that users are already logged in? The UI for the sync preferences is sketchy at best as it is right now and you're basically just one misclick away from handing all your browsing data over to Google.
It's almost a certainty that they will continue down the slippery slope and start syncing data automatically in a future update. That sort of change has happened several times, so there is precedent.
Reducing their userbase is exactly their aim. They are doing that the only way possible that won't bat an eye.
Firefox has to grow so that chrome is no longer considered a monopoly.
I believe there is a purposeful propaganda war being directed against Google and Facebook here on HN and elsewhere in the media. I am not sure who is behind it, but my best guess would be Russia or China as they would have interest in this. Most of these posts against them are very flimsy, but they get huge upvotes.
I can see why they thought this was a good change. It makes the UX for G-suite apps much more pleasant, almost like you get the full functionality of G-suite productivity stuff as part of installing Chrome. For most people, that's a good thing.
I think as tech people we systematically tend to under-think the second-order effects of the systems we build. Case in point, Chrome and G-suite being that closely integrated brings up serious privacy concerns, and the part where the Chrome team doesn't seem to appreciate the nuance reflects poorly. I do cybersecurity now (didn't used to), and a good number of problematic things I run into just come from engineers like my previous self not thinking through the security implications of a specific design, mostly because not thinking about security means shinier UX delivered on less resources.
Just another example I encounter regularly: I use U2F to sign into my Google accounts. However, when you log in, the checkbox to "trust this computer" is checked by default, meaning that if you're not paying attention your account will get automatically downgraded to single factor authentication going forward. It's a clear nod to convenience, but done this way it makes you shoot yourself in the foot.
I can see why they thought this was a good change.
It's a good change only if you are permanently logged in to google services, which is probably why it seemed like a great idea to the Chrome team, who probably have no idea how much distrust Google has started to build up. It moves the browser closer to an app runner for google services - I'd understand that if this was on Chrome OS or a specific 'Google' app, but in a general purpose browser the browser chrome should never indicate login state about specific websites, nor should my browser be logging in to google itself. It was bad enough when that was a choice for users, now it is one policy change away from being obligatory.
This is how we end up living in a world where google has access to all your data. I've switched browsers due to the move, not just because of this specific action, but because combined with all the other dark patterns Google has engaged in recently, and their clear moves to abuse their monopoly in search, it tipped me over the edge.
I no longer use google search (have been using ddg for a while), and now no longer use google browsers as a result of their disregard for user privacy.
Just use different browsers for different things man, this isn't even hard. I seriously do not understand the outrage over this. Half the websites we visit host their fonts on Google domains, where is the outrage over that?
No, I definitely meant "your account". Specifically, I meant that you will accidentally trust devices you log in on that you might not be aware of, which exposes your account to unintentional reduction to single factor. I don't only log in at home.
If Google switched it to not trusting by default, you could still trust whatever device you want, just without the risk of a default behavior working against you.
Yubikey still saves you from a PC malware but I would suggest anyone not to store your yubikey besides your computer (or laptop bag) but to attach to your phone/keychain so it's on you all the time since it's safer that way.
If someone breaks into my apartment, I have more problems than losing my Yubikey. And my threat scope does not include agencies that would get my passwords AND be able to break in and steal my key. And if it did, I would think they could just take it from me.
Chrome has been the new IE for years. "just use chrome" is an endless refrain from webdevs who don't want to test on Firefox. Not sure why it is so hard for people to see what is going on here. Google has a massive conflict of interest with their web development efforts. This is classic Microsoft-esque Embrace, Extend, Extinguish.
That's a bad example. In technical progress, Chrome is the complete opposite of IE (which seems to be replaced by Safari these days) and way better than the rest in pushing forward new features. Also 99% of the time Firefox and Edge work just fine.
EDIT: Yes, IE was great in the beginning, but then it stagnated and earned the wide reputation of being terrible obsolete anchor that it is now known for. It's with this late-stage IE that I don't see the comparison since Chrome is still on the cutting edge.
Some of Chrome's decisions are definitely IE-like.
For example, the FF team felt that flex/grid should become the new layout standard, and deprecated or accidental behaviors of the past could be sunset by doing it right on Flex/Grid. So, for example, margin-top: 10% would be percent of height instead of percent of width when on a flexbox or grid item.[1]
Chrome did it their way and wouldn't discuss the issue, and eventually FF caved because Chrome has a near-monopoly.
This idea of implementing bad design and forcing it on the world, won't end well for the user.
Not to mention the whole recent hullaboo about hiding the www / m / whatever prefixes.
IE at its core was technically very advanced, way faster than Netscape, and pushed a ton of new features.
Dynamic HTML as it was called, CSS, encryption, and so much more stuff came to IE before any of the competitors.
Then it became the IE6 we all came to know. The analogy with Chrome starting as a trail blazer and progressively taking the same trajectory is perfect, really.
That is known, but the point is that IE stopped. That has been reported somewhere, can't find a useful link right now but I remember the discussions. It was reported - and what was observable matched the description - that as soon as Netscape was out Microsoft stopped pretty much all their efforts, and IE became the laggard that due to its market share prevented innovation and became a huge obstacle for quite a long time, until loss of market share and the rise of the web app forced their hand.
"Being on the cutting edge" is exactly how Embrace, Extend, Extinguish [1] works. The "cutting edge" is the "extend" part. When Google uses their market position to make their desired functionality, service or standard the new hotness other vendors have to either adopt that standard or be left behind. When those standards are something Google themselves created that benefits them directly (and harms competitors) they are extinguishing those other vendors.
This is directly out of the Microsoft playbook and is why IE became as despised as it is.
What standards of Chrome are harming competitors? We have a lot of major progress in web standards because of Chrome going first and getting it done. Even Firefox has built novel new rendering with a brand new language.
Meanwhile Safari and Edge continue to lag behind with basic features. Either way extinguish only works if there's no ready competition, which is not the case here for the majority of users.
That's a bad example. In technical progress,
Chrome is the complete opposite of IE
When IE started to _gain_ internet share it was a paragon of technological development. It was far faster then navigator, more reactive and performant.
Only little-by-little did Microsoft start adding in features no other browser supported. By the time the mid-late 00's roll around and Chrome was released. IE was this red-headed step child, with a lot of unique Microsoft only extensions.
Chrome is walking the same path, a technological superior browser slowly breaking compatibility with the rest of the web. But in such a way that developers _arent too unhappy_, but enough that most business users, and home users keep using it.
Saying Safari is the new IE is a short sited look at only the tail end of the problem from IE7 or so out. When IE was this slow laggy thing people kept around from Windows XP. Instead you need to look at Chrome like somebody would look at IE4 compared to Netscape Navigator. Sure IE4 breaks standards, but custom webfonts, OpenSSL encryption, ActiveX containers! All these new tools developers can use to make a richer more interactive web experience!
Bill Gates wanted their browser to be the best, but also wanted it not good enough to replace desktop apps. However the right hand didn't know what the left hand was doing. The Outlook team was told to make a web version. They got the IE team to add XMLHttpRequest for their use, everyone implemented what they needed to, then went home and forgot about it.
Then Google recognized what the feature allowed, and used it in gmail and maps. The rest of the internet said, "Wait, what, you can DO that?" Studied it, popularized the technique as AJAX and the rest is history.
Gmail was not even close the the first Ajax based email not by MS. Oddpost which later became Yahoo mail (Yahoo bought them to upgrade their mail) preceded Gmail by a few years.
This origin story of XMLHttpRequest being an afterthought explains why the class name has inconsistent capitalization which interestingly enough I never noticed until now.
> It was IE who added XMLHttpRequest and invented AJAX
...in 1999. Then IE6 was released in 2001, and then Microsoft scrapped the Internet Explorer team and didn't release another browser for 5 years, leaving us with 90%+ of users stuck on IE6 bugs and non-standard features.
... which occurred during/after the anti-trust case against them (which led to Bill Gates stepping down as CEO). If we wanted to be honest with our commentary, you would have to realize that to compare apples to apples, you have to compare Chrome to IE 3-5, not IE 6.
XMLHttpRequest was nice but hardly necessary, you could do same thing with frames. Just another little trick so Outlook Web Access would suck on the standards browsers. Oh, and of course it required ActiveX for no reason but to limit it to the Windows platform.
> "just use chrome" is an endless refrain from webdevs who don't want to test on Firefox.
Not at all. I used to start developing while netscrape was still a thing. Chrome is (and it was) a bless for developers. I try firefox like once a year and see no reason to switch.
THe actual case is also no reason to switch (for me) but ill watch it.
This seems to reinforce my statement? Chrome may be easier to develop on but that means sites break on Firefox or other browsers when Google differs from those other vendors. Google abuses this market position and developer preference.
Safari is the new IE, Chrome has been responsible for a huge number of positive changes in the browser landscape.
I develop in Chrome because that's where the majority of our conversions come from.
I (my QA team) also tests Safari, Firefox and other browsers where a significant number of conversions come from. I never heard "just use chrome" in any professional environment.
