Hacker News new | past | comments | ask | show | jobs | submit login
Product Updates Based on Your Feedback (blog.google)
780 points by tptacek 5 months ago | hide | past | web | favorite | 451 comments

Like Eric Law[1], I felt like while there were some rough spots in the UX for the Chrome login and sync features, the issue was very overblown (I'd feel very differently if sync had been enabled automatically). I don't have much more to say than Law does --- except maybe that when your arch-competitor is speaking out on your behalf, maybe the narrative has gone a little haywire.

I figured Google would do something cosmetic (again, that's all that I think they really needed to do) to clear up the misconceptions here, but they've added a Matthew Green switch (which is what we all need to call it from now on). That's better than I'd hoped for.

[1]: https://textslashplain.com/2018/09/24/chrome-sync/

The sync thing was overblown. The cookies thing was a bit more concerning to me.

Not so much from a privacy angle but from more of a 'Chrome has lots its way' angle.

A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.

Glad to see they are listening to user feedback and reacting quickly.

> Glad to see they are listening to user feedback and reacting quickly.

I consider an opt-out as paying lip service to the feedback. Clearly they feel the default is more important than the generated angst. Reaction clearly needs to be even stronger to affect real change. An opt-in (e.g. a dialog on next Google login from Chrome asking for feature enable) is a compromise, an opt-out is to appease the temporarily upset while keeping all that they added in place and defaulted.

This is not an olive branch, don't accept it, condemn the continued incremental marriage of Google browser+services, and continue to move on and de-google yourself where you reasonably can.

You seem to be looking at the choice of opt-in vs. opt-out from the perspective of a user who actually cares about the feature.

Much more common, though, I'd say, is the type of user who will accept whatever the default is, because they just don't care.

Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.

If you think something is good for people, you have to consider the large group of users who don't want to put in the time/energy to evaluate whether the thing is good for them, but just want the program to shut up and do what it does by default—whatever that is.

It’s not just that the user doesn’t care. I don’t want to have to monitor constantly hackernews to find out what new invasion of privacy google will sneak in discretely, even if there is a switch somewhere to opt out. I want to be able to rely on the tools I use.

The issue with this line of thinking is that this change isn't really a privacy invasion. Account consistency didn't at all affect privacy. You still had to opt in to syncing, which did affect privacy.

I would be surprised if it didn't affect google's capacity to track you nominally.

When I flush all cookies from my browser session, and open a new session, I am a new user to google's various tracking mechanism. If I am an authenticated google user, then I am not.

I would agree that there was at least potentially an issue due to it re-logging you in. But I'll note that no one wrote a blog post about that. Someone just mentioned that on twitter after this was already a big "controversy".

In other words, you had half of HN claiming to be leaving Chrome over something they had no reason to believe had any privacy implications, and in reality, has either 0, or really close to 0, actual privacy implications.

I made a claim about HN being a small group in the grand scheme, and someone countered by claiming that most users didn't understand what was changing. But I think the funny thing is that the average user, who had the understanding that "literally nothing" was changing, would have been closer to the truth of the situation than the average HN commenter.

Not to say that the result of the hullabaloo was bad, I actually think this set of updates only improves things over where they are now, but its still a really strange sequence of events.

No the problem is tracking. It basically makes google tracking cookies un-deletable. I don't see how this is a non-issue from a privacy point of view.

Well no, logging out in the browser would still delete them.

This is kind of what I mean, you can't talk about this without hyperbole.

But if it re-logs you back in when you re-open the browser, it may be technically a different cookie, but it is a cookie with your real identity attached to it (as opposed to an anonymous cookie like if you started a fresh session on an older version of the browser). So practically, that has the same effect that if the cookie was never deleted.

The parent means, logging out and staying logged out of the browser, would have exactly the same behaviour as logging out of your Google Account would in Firefox.

The whole point of the feature was just that:

1. “are you logged into your Google Account from the perspective of Gmail et al” is now the thing the browser chrome itself reports; and

2. you now need to be logged into your Google Account in the cookies sense for Chrome sync to function; logging out of your Google Account turns off Chrome sync.

Before, people could be in a state where they have Chrome sync enabled with foo@gmail, but are not logged into foo@gmail from a cookies perspective, and are potentially even logged into bar@gmail.

This is the state that has been eliminated—now, the browser chrome’s login state reflects your Google Account web-cookie login state, because they’re one-and-the-same; and every method that logs you out of your Google account from a web-cookie perspective, also logs you out of Chrome (and vice-versa.)

Consider the privacy implications of someone who logs out of Gmail, but is still logged into Chrome sync as said Gmail user; and then lets someone else use the computer. That is what is no longer possible.

It’s a privacy improvement targeted at the people who expect “logging out” of their Google account to be one unilateral action that frees a computer of all artifacts related to their original logging-in. Which, until recently, wasn’t true: if you originally logged in by entering your credentials into the “new Chrome profile wizard” (where they set up the credential as both your synnc and web-cookie credential), and then logged out of one, it wouldn’t affect the other.

No, I mean you can log out of your Google account in the browser and it actually logs you out. Deleting your cookies does re-create a cookie (which is weird), but logging out in browser (I see it as "Exit Joshua" on Chrome on OSX) deletes Google cookies and doesn't recreate any.

It is difficult for me to assess the validity of this statement. I cannot tell if the behaviour is or is not a privacy invasion. What I can tell is that it is not in the direction of greater privacy. That it is not a feature I'd requested, want, or am comfortable with. And it's in line with multiple past trust violations.