Same was true for IE, IE for instance pioneered asynchronous requests (which is pretty much the norm these days) and things like that - still was a bad browser though.
I think the difference is that IE stopped innovating once they had the market cornered. Chrome is continously on the cutting edge of features and specs, even after it became the #1 browser.
This reinforces my point about "just use Chrome". Google knows devs like Chrome and they make it easy because if more people use Chrome they can abuse their position to shape the rest of the internet to their preference. Why do you think they put energy into Chrome at all if not to get more eyeballs on Google services?
What I find troubling about this incident is not so much the change itself, or even how quietly they did it. It's the doubling down when users became critical. Rather than a "Okay wow, we clearly misunderstood the impact of this change and regret pushing the change without proper announcement or informed consent. We'll work to fix this." the messaging feels much more like "You're wrong to be upset. Trust us."
I think it's worth remembering that the userbase of chrome is huge and largely non-technical (i.e. they're not going to be on hn, twitter, reddit etc. voicing their opinion on the privacy implications of this change). What if for that big proportion of people the change is a net gain? Should it be reversed because the change is a net loss for a small subset of people?
> My teammates made this change to prevent surprises in a shared device scenario. In the past, people would sometimes sign out of the content area and think that meant they were no longer signed into Chrome, which could cause problems on a shared device
I can see why there is pushback against this, but the issue described above is also understandable. There are valid reasons why "average" users would rather have this, and having unsynced or completely mismatched logins between Chrome and Google sites can lead to confusion for many who don't really see or care about a difference between them.
However it would be best if Chrome kept the settings to disable this. It doesn't make sense to remove those flags when they also have a large technical user base. Seems like good intentions but misjudging the impact of the decision and forcing it on everyone without recourse.
Except this doesn't actually "prevent surprises in a shared device scenario" for the web, in general; it does for Google sites and services only. Logging in to Facebook or Amazon or my personal blog does not show up as a browser indicator, nor does logging out of the browser also log one out of Facebook or Amazon or my personal blog.
This makes Chrome less of a browser and more of gateway to Google services that happens to include a browser. Which will also trick non-technically-savvy people to accidentaly share their non-Google logins when sharing computers/"browsers".
People are perfectly capable of distinguishing between browsers and websites. For example, users have no problem logging into Facebook with Chrome.
Auto-signin only adds confusion. Many (most?) users have no reason to associate their browser with a Google account. This is something that Google is pushing unilaterally, just like Google+/YouTube integration. As an advertising company, they stand to benefit from more accurate user tracking.
Capable? Sure. But probably not interested in the difference.
Again, the Chrome account is your Google account so you're not associating anything, you're just logging in. It's different than any other example where the website has a different account. Signing in to Chrome and then into Gmail is not what most users would expect because for them the browser really is just another Google service.
There seems to a big (and sometimes willing) misunderstanding from HN/tech users about the mainstream population who just want things to work.
> The big difference is that your Chrome account is your Google account, unlike any of the other sites you mention.
Then Chrome should be just a Google Services Client app. It shouldn't pretend to be a browser. It shouldn't allow one to log into "any of the other sites", in the first place.
Yes, it's a joke. The problem of multi-user devices has already been solved, and in a manner that works for all applications and sites, not just Google's.
In other words, the given motivation for this change rings hollow.
They could have simply put a note on the logout page. "You are now logged out. If this is a shared computer, don't forget to log out of your browser profile and any other sites too."
Their excuse sounds like parallel construction, as I refuse to believe one of the top IT companies in the world can't see why this solution is so bass ackwards.
They know exactly what they're doing, and it's the reason I went from a huge fan of Google products and early-adopter/beta-tester of everything possible, to scrubbing their existence from my and my family's life.
I am baffled by The particular Article 25 of GDPR is rarely seriously and meaningfully discussed in practice, not least because probably still almost nobody actually knows what the “data protection by design” even means.
This seems to be a confusion straight out of a five-stages of grief denial of GDPR principles.
Let's work this through:
Step 1: Are you collecting personal data?
Step 2: If so, are you obtaining consent prior to collecting this data?
Step 3: Are the instructions to the users transparent and understandable?
Step 4: Is your system designed to handle these?
Or is it hard, and since we haven't had to do it before, I would like to get out of this requirerment?
Hi, original author of the linked post here. Thanks for the input. However, consent is not related to the concept. In fact it's more about taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.
Additionally, the controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
As a Googler with no connection to the Chrome team: I'm pretty sure they made this change in good faith and are shocked people don't like it. Just imagine yourself in their shoes: wouldn't your first instinct be to explain yourself?
The Chrome team has been shocked about a lot lately.
I give them the benefit of the doubt on their intentions (although I'm less sure about upper management). But regardless of their intentions, they need to get better at thinking ahead.
Situations like this are always a little complicated, so I don't want to oversimplify or claim that they should have been psychic. But... it really shouldn't have been hard to tell that people would be upset. I kind of feel like if nobody on the Chrome team could have predicted this, then the Chrome team is seriously out of touch with users.
I mean, heck, the change contradicted Chrome's own privacy policy, which had to be updated after the fact. Is there seriously no process to check stuff like that before features ship? How is anyone supposed to trust Google's privacy policy when any team can break it inadvertently and it takes a Twitter thread weeks later for them to find out?
The Chrome team has a nasty habit of simultaneously saying, "just trust us, we're experts, we know what we're doing", and "there was no way we could have predicted that users would be upset by this."
There is a process where external launches need to be approved by a separate privacy team. If you're certain you can do a better job, you can find some listings on https://careers.google.com/ (just search for privacy).
"Somebody should do a better job!" "Why don't you try yourself?" Seems like a somewhat reasonable train of thought. A lot of good things can come out of outrage, as long as people are willing to take action (no, I don't claim going through Google recruitment to be the optimal strategy, but it is an option)(I actually got my first job as a result of my technical complaints, obviously not in Google).
> "Somebody should do a better job!" "Why don't you try yourself?"
This argument makes sense when you're talking about a problem that one or two people control rather than a large system with higher stakeholders who may not have interests aligned with your own.
But I'll assume you're right for a sec. Let's assume that Google cares a ton about making sure their privacy policy is consistent, but it's just an insanely hard job and nobody could do any better.
Why does that matter? In that scenario, I still don't trust your privacy policy. I don't care whether it's inconsistent because people are incompetent or because the problem is hard. In either case, the privacy policy is unreliable. If I can't trust it in Chrome's case, how can I trust it in Gmail's case, or in Adword's case, or in any other product?
In a way, saying it's a hard problem is even worse. I would have felt better if you had come back and said, "oh, the Chrome team is just uniquely incompetent, but everybody else has got their stuff together."
My thinking is more in line of: if privacy team was bigger, it would intuitively have a way easier job keeping tabs on all the developments. However, that's a job without talent attractors like glamorous launches. When you're sailing smooth, nobody knows you exist. But when I mention they're hiring in an incident, I learn this is the wrong time to mention them.
But then again, I'm neither in privacy team, nor Chrome team, know no specifics of this case and can't really argue any position (note how I'm neither defending nor condemning the issue of OP). Just pointing out generalities that I don't see mentioned.
If Google's privacy team is understaffed or doesn't have enough resources to do its job, we should have a conversation publicly about that. I get where you're coming from, but Google isn't a company without resources. In this specific scenario, where there is an actual power dynamic at play, it's not enough to just say, "well, people should get involved." The people who get involved are not the people who are making long-term decisions about process.
If Google itself isn't acknowledging the problem, or worse, if Google is actively thwarting or working against its own privacy team, then anyone who gets involved will also end up starved for resources or moved to other teams. Google is not a level playing field for people who want to change the system from inside.
So it's not wrong at all for you to bring this up during an incident. But if we take the premise that this incident is the result of one of the largest companies in the world starving its own privacy team, not paying enough to attract talent, or not giving them enough input into internal processes... well, that's honestly something that needs to be discussed company wide. That's a very serious situation.
And if that's the case, users should be distrusting Google's privacy commitments until it has that conversation. The first step to fixing a problem is acknowledging the problem -- you won't get anywhere trying to fix a system that doesn't want to be fixed.
From the responses that have come out of Google regarding this incident, it doesn't sound much like it wants to be fixed. Changing that is the first step. Hiring people is the second.
By all means, let's talk about Google's privacy team. I am all for that. Let's get productive. But let's get actually productive. Let's have an open, public talk about management and resource allocation, and why the team is understaffed. From Google's AI/self-driving divisions, we know what it looks like when the company gets serious about attracting talent. And we know it has the resources to do so.
Even if any of us was lucky enough to be hired, we'd still have to follow what the leads say and not rip out every bit of intrusion and data gathering in chrome (harder than I can imagine) less we get reassigned or sacked. I bet there are plenty of devs there who already have their reservations but for obvious reasons not publicly vocal about it or had their views dismissed for again obvious reasons.
If that's true, then the Chrome team is severely insulated from their critics. Chrome's "Sign-In" feature has been on lists of features that privacy advocates have recommended avoiding for years, and watchdogs have consistently raised questions about Chrome's data collection policies and practices.
As a Googler, you should encourage your colleagues to read negative and critical coverage of your company and its products. It might be eye-opening to many of them what people actually like and dislike about the products they're building.
I already do. There is a strong internal culture of argument and we do tend to use critical news, forum or blog posts as anecdata points. The higher quality and quantity of external voices on a subject, the better argument can be made one way or another. So please keep them coming, but do remember that usually the best result of those is starting proper research into the topic, which then can show that the best for the 99% still lies the other way.
Is it really that what's best for the 99% lies the other way? Or is it that Chrome has so many users that there will always be a majority that don't care about the latest privacy violation Google has forced upon 1/6th of the world population?
When you have 1 billion users, I think it's easy to say that "most of them are better off" with whatever, because there's no possible way that you'll ever have a majority of your 1bn users arguing for or against anything. This is why watchdog organizations exist, and why they're so important.
Doing the "right thing" for 99% of your users isn't actually the right thing if it does harm to your most vulnerable users.
It's called confirmation bias. They are looking for positive evidence confirming how awesome they are and are blind to evidence of the contrary. Not only are they blind but they seem genuinely confused why people are disagreeing with them so much. From the outside this is an obvious PR disaster. It shouldn't need debating. It's that bad.
I imagine the internal mailing lists are going to be a fun read the next few days. I was on similar mailing lists in Nokia when the iphone launched. I'll spare you the details but Nokia suffered from a similarly bad case of confirmation bias and it was decision making based on that in the years before and after that ultimately led to them getting out of the phone business entirely a mere 7 years after being the dominant market leader (and not by any small margin). Confirmation bias kills companies.
Anyone from Google/alphabet still capable of making a difference reading this, here's some free advice: sort out your management ASAP. This is one of those issues that stems from a lack of leadership. Heads need to roll, especially the ones doing too much nodding. I'd start at the top. I've had my doubts about the current CEO for a while. Too invisible and stuff like this keeps happening on his watch. Also the product portfolio seems a mess lately. There's something wrong there and current leadership is part of the problem.
Sure, from more junior engineers. I'd expect senior engineers to know about the value of stopping and listening, first. So far, I don't see any signs of that. The reactions are looking at this as a purely technical issue, and that's only part of the story here.
I think it's unlikely that the Chrome team will revert their decision. This will annoy people for a few days or even weeks, but people will eventually accept it.
That's just how you make unpopular changes these days.
Maybe the EU will do something about it, but this will take years.
I also work at Google though have nothing to do with Chrome.
This isn't "clear" to me. There are certainly complaints about this change within HN, but there are also people here saying that they appreciate the change, or that they're ambivalent.
But the more important part of things is that HN has what, maybe 10000 active users? Chrome has over a billion. Even if every HN commenter was vehemently against this change, that's less than 1% of 1% of Chrome's user base. If this change makes the browser better (using whatever metric you want, I'd argue the correct one here is privacy), even marginally, for the average user, at the cost of a few people believing that the browser is behaving badly, that seems like an overall good change, doesn't it?
And that seems to be what the Chrome team is arguing, that while some "abnormal" users might see this as an attack on privacy, it isn't, and it's a privacy increase for the uninformed user.
I think I've seen exactly one potentially compelling argument, which is that it may now be easier to accidentally enable syncing when you don't want to, since its a single click instead of entering a password. That might be true, although I'm not 100% certain, since I've logged into the wrong chrome window before, and that would have enabled syncing in a previous world.
First off, since it applies to people logged out of Chrome and it forces them to log in it increases, not decreases, the chances of someone accidentally leaving their account available to others on the machine. Since the sync button no longer requires a password this means someone can log in at a library to check their email, walk away, and someone else can step up, hit the sync button, and steal all of their information.
They've just made people less secure, not more.
But lets take your argument and assume it's right. You could apply the same logic to every website on the internet- Amazon, people's bank accounts, phone companies, etc. Google is therefore abusing their status as the browser developer to give themselves special functionality that other websites can't give. This should open them up to a variety of antitrust actions (particularly in the EU).
At the end of the day this could have been done by letting people opt-in to the login. Add a button on the google login sites that say "log into browser as well" and let the people who want it click it.
Just anecdotally since I used to manage the computers at a public library, we did have time software that would reset the computers back to a clean state after they either were done and clicked "end session" or they left it unattended for a minute.
I'm still against this Chrome change for the same reasons, but I would hope other libraries do the same thing as we did. From my experience library tech people are usually really privacy focused.
I wouldn't expect copy shops or internet cafes to do so as they're private/profit focused entities, and I definitely wouldn't lump libraries in with them.
As a public entity we had a mandate to protect user information and make sure it wasn't stored by us or accessible by others. This applied across the organisation from what books someone checked out to what websites they visited.
Maybe this was just more of a thing in Canada or even Alberta but the concept was definitely agreed upon with other libraries and people in the system I was in contact with. I have read other articles and such from American libraries about protecting information so I assumed it was more widespread.
> First off, since it applies to people logged out of Chrome and it forces them to log in it increases, not decreases, the chances of someone accidentally leaving their account available to others on the machine.
Before, if you were logged into both Chrome and Gmail, you could log out of one and forget to log out of the other. Now, logging out of a Google site also logs you out of Chrome.
> Since the sync button no longer requires a password this means someone can log in at a library to check their email, walk away, and someone else can step up, hit the sync button, and steal all of their information.
If you have access to someone's email account, you can already steal quite a lot of information.
Perhaps I can clarify why this was a terrible decision.
As written this feature enables special privileges unavailable to other website developers via a direct integration with the browser. Imagine if some other company automatically added a feature directly to your browser without your consent. You would be rightfully angry if there was a yahoo/facebook/microsoft widget that you didn't approve being added to your toolbar. What's stopping the chrome team from adding more features to blur the line between the browser and google services?
There are boundaries between websites, browsers, and users that should not be violated. This is nothing more than google putting their thumb on the scale to unfairly influence user behavior in their interest.
How is sending my personal passwords to a server under Google's control an increase in my privacy?
More importantly, doing so without users clearly knowing and consenting to it is a clear violation of GDPR. This is an absolute, not a relative standard. Which means that it doesn't matter how it compares to what things were like before.
This for Google could be up to a $2 billion fine. 2% of worldwide annual revenue - annual revenue is around $100 billion. It would only take 13 fines per year of that size to reduce Google to not being profitable.
So you shouldn't think about it as a question of opinions about UI design. Instead think about it as a question of liability. Do you as an employee want the people working on Chrome to be subjecting your employer to this kind of legal risk?
>How is sending my personal passwords to a server under Google's control an increase in my privacy?
If this change did that, I might be inclined to agree with you. But as far as I know, it doesn't. You still have to explicitly opt in to syncing. Which is a no-op compared to the old behavior.
According to the Privacy Policy (even after the changes from this weekend) this change gives Chrome permission to upload data.
> The personal information that Chrome stores won't be sent to Google unless you choose to store that data in your Google Account by signing in to Chrome.
If what you are saying is true- and will remain true for the future- why didn't they change that language to say something like-
> The personal information that Chrome stores won't be sent to Google unless you choose to store that data in your Google Account by signing in to Chrome and enabling syncing.
Yeah I directly quoted from the privacy statement and the line I quoted is still there.
Seriously though, searched for "signed in" (like, ctrl-f). There's an epic ton of things that they are allowed to do for signed in accounts versus normal browsing even with sync disabled. These are all directly quoted from the privacy policy and do not require syncing to be enabled-
* If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account.
* Payments. If you are signed in to the Chrome browser and you have credit cards stored in your Google Payments Account, then Chrome will offer you the option of filling those cards into web forms. In addition, if you enter a new credit card into a web form, Chrome will offer to save your credit card and related billing information to your Google Payments account.
* Language. In order to customize your browsing experience based on languages that you prefer to read, Chrome will keep a count of the most popular languages of the sites you visited. This language preference will be sent to Google to customize your experience in Chrome. If you are signed in to Chrome, this language profile will be associated with your Google Account and, if you include Chrome history in your Google Web & App Activity, may be used to personalize your experience in other Google products. View Activity Controls.
> * If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account.
Note the "or". If you're signed into Google and you do a Google search, that's stored in your account by default. The only reason signing into Chrome is relevant is that that also signs you into Google.
> * Payments. If you are signed in to the Chrome browser and you have credit cards stored in your Google Payments Account, then Chrome will offer you the option of filling those cards into web forms. In addition, if you enter a new credit card into a web form, Chrome will offer to save your credit card and related billing information to your Google Payments account.
This doesn't suggest any data being sent to Google unless you accept the offer to save a card to your Google Payments account.
> * Language. In order to customize your browsing experience based on languages that you prefer to read, Chrome will keep a count of the most popular languages of the sites you visited. This language preference will be sent to Google to customize your experience in Chrome. If you are signed in to Chrome, this language profile will be associated with your Google Account and, if you include Chrome history in your Google Web & App Activity, may be used to personalize your experience in other Google products. View Activity Controls.