That Google are announcing walking this back within days of release and publicity suggests some measure of the storms roiling the 'Plex presently.

>What I can tell is that it is not in the direction of greater privacy

For you, it may be a no-op, but for many users, it is a net increase in privacy (people who use multiple accounts or who use accounts on shared computers).

>That Google are announcing walking this back

Erm, sort of, I guess. There are some small changes.

...for many users...

What numbers, precisely, do you have on this? Because it sounds to me as if you're arguing from a position of ignorance.

There might be some benefit to the small number of users who 1) have multiple devices and 2) share one or more of those amongst several other people in the same account in ways that this Chrome feature ... might address. But this doesn't strike me as some overwhelmingly large use case.

The system for user separation on shared computers is called ... user accounts. Which every mainstream consumer operating system has supported for the past 17 years (Windows XP being the latecomer to this game.)

Otherwise, this is a broadening of Google's ever-expanding ingestion of user data, either directly or by way of one more (or an incremental series of) "small change". If I notice my enemy maneuvering me to his advantage, I counter that maneuver. In my case, it's meant uninstalling Chrome and Chromium from any systems on which that's possible.

(My much-regretted purchase some years ago of an Android tablet being the primary exception, though I'm resolved to not repeat that mistake, despite a dire lack of viable market options presently. Purism and Ubuntu may be nearing useful products.)

...small changes...

In the Universe in which I inhabit, Google specifically addressed user feedback and sign-in changes. I cannot find your characterisation of their announcement as accurate under any charitable interpretation.

I don't have that data on hand, but the chrome team apparently does.

Certainly, for you or I, user accounts (and incognito windows) solve most of the problems that this change fixed. But most users aren't you or I.

Google's claimed usage data has stood up poorly to my investigations in the past.

If you think something is good for people

Therein lies the disagreement - Google thinks it is good for people to log in to Google services via their browser, and to always be logged in (it's certainly good for Google!), therefore they choose these defaults, opting in to login and to tracking.

Many disagree.

Like Apple thinks it's "good for people" to have a 40% markup on their product...

If you want to participate in a debate or discussion, then ddo so. Whataboutism, deflection, projection, etc., are not that.

> Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.

Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.

> Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.

Most people won't know that these chrome features exist. Most people don't go digging through options and settings, they just download chrome and go, go, go.

Exactly. Same as the organ donor thing. They don't KNOW. If they knew they would CARE.

The cookies thing could be seen as a bug: the button does remove the cookies, but because your google sign in state is now tied to the browser sign in state, new cookies will immediately be set.

To fix this, the “remove cookies” button would also have to sign you out of chrome which would also feel weird from a UX perspective.

All in all I think this was just released a bit early before all UX edge cases could be tackled (or even discovered. Sometimes you find things only in wider rollouts)

If exempting Google's cookies from being cleared was a bug, they would not have added a message in the UI that "you won't be signed out of your Google Account":


> The cookies thing could be seen as a bug: the button does remove the cookies, but because your google sign in state is now tied to the browser sign in state, new cookies will immediately be set.

Then maybe tying the Google state to the browser state was a mistake and should be reverted?

>A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.

Heh, I wonder if the next privacy blunder from Google will make you further reconsider your "voluntary vendor lock-in" approach :)

I said Chrome-first. Not Chrome-only.

I'd still ask to consider a Firefox first policy.

I've been using Firefox as my main dev browser for years and it has a huge, practical advantage:

- Usually it Just Works in every mainstream browser (had one single case in the last year where it broke in another browser).

My colleagues who use Chrome has to fix QA bugs more often than me it seems ;-)

Bonus: Support a good cause (cross browser compability)

yeah like in "this is just temporary code we put in production, we'll clean it later" :-) :-) </joking-with-a-touch-of-cynism>

I disagree the sync thing was overblown. A website's cookies and the internal functionality of the browser are conceptually very different and (up to now) well differentiated concepts. Mixing them up and blurring the lines between them is just a portal to confusion of the average user, who is already confused enough.

I fear that changes like this will eventually make it impossible to effectively explain to an average user even the basics of how the web works.

Google's claim (which I'm inclined to believe) is that the previous state is more confusing to the average user. While we think in terms of "content" vs "browser", apparently the average user does not, and finds it confusing that part of the browser is signed into Google, but part isn't.

That may be, but that doesn't mean the concept should be abandoned and the browser married to the content in inexplicable ways. At least the way things are now, I am able to understand what is going on and teach it to my parents. If the non-average users also stop understanding what is happening behind the covers, is there any hope left for the open web?

One nasty change was that clearing all cookies no longer cleared Google cookies with these changes. That is a big, privacy-impacting change.

I think that change was merited because of the "signed into chrome vs google" issue they were trying to solve. Say I clear my cookies on a signed-in, syncing account.

With G Cookies also deleted, I may wonder "Why is my picture in the top right but no Google services are using it??". To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be.

Hang on.

The logical thing to do, if your real aim is to have browser sign in state reflect cookie state, is to sign out the browser when someone clears their cookies.

That would make total sense to users.

I think this is clear evidence that Google made this change to keep more users signed into Google so they can collect more of your data without telling you.

The article says that is exactly what they are going to do now: when you clear all cookies, you will be signed out.

What they are going to do. As currently released, it is a real issue, not some misunderstanding.

Several people who make a lot of money figured it was a good idea.