Okay, this is one actual example of signing in causing more data to be sent to Google than would happen otherwise. It seems pretty benign, though.
I don't think you're parsing that first one correctly. Here it is with one of the two principles removed-
> > * If you are signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account.
If you are signed into the browser but aren't signed into Google this states it will still save your search query.
Look in the OP for the phrase "Mistaken synchronisation". You'll land at a section where he verified the steps by which a confused user could easily turn on synchronization without understanding that they had done so.
Note that I explicitly mentioned this as the one consideration that was mildly convincing:
>I think I've seen exactly one potentially compelling argument, which is that it may now be easier to accidentally enable syncing when you don't want to, since its a single click instead of entering a password.
Personally, though, (and I want to highlight that this is just my opinion as a person) I don't think it's a regression. But I can understand why others might disagree. From what I've read, the old behavior was that logging in enabled syncing by default. So accidentally logging in would immediately sync things.
I've certainly made the mistake of logging into the wrong account in the wrong chrome window, so I could absolutely see a user making the same mistake previously.
But even if you disagree, I think "you can synchronize by mistake, so they should add a confirmation dialogue" (which is a change I would support!) puts this firmly into the realm of imperfect UX and not an attack on privacy that should be totally rolled back.
And the aggravating (and potentially harmful) thing is that we can't even approach the discussion of "should we add a confirmation box", which would address the UX issue, if the accusation is that it's an attack on privacy. First we have to have this long tiring discussion where people throw around words like "Orwellian" and "GDPR" and we get to the reality that people are complaining about a whole host of not-really-harmful things, and that the one actually-maybe-harmful thing is a confirmation dialogue.
And yet as a employee of Google the question that you should be concerned with is how this impacts you. Given that GDPR was explicitly intended to punish big American companies for violating the privacy of Europeans, you should read the GDPR carefully from the point of view of, "Would the people who wrote this intend for my employer to get hit by my behavior?"
For a cautionary note, consider carefully how Microsoft got away with losing antitrust lawsuit after antitrust lawsuit and laughing about the consequences...until the EU decided to raise the stakes on them. And then read https://www.cnbc.com/2017/06/27/the-largest-fines-dished-out... to remind yourself how the EU thinks of Google.
Now I personally am opposed to the EU approach. (The upcoming copyright laws are particularly worrisome to me.) But at some point Google is going to need to leave the EU, or else to follow EU law. I don't believe that Google is willing to exit the EU. In which case you should really be worried about parts of Google that are putting the whole company at risk by violating EU law. No matter what you, personally, think of said EU laws.
> But the more important part of things is that HN has what, maybe 10000 active users? Chrome has over a billion. Even if every HN commenter was vehemently against this change, that's less than 1% of 1% of Chrome's user base. If this change makes the browser better (using whatever metric you want, I'd argue the correct one here is privacy), even marginally, for the average user, at the cost of a few people believing that the browser is behaving badly, that seems like an overall good change, doesn't it?
Well what percentage of those billion users understands what's going on, versus the 10000 users here? Google's business model does depend on duping people who don't know any better, so maybe this isn't so surprising..
In any case, I don't think there'd be so much uproar if Google hadn't snuck the change in without telling anybody. There are release notes, why not use them? Why is that so hard to understand for a company that prides itself on hiring the best and brightest?
The argument that resonates with me is how Chrome is breaking the barrier between the web and the browser, and that this barrier should be important. It's morphing from a multi purpose web browser into a Google centric application (e.g. ChromeOS).
You could have just ask for permissions for this new feature,what next switch the default browser or scan my files because it is better in some metric for some majority of users?
Consider the case of two users, Alice and Bob. Alice has sync enabled, Bob does not.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits (due to shared auth cookies), but doesn't sync to the browser itself. Chrome is still logged into Alice's account, so Bob's browsing history is synced, but to Alice's history. This can have any number of unwanted consequences, from privacy consequences to Bob depending on whether or not you think Alice or Google are bad/compromised, to weirdnesses for Alice when she tries to check her history again.
Post this change, Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob, meaning that Bob's history is no longer synced. So for Bob, this is a privacy increase (since now Google and Alice have less access to his browsing history) in that situation, and a usability improvement for Alice.
You could maybe get a similar effect by having account consistency be a thing that always logs the current user out and only also logs you in if you opt in, but that can also I think lead to weird situations for everyday users.
In other words, the point of signing in is to make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits...make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Don't do that then.
There's a simple solution to this conundrum, but it involves google not hoovering up the browsing history of half the world by default. Unsurprisingly, the google team has decided not to implement that solution and instead has tied logins on a web page to logins in a browser ever more tightly, and this move is just another step on that road, until you can tell yourself that 99% of the world logs in to the browser, because it's just easier, so we'll make it opt out instead, and then by a series of small incremental steps, each of which seems reasonable, you're forcing users to log into google and send them your data to get any browsing done at all.
Logging in to the browser is the problem here, not the solution. You should log in to websites, not the browser, that separation is a good one and is there for very good reasons.
That is an extremely narrow example that ignores many other scenarios, some of them privacy related and some of them functionality related.
But I'll bite. In the scenario you just described, can't Alice still just look at her local history and get all of the same information? I just tested -- local history is accessible across accounts in Chrome 69.
So this change doesn't actually protect people who are sharing computers -- a private browsing session is what protects them. And this change doesn't make private browsing any easier.
Also in this scenario, if Bob isn't checking his email or something, he's very unlikely to go log Alice out of her account. So the extremely minor privacy boost that doesn't actually exist because all of Bob's history is still stored locally will still only happen if both Alice and Bob use Gmail.
Which makes it sound like this entire feature was the brainchild of some executive who genuinely can't comprehend someone borrowing a computer and not immediately signing into Gmail. A much better solution to the problem you're describing above would be to draw more attention to private browsing sessions in the UX, or to just have some kind of notification when the user signs out of Gmail.
Heck, you could have the same exact feature, except drop the auto-login part and only have the auto-logout. That would still be a useless feature because of the reasons above, but it would get rid of the vast majority of the privacy concerns the tech community is currently raising.
Auto-login is not necessary to fix the problem you're talking about.
How about popping up a message saying, "you're logging in to someone else's computer, would you like to do this in an incognito window?" Or something like, "you're signing in to a different Google account, would you like us to remember this account and preserve/sync history to account X, which is currently signed into Chrome".
Doesn't work. Between the cookie pop-ups, update notifications, and "you've got mail"s, people have learned to ignore pop-up notifications.
... of course, the real problem here started with "Bob checked his email on Alice's computer." There are so many ways it can go wrong, like Alice using a browser other than Chrome, Bob using an email service other than GMail, or Alice deliberately installing a keylogger on that computer...
You mean like the popup of Google asking if I'd like to sync, or if I want it set as the default browser? It seems to be ok when it's in Google's favour.
If Bob logs into Alice's computer and forgets to log out all she has to do is hit the "sync" button and she can now view everything that's his synced with his account. Previously she would have at most his email, now she has that and more.
I don't want to get too far into specifics because I'm not an expert, but I'm pretty sure there are a number of inaccuracies in this comment.
Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
In other words, assuming Alice was nefarious, yes this is still terrible, but I don't think it's just still terrible, not worse terrible.
Edit: I'm rate limited, but to clarify, yes syncing is an account wide setting, hence you need to be authenticated to a specific account to change it. The entire point of syncing is to sync data between browsers on different devices.
> Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
That makes no sense at all unless syncing is an account wide setting instead of a browser setting, and it's pretty clear that this is a browser setting. Bob could have syncing enabled on his primary computer, log into gmail on Alice's computer where it then logs him in to her browser but without syncing enabled, and then Alice can later on come in and enable syncing by hitting the blue button.
Frankly it sounds like what Google should have done is created a better security system rather than a better notification system. This solves nothing, creates more problems, and pisses people off at the same time.
It makes perfect sense. If Bob has syncing enabled on his primary computer, Alice could enable syncing to copy the previously synced data to her browser. But she could also view the same data on myaccount.google.com.
It's a potential privacy violation for Alice and Bob!
How about this scenario:
Alice has Chrome synced to her Google account on her PC.
Bob uses Chrome on his PC but has no Google account and does not log in to Google services. He does uses bookmarks though.
Alice visits Bob and borrows his PC to check her gmail, which logs her in to Bobs Chrome. Then either Alice at that time or Bob at a later date accidentally triggers sync in Bobs Chrome.
TWO bad things happen at this point.
1) all Alice's synced data is downloaded onto Bob's PC. Including her bookmarks and passwords
2) all Bob's bookmarks are synced with Alice's account and Chrome on her PC will download them next time it's online.
Thanks for the explanation. It seems to assume that Gmail is the internet. If people sometimes use Facebook or forums or games instead of Gmail, then history will appear to sync to random places, no?
Bob's browsing history is synced, but to Alice's history
I agree with you that this would upset Alice when she wants to check her personal browsing history. But isn't that the innate consequence of sharing your own computer with other persons? It is the same as Alice lending her MacBook to Bob without logging out herself first. Can't Alice simply log out her Chrome before giving to Bob?
Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob
Why should Gmail (or any Google service) be so special? If Bob log in to his Outlook account, shouldn't the same treatment happen (which clearly indicate a persona switch)? It is clear that Google is using its monopoly power between Google services and Chrome to reinforce the bond between "average users" and itself. Imagine if Chrome dwindles at ~10% market share instead. Do you ever think the Chrome team would have done this feature?
They obviously didn't think through privacy issues very deeply, since it completely crashed with the privacy policy when it was released.
And the feature might be fine, but the UI is not good. It's confusing whether the big "sync" button says you are syncing, or lets you start syncing. And as this article says, when you go into "options" instead of clicking "undo", it starts syncing...
> I'm pretty sure they made this change in good faith
I'm not sure. Not one person in the entire chrome team raised their hand and explained that some users expect their browser to firewall web pages from the browser itself and to keep neutrality and not privilege some (first party) web pages?
As long as they don't really gather any data without an additional consent, I can't see how it could be. IANAL, of course.
But, if I was responsible for GDPR in Chrome I would be very worried that they are conflating "signed in" and "syncing" some places in the code, since this appearently used to be the same concept, per the old privacy policy.
It may be a GDPR violation (insufficient consent), we'll need a ruling to be certain. It may also be an antitrust violation (chrome is close to 60% market share in the EU).
So, it's bad because it doesn't sync your history by default? Even if the UI is confusing, the worst case here is thinking that your data is being synced when it's not. It's like the opposite of a privacy problem.
It's bad because it's by default signing you into a service you didn't ask to be signed into, and don't have an easy option of turning this off.
Sure, it doesn't automatically sync your browsing history now, but we all know change happens gradually. It's just a "feature" to be enabled later.
I've never once signed into chrome in my life (on purpose). I don't want anything synced between browsers, I like to try and limit what gets kept in the cloud, and with this change they've simply just taken the option away from the user.
Yes, I'm sure that I'm in the minority, but I'm taking this opportunity to start switching to Firefox, switching my mail provider, and am hoping to send them a GDPR request to delete all of my data.
It's not necessarily just this issue that made me do it, it's just the tipping point for me that says.. "ok, this company has gotten too big off people's data, and i no longer wish to be a part of feeding that machine"
>I've never once signed into chrome in my life (on purpose). I don't want anything synced between browsers, I like to try and limit what gets kept in the cloud, and with this change they've simply just taken the option away from the user.
At the jobs I've been in since browser syncing became a thing, where there were internal web tools, there has been an explicit policy against enabling it, out of security concerns. Regardless of how good the security might be at Google or Firefox etc. around their syncing stuff, if the content isn't there, it can't be compromised.
The difference for me is that, previously I knew I was multiple difficult steps away from having my browsing data uploaded to Google servers. That provided me a level of comfort that doesn't exist anymore. With the new method I'm one misclick away from giving everything to Google. Add on to this, Chrome has been increasingly pushy with its sign in prompts. There's no reason to think it won't eventually be equally pushy with its sync prompts.
For one thing they have completely different privacy policies. By signing into the chrome they are automatically forcing people to accept the privacy policy that is far less private than the when people aren't signed in.
Read the actual privacy policy, not the tweet talking about it. Primary sources are always best.
> The personal information that Chrome stores won't be sent to Google unless you choose to store that data in your Google Account by signing in to Chrome.
That doesn't say "unless you enable sync", it says it changes "by signing in to Chrome". Since they're now forcing you to sign into chrome without your consent they are also forcing you to accept that they can send your data to their services without needing any additional permissions from you.
Anecdotally when I tested this the "sync your data" screen seemed a lot more like a "yes" prompt. Similar to Facebook's 3rd party fiasco of an app asking for tons of permissions, and just saying "accept" to be done with it. So most people are going to just sync their data and probably have no idea what's happening. They might not even care, but I don't think that is a good measure of if this is good or bad. Most users are ignorant.
Yeah there's a usability issue for sure, but the article is talking about privacy and potential GDPR problems.
Edit: what I mean is, there's no way to get the interface into a state where it looks like you're not logged in, but it is syncing in the background. The only confusion here is in the other direction: you're visibly logged in, but it's not syncing.
I was talking about privacy too, not usability... it's a privacy issue when your data is being synced when you think it isn't. (I think you might be mixing up the two scenarios?)
I'm still not clear about what the actual change in behavior even is - seeing some statements on Twitter from someone on the dev team, it sounded to me like there isn't actually any difference, just a UI change to show which Gmail account is currently logged into.
If that's really all it is, I don't really get what people are upset about. Specifically, if there's no additional data being stored connected to your account (which is what one of the devs seemed to be very explicitly claiming) until you deliberately connect Chrome to your account, this seems like a whole bunch of drama over a misunderstanding.
If I'm wrong, then that's a separate matter. Personally, I appreciate the syncing features, but I completely understand why people would be bothered, and it's definitely something they should roll back.
I work at Google, but all statements/opinions are my own.
My understanding is that there were two changes:
1. General responsibility for authenticating to Google services has been moved to Chrome, and being logged into Google is equivalent to being logged into Chrome. If sync is set up, logging back into Google also fixes your sync session, if it was broken (common — the warning in the toolbar is easy to ignore).
2. Sync has been separated from login as a Chrome feature, so that you can log into Google services without syncing Chrome’s data.
Confusion between being logged into Google (the Chrome new tab page looks a heck of a lot like the Google home page) and being logged into Chrome was a real problem. I’m not suggesting that this is the right solution… or the wrong one; this is weird territory.
It raises a question for both users and browser vendors: What does it mean to be logged into a web browser?
> It raises a question for both users and browser vendors: What does it mean to be logged into a web browser?
And who - exactly - ever asked for the ability to "log into a web browser"? And what benefits are there for the user?
There would be zero confusion about "Am I logged in to Google or logged in to Chrome?" without the unwanted and unexpected existence of a "logged in to a web browser" status.
This is privacy disaster over a feature nobody wants. Except for the people who actively profit from privacy disasters...
I use several different computers and operating systems regularly, and it's really useful to have my browser history, bookmarks, extensions and other configuration synced up.
That's not to say I'd be miserable without it, but it's a nice convenience that almost immediately upon starting up a new machine, my browser is set up exactly the way I like just logging in.
This illustrates what may be the real problem. Chrome’s sync is a genuinely useful feature. There is no reason at all it needs to be conflated with being signed in to websites.
For that matter, sync is a fantastic use of E2E encryption, and it will be interesting to see if using sync data for any purpose other than syncing it is a GDPR violation.
That's just a diplomatic way of saying "so what if we logged you in". Well you don't understand how distrustful people are of Google these days, especially power users. I wouldn't give a byte of information about me to Google if I don't have to.
>"It raises a question for both users and browser vendors: What does it mean to be logged into a web browser?"
Which is a question so absurd that no user should ever need to ponder it. The question wasn't "raised." Your diction suggests it arose in some organic fashion and it did not. Let's be clear - the question was forced upon the user.
Now if you log into a Google account, Chrome is logged into that same account as well. Also if you clear all cookies, cookies from Google aren't cleared. Some people (myself included) don't like that.
But this is only if you already have Chrome Sync ("logging in to Chrome") turned on and enabled, correct? Because I have a bunch of different Chrome profiles that I use for different purposes, and I don't see the ones that I use for particular Gmail accounts getting logged in to Chrome.
(not a chrome user, but:) my understanding is that now if you log into google (e.g. a gmail account), you automatically get logged into chrome, including Chrome Sync.
That is not at all my understanding. If you don't have sync enabled, nothing automatically enables sync. You have to go through a large confirmation dialog (with an "undo" button) to enable sync.
You’re being downvoted, but this is exactly the concern that a sweeping change like this provokes. Who’s to say Google won’t decide that a lack of sync is a problem they can silently fix too?
Meanwhile: whatever color you want to shade in the "pattern" with, this subthread starts with a claim that is falsifiable, and also actually false. So please don't pretend like I'm arguing from abstractions here.
Thanks, I don't use Chrome that much (or at all if I an avoid it) so that's interesting.
Still there are the claims of buybackoff that I linked above that options has been set without their consent.
So it seems to me there's either a muddy pattern or they even are tweaking things on behalf of users whitout even asking?
Edit: also this from the post we are discussing:
> However, by clicking on “settings” I was unable to click “undo” - the user interface happily assumed that yes, in fact I wanted to first upload my data. And suddenly, instead of “Last time synced in 2017” I saw the following: “Last time synced on Today”.
Yeah my account was signed in and syncing when, prior to the update, I explicitly turned off sync so that was alarming to me. I immediately turned off syncing and now I can't trust Google to obey my settings anymore. They randomly turn on syncing when I use Google voice assistant on my Android phone.