Yeah we were talking about the pre-oh-shit-backtrack changes

What data is it that Google collects without telling the user? Granted, they don't issue some pop-up notification or e-mail for every piece of data they collect, as the collect it, but every user has full access to all of the data points Google collects. They are highly transparent about the data they collect and even give users the option to delete that data from Google's records.

I could be mistaken, however, so I'm curious - what data does Google collect without telling the user, at least by making that data collection transparent?

"Performing this action will log you out of chrome. (You may sign in again immediately afterwards.)"

Problem solved?

It’s a dangerous precedent to begin with, I remember platform abuse was a serious concern when Google first launched Chrome. Over the years they’ve built up enormous trust by keeping Chrome (mostly) conflict-free. The moment Chrome really turns into “Google Browser” it will no longer be the default choice (although I suspect we may already be too late to undo this).

So instead of putting in bizarre kludges in various parts of the UI fix the underlying issue - browser login should not be a prominent feature (it should be called sync bookmarks/history in settings somewhere), google logins should not be displayed in browser chrome and google websites should not get special treatment (either in cookies or login status).

That’s why people are complaining - they see that google clearly wants to privilege their own sites and logins in chrome and push the users to always be signed in with google across any site. Great for google, bad for user privacy and the open web.

> they see that google clearly wants to privilege their own sites

What happened to their very vocal concern over net neutrality from last year?

"To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be"

I highly doubt the common person knows what a cookie is, let alone how to clear them.

A simple solution would be to add an extra step when clearing cookies that asks if you would like to stay signed into your Google session and clear or keep those cookies based on your selection.

The extent the common person (might) know about cookies is that sometimes it's helpful to clear them to speed up your computer and/or as part of other magical rituals.

> To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be.

But the fact that they are different things is precisely the reason why they should remain separate, not conflated into one soggy, confusing mess.

It's Eric Lawrence and while I don't think he's off base, the disclaimer literally says he used to work on Chrome, so I don't think he is speaking as a competitor here.

Also, in my (admittedly, n=1) experience, Sync was enabled automatically, perhaps because I had tried it at some point.

Thomas, could you please explain the reference to arch-competitor - I might have missed any reactions by Mozilla/MSFT(?).


Eric Law works for Microsoft on Edge

And he also helped build chrome, so…

Thanks! Stupid me - that disclaimer was right at the top of his blog.

> when your arch-competitor is speaking out on your behalf, maybe the narrative has gone a little haywire.

When the enemy of their enemy becomes their friend, the question then is who their common foe is. Microsoft is actively working to push the needle in the same direction as Google on ignoring and removing user choice in their products. An ex-Chrome dev at Microsoft defending dark patterns from his former team by mocking user concerns (as you are, with your "Matthew Green switch") is hardly an objective slam dunk.

I remember AOL and Compuserve back in the early 90s on Mac OS 7. They were online services, and they had something to do with the Internet, but it was a walled garden.

Google is free to do integrate their online environment into their client, but it's dishonest to continue to call it a web browser much longer.

This is what it looks like when product/eng inside google encounter a serious trust deficit.

Won’t change my mind and will stick to Firefox after having switched because of this. First I don’t want to be logged in in my browser at all. Second, and probably more important, software is about trust. Even for an open source project, no one has the time to review millions of lines of code. So unfortunately one has to rely on what one believes is the behavior of the authors of the software. And what google did is to shatter that trust by sneaking that change discretely.

    I don’t want to be logged in in my browser at all
Same here. Why does Chrome log you in in the first place?

I mean I know it from the companies perspective of course. They want to consolidate as much data about you as possible. And tie you into their ecosystem.

But what is the user facing benefit? Syncing your bookmarks across devices?

> But what is the user facing benefit?

Syncing bookmarks, recently opened tabs, passwords, autofill(?). These are genuine benefits when you're working with laptops, desktops, phones and tablets. Whether they're worth the cost of data mining is another matter of course.

    These are genuine benefits when you're working
    with laptops, desktops, phones and tablets.
I work with all of these devices. Yet I don't want any of that syncing.

The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users? Of all the pages that have nothing to do with them?

Same with passwords. So they have a gigantic database with all of their users passwords for all the services the users use? Even those totally unrelated to Google?

> I work with all of these devices. Yet I don't want any of that syncing.

So... you're happy that they're giving you the option to turn it off then, right? I mean, you appear to concede that someone users want this. You want the option to turn if off, which you're getting. That seems like good news.

Except your tone doesn't seem to match your logic.

FWIW: I use Firefox too. But... I mean come on folks. They messed up, they're fixing it. The obsession with hatred and flamage is getting a little out of control.

The issue is that trust breaches can't just be rolled back. You put people in a situation where they don't want to get caught out by the next change that the press doesn't pick up and/or you don't hear about.

It's possible that I want my passwords (of other sites) synced on all instances of Chrome across my devices, but I don't want Google to know these passwords (obviously). They have an "encrypt-passwords" feature for that.


Perhaps you have never visited passwords.google.com :-)

The link says:

> Passphrases are optional. Your synced data is always protected by encryption when it's in transit.

Data is protected when in transit and passphrase is optional. How is this a good feature?

The difference is whether or not Google can see your passwords.

When you use a passphrase, your data will presumably be encrypted with your passphrase and thus only be visible to you with knowledge of the passphrase. Not even Google could see the data while it would be stored on their servers.

Encryption during transit means that no bad actors like hackers, unscrupulous ISP's or overzealous governments can access your data _while_ it travels over the wires towards Google's servers but Google can still do what it wants with your data.

My question is why is that not on by default? Why would it ever be acceptable for Google to have unencrypted copies of your bank password for example?

I would assume it's the standard tradeoff - if you lose the key to the password DB (be it an actual cryptographic key or a password you synthesize it from), you lose access to the data, and some people are more interested in guaranteeing access to their data over avoiding storing it with an external entity.

(I work for Google but on nothing remotely related to this.)

One advantage that wasn't mentioned is the ability to send a tab between devices.

I'm looking at something on my desktop, have to go somewhere, so I just send the tabs to my phone and continue consuming. If I forget to do so, I can also use the url bar to search through common history, so that I could enter a few words from the title and go back to that article.

That being said, I personally wouldn't trust Google to do this, so I use Firefox that I believe encrypts data client-side by default.

Your use of the word "consuming" definitely solidified the idea that I'm all set without these features, I don't miss them that much.

> The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users?

They claim sync data is end-to-end encrypted. However they would already have your browsing history if you have address bar suggestions enabled.

Chrome is not really a web browser, it is a part of the Google crawling machine.

Distributed, and it pays for itself using AdSense.

What if other people do want it?

Beware the The Tyranny of the Minimum Viable User:


Hilariously, that WOT doesn't address my point.

Here's one way: there's not a singular axis that users wanting sync and users not wanting sync can be placed on and compared.

The other poster expressed how the feature sucked for their purposes. But the feature wasn't made to punish them, it was made after evaluating the preferences of many users, which is what my question is getting at.

Features can introduce risks in various ways. I discovered this long ago through a software vendor's annual feature request solicitation, in which I learned to be ware of what others ask for: you may get it.

Specifically as to sync: I would love to be able to sync certain elements of browser state between my systems.

Not between one of my systems, some arbitrary third party of questionable trust and intentions, and another of my systems. But directly between my systems.

Google actively thwart this.

A feature of most early browsers was the ability to save bookmarks to a file, and import that elsewhere. By slight extension, a browser session or tab state can be saved, either directly, or as bookmarks.

Chrome does not do this, either at all, or on all platforms. It's most resistant to this on the consumption-only platform of Android.

This has been a major point of frustration to me for a year and a half as I've been wanting to dump user state from one system to another, without Google intermediating that exchange for me. I've found no means of accomplishing this.

That is one element of the tyranny of the minimum viable user, as well as of Google cattle-prodding its users into the feed chutes.

They already have most of your browsing history simply by having you logged into your Gmail and browsing the sites having Google Analytics installed (which is most of the sites on the internet these days).

Some of us don't use the gmail web interface (opting for IMAP or a different provider instead), and use an ad blocker to take of analytics.

I do the same but sometimes I get email from google telling that I should disable access to those unsafe apps.

Ironically, from the article itself, this automatic sign in will not turn sync on automatically. This is probably the most confusing decision that can be.

There is, or at least was, a notable feature that synced data can be encrypted with a separate password, client-side. I can't vouch for its strength, but it's there.

While I understand and agree that they're benefits for the user, its interpretation and decision shall be made by the users themselves.

If the company supplying these features are forcefully making these decisions on behalf of me, I can assume that there are other intentions and motivations for providing these services to me for "free".

That "Save this login" stuff in Chrome drives me up the wall. I understand you can disable it under Settings (and I do) but I see it on other people's computer too and I feel a bit of me die inside when they click "Save login" just to make it go away.

Completely agree. It's ironic that users who click "remember my password" are 10x more likely to forget their password.

The next step in this equation is even more frustrating - people who's default workflow to signing in is to click 'I forgot my password', and proceed through those steps to instil a new password. And then the cycle continues.

> It's ironic that users who click "remember my password" are 10x more likely to forget their password.

How is that ironic? People who can't remember their password would have the most reason to let an external apparatus save it for them.

People who can't remember their password often forget it due to having used that feature. Forcing yourself to type a password in over and over will pretty quickly encode it into muscle memory.

This is a little ridiculous. Do you think there is no value in password managers? It's almost certainly better to have many complex passwords managed for you and only one strong password to protect them all, than to remember the same few passwords used across many accounts, decreasing the overall security of those accounts.

I understand healthy skepticism of Google, but essentially claiming password managers (which is what this feature is) are bad, for the sake of criticizing Google, is bad.

I think you've misunderstood me. I'm not criticising Google here. I just dislike any tool that encourages people to unintentionally forget passwords for the sake of "getting this annoying prompt out of my way". This can be a "remember me" on a website's own page, or a browser feature.

A good password manager is a great tool and more secure than a few simple memorable passwords. But when I use it, I'm making a conscious trade-off between memorable passwords and secure ones, but usually I'll at least need to memorise a master.

I'm fact just thinking about it - if Chrome's signin affinity is turned on, and I have chosen "remember me", AND I use the password manager, isn't that effectively equivalent to having your entire password manager with a "remember me"?

Out of the total population of the chrome users, how many really use more than 1 computer? These benefits may apply only for few users, probably in single percentage figures, which does not justify pushing it down the throats of everyone.

It’s pretty common for people to have a “work” computer and a “home” computer.

And also most of android population use chrome.

And that's probably one of the situations where you would precisely _not_ want synchronization. Now not only Google but your employer has access to your complete browsing history!

And exceptionally useful to put an unbreachable firewall between work and personal devices.

I think the majority of cases where it's helpful is between some traditional computing device, such as a laptop or desktop, and a mobile device such as a smart phone or small tablet. I think that's actually a fairly large amount of people.