Yes, you automatically get logged into chrome. Supposedly sync will not automatically be enabled, but if you ever enabled it in the past it will be turned back on for your chrome session as well. It's unclear what happens to old (pre-login) history and cookies when this happens.
> Also if you clear all cookies, cookies from Google aren't cleared.
Wait, WHAT? Are you talking about locally or in sync? I don't believe Sync ever included cookies, and there's no indication on the Clear Browsing Data tool that Google cookies won't be cleared if "All Time" is selected.
Hopefully that battle comes sooner than later. Either the EU will fold, or we would get some real guidance about what honoring this GDPR legislation actually means. Clearly nobody has any frigging idea what is and is not in compliance.
Not true. I would say that Jacques has a pretty good idea, and expresses it pretty clearly for the rest of us in a four-part article: https://jacquesmattheij.com/gdpr-hysteria/
I understand the general concern, but a bit confused about the details. Could someone do me a favor and write down a simple example of how this can violate privacy?
Something like "User logs into Chrome, this automatically logs the user into ???. The user then visits ???. As a result Google learns ??? about the user. This was impossible before this Chrome change, and this sharing of information isn't clearly agreed to by the user."
If there are several materially different scenarios that can result in privacy violation, would be great to know.
It's just about respect. If you don't give your users a heads-up when you go to collect significant information about them, and then when they try to opt out, you cripple their browser, you do not respect them. I'm done with Google products.
It's a shame that this is where identity is going. Google had such a great opportunity to do this in an open way by making this a more extensible format...perhaps by dusting off OpenID. Identity is probably the most under-built part of the web, and anything Google could do to positively move that forward would've been hailed as a huge improvement.
Instead, because it's closed, it'll set the web identity conversation backward...hopefully it doesn't set it back too far.
I think that currently pretty much every service, device and website violates the GDPR.
The GDPR requires consent or some other legitimate reason to store data about a person.
I see dark patterns everywhere. I never give consent. But I get tracked to death everywhere all the time. Even before I touch anything on a website, it plants dozens of cookies on my machine.
But cookies are not even the problem. Fingerprinting is. When I visit a hifi store with my smartphone, next day my Desktop PC will show me nothing but hifi ads. Even though I don't store cookies on any of them.
Additionally, the web turned into an arcade game. The user has to rapid fire click away 'OK', 'I AGREE', 'I CONSENT', 'I UNDESTAND' buttons. He is not giving consent. He is just trying to get through this pile of nonsense to reach the content.
> I think that currently pretty much every service, device and website violates the GDPR.
Not really, my website doesn't :-)
In case you're using Google Analytics, it's easy to make it compliant, you just activate IP anonymization, which you had to do anyway, out of common sense and because tracking by IP without consent was illegal anyway in countries like Germany.
> When I visit a hifi store with my smartphone, next day my Desktop PC will show me nothing but hifi ads.
Yes, I saw this behavior too, but I like to think that many businesses are not as unscrupulous. But I do take care of my privacy as an ongoing investment ... I'm Google free, I sandbox Facebook, I use privacy blockers, VPN, the works.
GDPR is IMO a godsend. I'm sure the cost will be high for many companies, but that's just karma.
If the company handled user data responsibly already, it means the company was already respecting the privacy laws already in place in major European countries, Australia, etc and GDPR compliance shouldn't cost anything.
There's also no such thing as responsible data handling for services tracking users without their consent. If no explicit consent was given, consent obtained with a layman explanation and with no dark patterns, then it shouldn't be legal.
The problem often isn't how the data ends up being used, the problem is that the data is collected in the first place.
Not sure what your question is. If they handle data responsibly they're already compliant, no? In which case what compliance costs do such companies face?
Mostly, I think GDPR makes reasonable requests for how you obtain, handle, store and use personal data. I think that the compliance cost for a company already doing ‘the right thing’ should be relatively low.
(Argument hinges on the idea that GDPR does overreach in what it asks to be compliant, happy to be proven wrong)
If you want to "handle user data" in any way but can't afford the formal compliance costs, then one less company is hoovering up user data. I don't see the problem.
The differece is that now it is explicitly illegal. I suspect after some grace period the most severe violations will start to get prosecuted and then I expect respectable companies to reconsider their tracking.
Anecdotally, pretty much every developer I've talked to about GDPR says in one way or another, their company has some sort of GDPR violation.
It's pretty much the same story every time, there was a big scramble to fix any clear violations, but because GDPR was a bit vague, there are a lot of gray area violations that are still being cleaned up.
The user has the option to not get through the "pile of nonsense" and just close the website. The fact that the user does not should tell you something. Unless you think every website should force the user to go through a 15 minute webinar to help them specifically understand privacy policies before letting them browse the website?
The lesson to companies should be, don't provide a Hobson's choice up front like this. Offer the webpage you meant to offer, and simply don't try to nickel and dime all the data out of your visitors.
It's not like content producing companies are these super profitable behemoths that are just greedy for $1 more. Not using ad trackers would your reduce your revenue by 50% at the minimum - it's how scaled advertisers spend money, if you're not doing it, you're not getting those advertisers. It is indeed a Hobson's choice - do it or stop providing whatever content it is the reader wants.
Am I the only person who liked the web a lot better before it encountered its own Eternal September?
I'm not trying to be snarky! It's just that I'm not actually sure I like the direction the web took, and I'm not sure these "content producing companies" are indeed a net positive.
Perhaps forcing a lot of (the more shady) commercial activity off of the web is actually the best thing that could happen. (Though they probably wouldn't leave quietly)
If you don't like the new direction the web took and don't think any of the content with ads is valuable, then by all means don't use. But don't force me to stop reading the NYT or Twitter.
So just kill the free and open internet and bring back the walled garden model of the mid 90s where you paid for website packages like you did for cable TV? That's not a future I want to live in.
Europe is playing a dangerous game with the internet right now and I don't think they have enough tech-minded people in power to keep things sane and in check.
Except, in today's internet that would mean pretty much not using the internet at all. Which - in today's society - would mean a greatly handicapped social life at least and would be plain impossible for many people who need to use those sites to do their job.
So yes, technically you're right. As Discworld's Vetinari said, you always have a choice, even if that choice is between agreeing to the deal or being thrown into a spiked pit.
I had some legitimately scary things that may or may not be tracking but I cannot explain it without tracking. I watch some youtube video where the audio mentions a historic place of battle and then seconds later it shows up in my Google Chrome autosuggestion because I wanted to google some more information on it. I dont see how that is possible, it was a very specific location. I only typed "battle of" and it showed me the exact battle that was just mentioned in the video. I dont see how that is possible unless Google has transcribed the audio of all the videos automatically and uses it for search suggestions. It was nothing I ever searched before, in fact I searched many many other battles and places before that one so it would make more sense for it to show me something I searched previously.
It's only creepy if you believe you're the only consumer. Say when others watch that video, they search for "battle of whatever-you're-talking-about". They do the hard work.
As for you watching a video and autocomplete coming in with the same topic, could it be that there was a surge of interest of that battle at the time? Otherwise it may be url analysis from other people searching through chrome.
Ummm, google does transcribe the audio of all the videos automatically. That’s how they have subtitles for all videos (sometimes with hilarious results).
Yes, every website now asks for consent to "use cookies" because GDPR "requires us to to ask this". These are weasel words, there is absolutely NO NEED to ask for this. The word "cookie" occurs only once in the GDPR directive text, in a list of examples of personally identifiable data, next to "IP address". Yet no site ever asks me for permission to use my ip address, somehow.
The GDPR does have a requirement to ask for consent to do things like tracking my interests/behavior on a site and sending it to marketing data companies for specificly named purposes. I have yet to find the first website that uses plain language when asking for consent, and I can't wait for the first fines to be handed out.
> He is not giving consent. He is just trying to get through this pile of nonsense to reach the content.
Then don’t access the content? Why should the user get content that someone has worked to create without having to give anything in return (whether that’s in the form of payment or information). There would be no monetary incentive to create content anymore.
Super-simple answer: it's the law (GDPR). Kopplungsverbot. Art. 7 (4) GDPR. End of story.
It says: "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. "
It's like a butcher shop saying "the meat could be free if we could only reduce our cost by not caring about hygiene".
Guess what - the old Internet created plenty of content for free, without incentive of monetization, yet people still did it. The Web has suffered greatly as a result of the bullshit mindset that just because you put something online, you are entitled to make money for it.
Right, that’s why I specifically said “monetary incentive”. There will always be non-monetary reasons to create content.
Are you proposing that trying to make money using the internet is morally wrong? Or just that collecting user data is wrong? Or that collecting data without consent and a clear explanation is wrong? Because if the line is drawn at the latter, then that’s what GDPR is for, and so I don’t understand why people would be upset about having to click through a bunch of notices that try to make it clear how user data is being used.
The problem is that there's no actual consent, just simulacra. The GDPR doesn't say that you just have to "make it clear how user data is being used", it says the user must freely give consent, which means they must not only explicitly do so, as not giving consent must not mean the user loses access to services or content (see Recital 43).