That's also one of the situations it's most useful in, as having your saved passwords already present on your phone when you try to log into a site you generally don't from your phone is extremely helpful.

Well, most people. I use it to sync between laptop, tablet and smartphone.

IMO syncing the state of your user account between devices is the responsibility of the OS, not the browser.

Well unfortunately Microsoft and Apple don't appear to be working on a account sync feature at the moment so Chrome offering synchronization between my Windows, Mac, and iPhone is the next best thing for me, personally. I like having my bookmarks and history shared between my devices.

How would that work between my laptop and phone?

I would assume this is to compete with Apple's offerings (after all Apple doesn't just sign you into the browser, but into the OS nowadays). Apart from Chrome OS, Google doesn't have any other way to offer similar (tab-syncing, etc) functionality and signing you into their own browser is the closest they can get.

Syncing almost everything across devices. Super useful.

They want to be the next AOL browser internet appliance. It's called Chrome OS

With a blog named “The Keyword” is there any surprise they want to be AOL?

Yes, opt-in is the beginning, middle and end of the problem here. Google has plenty of tools to inform users of these capabilities and allow them to turn them on or off. I wouldn't even mind if they nagged me a couple of times with a pop-up about browser log in, or a confirmation that I want to keep or delete Google cookies. But on-by-default features have a special responsibility to be conservative with a user's privacy.

I actually value and use sync. Google sees most of by browsing through page-hosted GA anyway! But at best, this was really lazy product management that smacks of condescension about less technical users (don't worry your head about these cookies). And at worst, it's testing the waters on some really nefarious strategies.

This same change to Google Chrome forced me to go to Firefox, too. After about a week of pain, I'm now much more comfortable about my choice.

I do have a Firefox account which syncs up my passwords, history, etc. so in a sense I'm still logged into the browser.

I do trust Mozilla more than I do Google with my personal data, though.

Mozilla don't have access to your data even with Sync turned on! They've confirmed it multiple times this week.

One more reason to go with Firefox.

why do we trust them when they say this, when we don't trust google when they say it?

Data in Firefox Sync is end-to-end encrypted, while data synced to Chrome is subject to Google's privacy policy.

"The security model of Firefox Sync ensures that your sync data is encrypted before it ever leaves your machine, and that the password to unlock this encryption is never transmitted to the server. Not even Mozilla can access your sync data, so while we transmit it all over TLS for additional security, we do not depend on the confidentiality of TLS to keep your data safe."


"When you sync Chrome with your Google Account, we use your browsing data to improve and personalize your experience within Chrome. You can also personalize your experience on other Google products, by allowing your Chrome history to be included in your Google Web & App Activity."


There is also the option to e2e encrypt your chrome data.

Because collecting user information is Google’s main business.

Have Google said they can't see your data when syncing?

First I don't want to be logged in in my browser at all.

OK but I expect that most Chrome users feel different about that. Most are probably happy that this UI change makes things less confusing.

Second, and probably more important, software is about trust. [...] And what google did is to shatter that trust by sneaking that change discretely.

Why did the UI change shatter trust for you? It doesn't enable syncing so I don't see what the big deal is. With syncing out of the equation, I can imagine that you don't like being logged in in the browser for aesthetic reasons or something, but to have one's trust shattered?

I do think Google has turned a corner recently.

They've achieved so much ubiquity, that their offerings are becoming incompatible with an open web.

Well, putting:

{ "SyncDisabled": true }

into /etc/chromium/policies/managed/test_policy.json (for debian linux) seems to do the trick for now, unsure how long it lasts...

see: https://www.chromium.org/administrators/policy-list-3#SyncDi...

>And what google did is to shatter that trust by sneaking that change discretely.

How did you expect them to announce a change they probably perceive as a minor UX improvement? Also this has been brewing for months in canary/beta, it's not like they actually snuck the change as you imply.

How did you expect them to announce a change they probably perceive as a minor UX improvement?

Just because you split a large change into a set of minor UX improvements and have different excuses for each individual change, that doesn't make the direction of travel any less damaging.

To be clear, the direction of travel is for Google to abuse their de-facto monopoly on search and browsers to own SSO across the web and track their users completely, at which point they will pretty much own your entire web experience (logins, browser history, maps, news, search, tracking, analytics - all this data will form a huge moat making it hard to compete and hard to resist decisions made by google about the web) - even if you don't use them they'll own the experience of the majority of your customers. This is why these small changes are so pernicious, and why people have reacted badly to them. This is why people reacted so badly to AMP.

This is not an argument over technicalities or quibbles over UX, this is a fundamental question of who owns the web.

Google have built up a lot of trust over the years by keeping the browser independent of their other operations, and making great technical progress with Chrome, but these changes (and others like starting to abuse their search monopoly by privileging certain google results) show that is not going to last - they are now at the monetising phase of their lifecycle, and nothing can stop it - a huge corporation has a momentum of its own.

The competition to their products is a click away. People use google products because they find them more useful. If that's a result of the data they have, who cares?

People use google products because they find them more useful

No - because they are free, ubiquitous, and often installed by default. People choose their browser as they would choose a hat, from the limited selection available.

It’s not the result of data they have but the other way around.

So because they make more useful products people give them data as opposed to money?

Google pays the salaries of every tech person whose opinion it values at a rate of > $0.00.

I don't understand what "because of this" means. Chrome made some change that some famous blogger misunderstood, and everyone got up in arms over nothing -- https://motherboard.vice.com/en_us/article/gyny83/google-chr...

Given that, their reaction on their blog seems above and beyond to me.

Edit: Downvoters, reply with how this is incorrect instead of downvoting.

I have already switched to Firefox and loving it (Facebook container, tracking protection enabled), but these changes are welcome and responsive.

I hope this is a wake up call that privacy implications need to be seriously considered during product design (even if the intent was better UX), and hidden changes without any UI/notice is going to make issues blow up far more than if there was clear in-app communication.

I did as well. DuckDuckGo, ublock origin, privacy badger. I haven’t used Firefox seriously in 5 years or so and I’m very pleased with the experience.

To be honest, it’s best to use an independent company for your internet browser. Google’s incentives and business model no longer matches web browsing for someone who cares about privacy.

Did it ever?

I'm the last person to defend google, but in the beginning a reasonable argument could be made that what they wanted was better performance of javascript and website rendering in general. Microsoft, Mozilla and Apple were the only engine developers in town. Two were the default on their OSs and Mozilla was the choice of those who made a choice. So there was no real incentive to compete on performance.

Chrome was introduced by Google with the idea of improving performance of webbrowsers in general so they could do more with web-apps. That did seem somewhat reasonable at the time.

But since Chrome became the market leader, the incentives have changed.

Google used to pay people working on Firefox, including the lead engineer at the time, Ben Goodger. They pulled them to work on Chrome. Had they wanted, they could have invested more in Firefox to improve its performance. But what they really wanted was full control over their own Web browser.

> Microsoft, Mozilla and Apple were the only engine developers in town.

And KHTML team in a cave.

and pi.hole. Privacy at its best.

> I haven’t used Firefox seriously in 5 years

Do you mean "I haven't used *Chrome" ..."? Otherwise I don't understand what you're trying to say.

I don't think he/she meant "Chrome". It makes no sense to me if you substitute "Chrome" for "Firefox", considering the context of the comment and its parent comment.

They used Chrome previously and now they switched to Firefox and are happy with it, despite not having used it seriously in 5 years.

Ah, so maybe the meaning was "I've just switched to Firefox after having not used it seriously for five years". It's interesting that that interpretation was so obvious to so many people but not me!

I switched to Firefox developer edition couple weeks ago before this incident. Reason: my laptop temperature goes up to 80C+ with about 10 tabs opened in Chrome, whereas with Firefox it stays around 60C. But with this sync and cookie fiasco I am never going back, even if they fix the CPU optimization issue in a future update.

I recommend the Google container as well https://addons.mozilla.org/en-US/firefox/addon/google-contai...

I actually use Chrome for everything Google, and Firefox for everything else. It's a constant reminder that I need to stop using Google services. I don't open it much anymore, just to check my gmail which still has a few emails going to it, and to find my android whenever I lose it.

Does gmail really not work in another browser like Firefox? Seriously? How is this possible?

It works fine in Firefox, I do it for the intentional isolation. To me, chrome browser is "google browser"

Almost everything runs just fine in Firefox.

Google software seems to be chrome-optimized, but it's usually only slightly slower on Firefox - it still works.

Some google websites are chrome only because of the use of some non standard plugins.

Do you have any details of which ones? I have not discovered any so far - everything seems to work just as well in Firefox (e.g. gmail, youtube, search, maps, adwords, adsense, analytics, cloud console, webmaster tools are the ones I requently use on Firefox with zero issues)

Google earth and Google hangouts

It works, but it uses non-standard extensions that are only present in Chrome, so it runs slow in Firefox, especially since their latest update.

> I hope this is a wake up call that privacy implications need to be seriously considered during product design

Maybe am too cynical, but I think it would be a wake up call to hide such features better in the future. This is Google we're talking about here.

I think it did hurt and visible in their stats otherwise they wouldn't do it so soon.

the problem here is that Google's incentives are directly opposed to user privacy

Unfortunately, Chrome 70 is also when `www` subdomain is slated to get re-hidden, and when web audio breaking changes are slated to get re-introduced.

There's just too much to keep up with at this point.

I'm happy about this change, it's a big move in the right direction. But it doesn't give me any confidence for the future. It's crazy that users have to do this every single release. It can't continue like this.

I have no idea anymore what it would take to get me to switch back to Chrome or to start recommending it to friends and family. I feel like Google is actively training technical communities to distrust them. It's going to turn into some kind of Pavlovian response.

A Google representative has claimed on the domain hiding bug report that the change is shelved due to the feedback.

Edit: Permalink to the relevant comment: https://bugs.chromium.org/p/chromium/issues/detail?id=883038...

Yes, I think that's exactly what danShumway meant by "users have to do this every single release", i.e., give feedback about a big upcoming change that should never have been made in the first place.

One week it's the domain hiding, another week it's cookie clearing. Who knows what Google is planning to change next time? It's not sustainable for us to go reactive every month.

There's an awfully big disconnect if the makers of the world's most-used web browser are routinely trying to change it in ways that users force them to immediately revert. That's not what good stewards do.

I feel this attitude of “just do it and see if enough people complain” is inherent in these big web companies.

Just look at how they do product naming. How many times have we seen Google or Facebook launch projects with the same name as an existing project and just use their size to steamroll over refernce to the existing work?

E.g. the Go programming language or Facebook’s Flow checker for starters.

>Who knows what Google is planning to change next time?

It's not exactly a secret. Go download Canary and see what's in the pipeline.