I just say that pretty much every site, device and service out there violates the primary rule of the GDPR. They all store data about their users without the users consent.
One of the main points of the GDPR is that the user has to actively agree to storage of data. Making it very clear that storing can not be the default. Yet when you visit the New York Times today, they tell you:
By clicking "I Accept" or "X" on this banner,
or using our site, you consent to the use of
cookies unless you have disabled them.
In one form or another every site, service and device out there is doing exactly this. Making it the default to store data about the user.
Do you mind dumbing this down a bit for me? What you wrote has gone completely over my head here. What is "faux-progressive modern" and what is the thing being considered true even if it's only "ostensibly true"?
Don't create the content if you have such poor ethics and imagination that violating people left right and center is the only way you can sustain yourself. How many people even realize the extent and repurcussions of the information you are taking from them?
Generally it isn't the content creators doing this. It's the ad companies, as content creators are busy creating content and not advertising schemes. What is needed is ethical ad monitization choices.
> According to Google Chrome privacy policy “signed-in Chrome mode” works differently than the basic (non-signed) mode. Accordingly “your personal browsing data is saved on Google's servers and synced with your account. This type of information can include: Browsing history, Bookmarks, Tabs, Passwords and Autofill information, Other browser settings, like installed extensions”
> In line with privacy policy, this could be the case. However, data synchronisation appears not to happen by default in practice (as also confirmed here). It seems this behavior is not accounted by the privacy policy, which means either the policy is obsolete (and needs to be updated, which suggests potential issues in the internal privacy program, and possibly the priorities), or the mechanic may be subject to change in future.
It may have been updated in the last few hours, but right now, the privacy policy clearly specifies that that section is for the "Signed-in, Synced Chrome mode", and that "Sync is only enabled if you choose". Just signing in does not automatically enable sync.
Imagine if Google open-sourced their sync server as Mozilla has [1]. If you could simply specify your own sync server, I suspect a lot of the louder privacy complaints related to sync would disappear.
I see many people here complaining about this feature, and while I completely agree with them I also find it difficult to imagine an effective way to clearly explain these concerns to a random average user with limited to no knowledge of computers. How would you go in explaining this stuff if you wanted to convince somebody to switch to another browser?
I would say that I hate this change. I have a university education in computer science, have worked with computers for many years, but don't understand what my browser is doing any more. The UI is unclear, the privacy policy says one thing, and the project manager says something else on Twitter.
It really frustrates me when applications try to guess what I want, and do things without asking. Computers are fun and interesting because they do what you tell them to do! When they do what someone think 90% of people want without asking you, they are oppressive and depressing.
Lastly, it feels like Google wants to trick me into giving them my browsing history by mistake.
So, all in all, I'll uninstall chrome from my personal computer.
Google search is great. The rest of stuff and all the tracking and personalisation crap is just ridiculous.
stuff like this are the primary reasons I:
1) use Chrome only for work - hey, it's new IE
2) don't use Android
and recommend against using these to all my friends and family, carefully explaining everytime that if they care about their data they should stay away from these services.
IANAL, but I think the gdpr/antitrust case lies in the other direction,E.g not in [login on google/youtube]->[logged in in chrome] but in [logged in in chrome] ->[Can't use youtube/google anonymously].
If we take all of googles privacy controls and privacy policies for the truth, they now have an additional way to track me and I can't disable this without completely missing out on any other google service. This propably also circumvents any installed cookie blockers (but only for google) which could be interpreted as not honoring the denial of tracking.
My workaround for now, which I hope continues to work past Chrome 69, is to use Incognito-Filter to force all google.com accesses to open in Incognito Mode.
Nobody really cares outside this tech bubble. There won't be a PR fiasco, because it's hard to explain why it's bad for a non techie end user.
"Google simplifies the login experience in Chrome", is essentially what's happening here and it's far from obvious how to sell it as a doomsday scenario as I read the mood correctly of many HN users.
Maybe I'm just crazy, but if I didn't like Google Chrome (or if I was a privacy hawk), I wouldn't use Google products. Why do so many people complain about "privacy" and still use Google products?
The people who think they can speak for their parents or the less technically inclined are being too presumptuous in my opinion. YOU may have a problem with these methods, but not everyone does. Heck, there's people as technical as you that still don't have a problem with it.
Super technical person who doesn't care, reporting in.
But I also wish we lived in a utopian society where all information, people, companies, govt. was public and there was no weird illusion of privacy that everyone is clamoring for.
I long accepted privacy on the internet doesn't exist, and mostly privacy off the internet is minimal, especially with all the technology around. If you want privacy, you need to live like the Amish.
So, I just accepted it, and now don't care about privacy breaches, giving all my data to google. I willingly give more data to google so they can make my life easier.
I get hopefully 100 years on this planet, I am not going to worry about privacy when I got better things to use my limited time and energy on.
Even inside of this tech bubble there are people like me that think this change is fine the way it is and that it's actually a good idea for convenience. The vast majority of people are using Chrome to go to Google websites using their Google account and having one less step to sign in to Chrome Sync is just a good thing from a usability perspective.
Everything has an adoption curve, when Chrome launched why would the average user use it? But eventually it went through the adoption curve and even with Google aggressive nagging too time to gain mainstream traction.
The same thing is happening with surveillance and spyware and the self serving 'users don't care' that many tech apologists use to distract from their stalking and lack of ethics is already out of touch and disconnected from increasing mainstream awareness and disgust with surveillance.
Just yesterday Craig Newmark announced a $20 million donation to a new publication modelled on propublica to examine tech surveillance. It's only a matter of time before surveillance implementors and apologists begin to look like the sellouts that they are in the public eye.
For people already logging into Chrome, perhaps.
For people who have chosen to not sign into chrome, this is a breach of privacy and of trust. Without warning, we've been force-signed-in with no clear way to disable this setting.
Agreed, this will be forgotten about even by tech power users in under a week. Google needs to take the initial PR blow and then it will be over. The only thing that will put pressure on Google is EU with GDPR.
I left ProtonMail because it was slow and lacking features. Their reason for their snail pace of feature releases seems to be "we put security first".
Edit: Also, with ProtonMail as a paying customer, by default my signature was set to "Sent from ProtonMail". How cheesy. I'm paying for their service, they shouldn't be using me to advertise.
for all you geniuses downvoting my tldr commment: by far the 2 most popular suggested alternatives from the thread were fastmail and protonmail. fastmail costs money. for us elite hacker types its no biggy but does your mom pay for email? its not a fair competitor when 99% of people think email should just be free. protonmail is free but limits how many emails you can send and caps you at 500MB. also sign up and then try signing up for facebook. better get your ID ready...
edit: to be clear i'm not knocking either option. im just supporting my original point -- that google's recent actions do not threaten its email dominance
I pay for a Posteo account and am quite satisfied with it. The webmail is just your standard run-of-the-mill webmail without any fancy features like Google Inbox, but since IMAP is supported, you can just put whatever frontend you like in front of it.
i dont know why your comment is being downvoted instead of being replied to. its a valid comment. sadly im seeing this all the time now -- comments being downvoted just because other users disagree. if you disagree and have a valid argument, make the argument... i digress. i pine for when hn was more intelligent
Taking things into perspective, what benefit does I, as an individual user will get when Chrome automatically logs me in the browser when I sign into my Google account?
Unless there's a compelling benefit for me as a consumer, then I think Google wasted a lot of engineering hours and talent building something that majority of people would want no part of.
Exploit prices and complexity usually accurately reflect the security of a product when compared to their competitors. Take a look at how much Zerodium pays for full-chain exploits here: https://zerodium.com/program.html
$250,000 - Chrome RCE + SBX (Windows) including a sandbox escape (previously: $150,000)
Whereas it's up to $100k for Edge RCE+SBX, $80k for Firefox RCE+SBX
You obviously need to factor in other things such as how popular the product is compared to competitors, etc., but such a drastic price difference such as this is quite telling.
You have a valid point but you are using misleading data: Don't compare a RCE + SBX vs a RCE w/o SBX.
Firefox RCE + SBX is 80k, edge is 100k, safari is also 80k.
Another thing to take in consideration is the number of people that the exploit could be used against. For example, following this: http://gs.statcounter.com/browser-market-share/desktop/world..., Chrome would have almost 68% of the browsing share whereas Firefox is only close to 10% and all the others even less. It'd be surprising this isn't taken account by Zerodium in their price calculations!
You're correct -- I was referring to the table that was easiest to quickly reference which is the changelog, not ALL current prices. The periodic table is more accurate. I'll update my post.
Adding to this comment, see prices for 2018's Pwn2Own contest [1], for which Google Chrome has a 50% premium over Firefox and Safari. The Chromium bug bounty [2] is also the most accessible in terms of documentation and requirements; likewise it has the lowest floor and highest ceiling on potential payouts.