You missed paren't point. It's not about if you can see the changes immediately in the next release, it's that you have to be constantly vigilant as to what they're going to do next, like looking over your shoulder.

You can do that, but it's time consuming and exhausting. You're better off switching browsers.

That's overly dramatic. Both Chrome and Firefox are excellent browsers, and are developed in the open for all to see. They are examples of open source done right.

> Both Chrome and Firefox are excellent browsers, and are developed in the open for all to see.

I still think you're misunderstanding. The problem is that Google as an organization has the incentive to pull shady shit. It may be noticed, but watching Reddit/HN to see if your browser, which should protect you/be trustworthy, is pulling shady stuff, or whether you may've missed a story of it doing so is still exhausting and keeps you wondering.

All companies have the potential to do shady things. The majority of Google's changes to Chrome have benefited end-users, and not Hacker News goers. We live in a bubble here, and lately it's been an outrage bubble. There's little substance to any of it.

A recent example: Hackers hate the idea of removing "www". Why? Because it's less accurate and we love accuracy. We think about what happens to the DNS if the www isn't a CNAME for the root, and how this isn't technically accurate.

Real users don't care. The UI is cleaner and make important information like what domain they're actually on more pronounced. This may help reduce phishing attacks and make URLs more legible.

Integrating sync is the same way. I'm not surprised that hackers hate it, but end users will appreciate the convenience. Android had the feature for years already.

We need to get out of this bubble and stop assuming we're the core audience. It isn't evil to design for somebody that isn't us.

The URL hiding change is NOT reversed or shelved, only delayed:

> Thanks for the feedback so far. We plan to collect additional feedback, particularly about the enterprise use case, before launching the feature. We will not be launching the "www" elision in M70.

Note: “before launching” the feature post-M70.

Maybe it’s just a vocabulary quirk — to me, “shelved” implies “postponed indefinitely, but might come back someday”, not “cancelled forever”. So it is “shelved” according to how I understand that word.

As you correctly point out, it’s not necessarily cancelled forever.

Launching in M71 (i.e. delayed by a single release) would remain consistent with the Google statement.

The statement applies to any delay within the range of "soon" and "not forever".

Yes, I agree with you. What was unclear about my comment?

Too bad there wasn't enough feedback about http:// and https:// hiding to make any difference. The biggest problem is that the two are hidden differently.

Has it been shelved from Chrome 70?

The last that I heard, it was temporarily removed in Chrome 69, and `www` would be reintroduced in 70. Unless things have changed again since then, `m` was the only change that was actually shelved.

See my edit. They have confirmed it is not going live in 70.

Nice! I'll be honest, I did not expect them to reverse course on that. That makes me a bit happier about this whole thing.

But it looks like it's going live post M70, is's not dead.

We also need to avoid situations where a positive reversal/fix distracts people from the introduction of a new problem, like URL display changes related to AMP.

It's not targeted to technical communities. Chrome's market share is 50% and growing. It became successful in the first place because it's fast and simple. It's clearly targeted to average Joe by design, not programmers.

A couple things:

Many of the complaints that Chrome has gotten are not specific to technical communities. People were mad about `www` not because the technical communities have a thing for seeing the subdomains, but because there's a risk that average Joes can be phished when they're removed, and because on some domains the removal makes technical support for people like Joe harder. Similarly, the Web Audio complaints were not merely that the technical community wanted more control, it was that the changes broke the web for non-technical users in a way that commercially advantaged Google's own properties.

Secondly, Google's external PR has never taken this stance. Google invests a lot into interfacing with the dev community and positioning Chrome as a dev-friendly browser. I very much doubt that any Chrome dev on Twitter would agree with what you're saying. They would say that Chrome is trying to be a browser for both casual and advanced users.

As long as Google advertises Chrome that way, I don't see the problem with the technical community demanding a certain level of consideration. How many people on HN use Chrome (or at least did a week ago ;))? If Chrome isn't designed for people like them, than it seems like the obvious solution is for any tech savvy communities to en masse switch to Firefox and do the majority of their development/testing there.

But again, most of the changes that people are mad about aren't tech-specific concerns. I don't use Chrome for daily browsing; I'm mad that Google made a change that made it easier for them to spy on my parents. I'm responsible for protecting them. I'm responsible for mitigating Chrome's technical problems when they impact nontechnical users and customers that I care about.

One positive, is that the response was fast and direct. In the past, negative user feedback has tended to be buried, or felt like it, or ignored, or felt like it.

This time, somebody decided the only clean path out was to be responsive: to make changes which reflected community concern and to tell people about them

Which I think, is good. I vastly prefer the google which tells people it listened, to the one which says it listens but doesn't tell us whats happening to the inputs we give.

(thats the one which lies behind any three-dots 'send feedback' hooks in almost any google app or s/w I use: I never get the sense anyone reads it, cares about it)

Well, in my opinion the only reason Google listens, is because people started uninstalling the Google Chrome browser, which means less profit.

So... the market works... stunning revelation

> ... is that the response was fast and direct.

Communication about it seems to be. The actual code changes seem like they'll roll out in um... 3 or so months from now?

They clearly write in the blog that they'll make changes in Chrome 70 which will release in mid-october.

k, wasn't sure. I don't track the Chrome release schedule at all, so figured it was probably quarterly. Sounds like it's monthly then.

Looking again, yep mid-October. So, no rush then. A couple of weeks worth of extra data collection it is then.

Yes, I'm sure the code is ready but some evil mastermind twisted their mustache and said "No... let's collect two weeks more of data! Bwahahahaha!"