If I'm logged into gmail I'm logged into Chrome? Horror. I don't know what is a worse mistake: this or the idea to violate standards and ignore autocomplete=off, or deprecating sync XMLHttpRequest because "it's bad for UI and you don't need it".
when my employer at the time asked for a research on ad blockers, I concluded we could 1 offer better content with a community focus, or 2 provide the browser with the best ad blocker, that could still show some of our ads.
we did the cost analysis of the later and decided it was too expensive at the time. a few months later google dropped firefox support and invested heavily on chrome.
I guess someone there did the same analysis. because everything to this point is right on the plan. they block auto play video ads, just not theirs. they block flash ads, just not theirs. they will implement tracking protection like firefox rolled out last month, but before they will keep you logged on their ad systems forever.
Let me just spell out, for emphasis, what the article actually says:
* Logging in to a Google service via its website will now automatically show you as logged in to Chrome in the top-right corner. This will provide you with the OPTION to explicitly opt-in to syncing your browser data with the Google cloud by clicking a big blue button that clearly says "Sync as <firstname>" and then clicking through one of the two clearly-labelled options to confirm that you do indeed want to turn on sync in the following dialogue (which does in fact have a prominent "Undo" button in case you clicked by mistake).
* The entire extent of the alleged practical user privacy issue is that a user might accidentally click the first button, and THEN mistakenly click on the small "Want to manage sync and personalisation before they're turned on? Visit Settings." link instead of the larger, more prominent "Undo" button. This, the blog alleges, will turn on syncing without a chance for the user to undo. (Although, at least as of 69.0.3497.100, this is just plain false - there's an "Undo" button even on the settings page. It may have previously been true; I have not checked.)
* The entire extent of the alleged GDPR violation is that the privacy policy erroneously says that when you sign into Chrome with your Google Account, data is synced with Google's servers, when in reality it isn't unless you explicitly consent. (This was true at the time that the post was written, but the privacy policy was tweaked to correct the factual error - compare https://web.archive.org/web/20180924020748/https://www.googl... vs https://web.archive.org/web/20180924123556/https://www.googl...) For what it's worth, I see no reason why briefly and accidentally claiming to process some data in a consent-ignoring way when you don't actually do so would be a GDPR violation, and the article does not elaborate on this particular legal theory.
Other commenters here have already explained that this change offers security/privacy benefits to some users by protecting them from a failure mode in which they wish to sign out of Chrome on a shared computer (in order to not sync their browsing history to a friend's or family member's account), but instead they only sign out of, say, Gmail, and thereafter end up inadvertently syncing their browsing history and passwords to their friend's Google account instead of their own. Connecting the browser login and Google web service login eliminates that privacy-violating failure mode. That seems like a real gain to user privacy and security to me, and it seems plainly absurd to argue that it's actually a loss on the basis of a hypothetical in which the user accidentally clicks through clearly-labelled buttons in two different dialogues and therefore accidentally enables syncing. That seems doubly true given that even in that hypothetical scenario, syncing can, per the article's own admission, then be immediately disabled (and all synced data deleted).
I'm not an uncritical fan of Google, but criticising them for this is bullshit.
I'd be interested in hearing from vendors who are tied to Chrome. Authy springs to mind, only because their product is literally the only reason I still have Chrome installed anywhere.
I'm waiting with bated breath for the first massive GDPR case. Doesn't matter who, really. Just so long as the powers that be have fires lit under their asses.
Sorry to disappoint but I’m not American nor do I own any clothing from China (or any other countries that may rely on sweat shops for production).
From a security and privacy standpoint though there are possible implications when a tech-product/service is owned/controlled by a Chinese company. China’s influence on it’s businesses (especially tech related) can’t be denied.
It wouldn’t surprise me one bit if news would break that the Chinese government has it’s hands in Opera’s cooking pot somehow.
Sorry if I have offended you but that’s just reality. I don’t trust Chinese tech companies.
I don’t even know why I’m still arguing with you but there’s a huge difference between something being assembled in China for a US company and a browser company with its jurisdiction in China. One can be compelled to aid the government the other not so much. You’re comparing two entirely different things here. It’s far easier to manipulate some lines of code than to modify the hardware of thousands of devices.
And I do take offense at being called xenophobic and won’t further participate in this ‘discussion’.
i was not calling "you" xenophobic, i was saying the sentiment of distrust for anything chinese seemed xenophobic to me, barring an explanation (which you provided, thanks. the exchange of ideas is good!). but i will call you a special snowflake
I'm currently logged into Gmail. When I click the little upper-right icon in Chrome I see a button saying "Sign in to Chrome", implying I'm not currently signed in. "About Google Chrome" tells me I'm on version 69.0.3497.100 (on OSX). So I don't appear to be experiencing this issue. What am I missing?
You're missing nothing - this is the intended behavior. People are falsely reporting that you are automatically signed in to chrome sync, which isn't true.
Is the IP personal data for the GDPR? If I read the GDPR, the Debian foundation is not capable to pinpoint 1 person so it seems to me it is not (An ISP or someone receiving an IP to person mapping from them is something different):
‘personal data’ means any information relating to an
identified or identifiable natural person (‘data subject’);
an identifiable natural person is one who can be
identified, directly or indirectly, in particular by
reference to an identifier such as a name, an
identification number, location data, an online identifier
or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or
social identity of that natural person;
Furthermore, the Debian foundation has a legitimate interest in monitoring their machines and protecting them against attacks. Logs containing IPs are a common practice, so there is a legal base for processing IPs even if they would be personal data:
processing is necessary for the purposes of the legitimate
interests pursued by the controller or by a third party,
except where such interests are overridden by the
interests or fundamental rights and freedoms of the data
subject which require protection of personal data, in
particular where the data subject is a child.
All of this assuming they use the IP for apache logs only, and don't send these logs to third parties for data mining or whatever.
However, I can't recall ever having seen this privacy policy before now. IANAL and don't know what kind of notice needs to be given for necessary data usage, if any, but maybe apt-get should display the privacy policy on first use.
And I meant you're not violating GDPR by letting apache2 run with default config, as the GDPR allows you to capture these IP adresses for 2 different reasons.
So the answer is yes, they are PII. But that doesn't actually answer the question of whether or not collecting them without consent is illegal under the GDPR
> “Processing shall be lawful only if and to the extent that at least one of the following applies: […] (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
And
> “The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, […] by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.”
It depends on the purpose / if you have a legitimate need to store them.
Are you storing IP's for a certain time, so you can discover and investigate attacks?
> include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.
Are you storing IP's for a certain time, so you can run analytics?
> Further processing for [...] statistical purposes should be considered to be compatible lawful processing operations.
Are you doing direct marketing to your customers?
> The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. [Legitimate interest] There is a relevant and appropriate relationship between the data subject and the controller [...], such as where the data subject is a client or in the service of the controller.
If you are not big enough to have a law department look at this, you don't need to worry so much about a weblog.
I'm currently thinking with a blue security mindset. I'm currently wondering if there is a difference between tracking an abstract attacker of my network, and tracking a person attacking my network.
Put in a blunt way - Looking at my logs, I am not trying to identify Mr William Butterscotch living at 22nd tower street, third floor, second door on the right. I'm trying to figure out if a set of IPs is actively scanning or ddos'ing my systems. Especially because these IPs might actually not be connected to any human at all - think of botnets just roaming the ipv4 space.
But what counts as "can be tied"? Does asking the ISP that owns the address count? What about correlating with logs from other services you have access to?
If the police can tie the IP to a person, then it "can be tied". Some courts decided before GDPR that IP addresses can't convincingly be enough to tie a person to a crime committed with that IP address, but that is not to say it isn't PII, or can't be tied to a person.
I'm assuming here that the changes are GDPR compliant (given the large army of lawyers working for Google).
If they are, all this brouhaha is from the technophile echo chamber of opinions. The average joe gives a rat's ass for this, as evident from all the non-noise coming out of the regular world. Techonopiles have made an art of outrage - typing on their $3000 laptop or $1300 iPhones built by slave-grinded employees toiling 16 hour days in China - NO HN COMMENTING ALLOWED AT WORK FOR THEM, BTW
Please go use FF & pretend to have privacy online or be better humans. Mozilla - the world leader in disappearing money [1]. Does it really take $225M to build & maintain the quantum browser? And why $135M for 'marketing'?
Google is going back to China but this time they are requiring user's to sign in to their browser to be identified to search -- to tie their phone number to their account
Yet, the same exact thing just happened world wide in Chrome 69.
I see a lot of comments on HN and other sites which could be summarized as whatabout-ism or defending the changes on the premise that "I know someone|people that will welcome this change."
The problem is that I can't help shaking the feeling that those comments are either written by people who do not consider privacy to be a right, or fail to understand GDPR, or are Google paid shills / fanatics.
Ultimately the changes represent dark patterns and I fear the worst is yet to come for the darling browser of the web. Someone somewhere at Google made the decision to turn Google Chrome in to AOL v2.
I take solace in the fact that AOL's walled garden approach ultimately failed.
I really expect this change to push a lot of people away from Chrome, and frankly I wouldn't be surprised if it started opening up more antitrust possibilities due to how they're using their browser to give their services special functionality others can't get.