As dumb as it sounds... that's kind of what their actions are indicating. :(

Yeah. I use Firefox so don't worry that much about it :).

The fact that this all happened in the first place is really telling. It's nice that they've backed these features off (a bit) but there's a reasonably clear signal to take away from this.

When company and customer interest are misaligned this is the result. There are plenty of cases where a strong leader in the company with a strong ideology can hold this stuff back, but companies normally outlast those individuals and eventually there's nobody left to stand in the way.

It's wonderful that we were able to make enough noise and fuss that the cost/benefit shifted sufficiently but this will happen again, and then again, and so on... And eventually, we'll be tired of yelling or won't be able to yell loud enough.

Vote with you attention and your data and your money. Switch to Fastmail or Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another not-so-great-for-developers-anymore Apple macbook pro. Choose these options even if they aren't as good because if we don't support the handful of companies who are trying to do something other than gobble up all of our attention and data we're in for a really dark future for the web.

Everyone seems to be arguing the utilitarian merit of this feature, but I just don't like what it signals for Google's approach to the web.

They're building in features that integrate their browser into their web pages.

As far as I'm aware no other major browser holder has done anything of that sort, but I'm probably missing some examples.

It does seem weird that this would be lauded. I want my browser to be completely independent of what I'm doing on the website because there is no telling what the browser might be doing on my OS and frankly if I want to sign into a website, I will. It's not any of my browser's business what I do on the websites I visit. This seems like a fundamental part of sandboxing but maybe other people don't see it that way.

I imagine more and more so called convenient features might come where Chrome can suddenly install entire Windows apps, clean my files, and replace my OS. Then again, why not. Who am I to tell Google how to compete, maybe they can replace Windows with something better by gradually bloating up Chrome into an OS inside an OS.

> maybe other people don't see it that way

If the HN backlash is anything to go by, a lot of people see it the same way as you (me included).

Every company will act in it's best interest not ours, particularly in the case of Google who are blatantly building out a vision of what they want the web to be for 1 singular purpose: to more closely monitor you for the purpose of selling your online activity to the highest bidder.

This much influence being concentrated is bad for the web.

Viva la revolución!

> If the HN backlash is anything to go by, a lot of people see it the same way as you (me included).

HN isn't representative of most users of Chrome. I doubt that we qualify as "a lot" to Google. An extremely vocal minority, at best.

you're a techie i'm guessing? How many of your friends/family ask for tech support/advice? There's a serious multiplier effect at work. I'm a high school IT teacher. I influence approx 600 students per year. We now cover online privacy and I will be setting assignments that ask students to investigate and make reasoned arguments about the impact of Google's dominance on their privacy.

Once you annoy enough of the tech literate, word will start to spread. Slowly, then quickly. How do you think Chrome got its foothold to begin with?

I won't deny that the tech crowd can influence things, but it's become quite hard for regular users to quit the whole Google panoply of services and tech products. Mail, browser, maps, dns, search, etc... It isn't painless and easy to abandon all of this and I have doubts even tech-savvy influencers can counter it at this point, only by word of mouth.

And about how Chrome got a foothold in the first place, I distinctly remember Google agressively advertising their own product on their search engine page, and bundling the binary with everything under the sun (Adobe Reader, anti-virus, etc...). Every time you installed software, there was a good chance Chrome was included with it. Tech influencers had their part in the success of Chrome, but it definitely wasn't the only factor, or maybe even the most important one.

anecdotal, but i don't know anyone outside of HN who actually thought this was a bad idea. on the contrary, most of my coworkers that use shared pcs praised logging in to both the browser and other google services as it helps them improve their productivity.

IE's NTLM authentication, which can integrate with your Windows login, might come close.

(Almost) every browser does that. Firefox is just a little more restrictive and doesn’t do it with non-FQDN addresses by default .

Google is kind of a special case in that they are the developer of the biggest web browser and the developer of the biggest web-apps. The integration between the two becomes somewhat inevitable at that point. Eventhough I too very much disagree with it.

> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.

I really want to know who the internal champion was for getting the cookies to be perma-stored in the first place. It has to be someone relatively high up and I’m genuinely curious how high it goes.

Based on what I know of the Chrome team, it was probably the conclusion of some UX manager or the result of a user study they did around Google authentication. If I had to guess: their end goal is not explicitly to collect more advertising data for Google, but it's to minimize friction around the use of Google services. This leads to decisions like the cookie one.

I don’t know why but I get an intense feeling of disgust at “people at higher position” making stupid decisions like this one.

My cynicism kicks in and I feel like they know exactly what they’re doing, but the bottom line is more important than anything including causing a PR storm on HN and tech blogs.

Strip down emperor’s clothes and truly reveal the nature of big corporations and their greed to ruin everything for the benefit of the shareholders and their bonus targets - ethics, privacy and environment.

Perhaps I have a problem with extreme levels of cynicism.

In my experience at Google, "people at higher positions" do not really make these kinds of decisions. Someone at the leafmost position in the organization comes up with some research and recommendations and if nobody stops them, they go ahead and do it. It's actually really disorganized.

I feel like integrating auto sign in, tracking and Google cookies is less of a disorganized decision and more of a premeditated, carefully snuck in effort for their ads business. All the stars align for the bottom line.

Just look at the state of Android. Try being a cell phone OEM who wants to use Android but without Google integration. Impossible.

Honestly, I'm going to have to disagree with the first statement. Like any large project, it was planned, but all for separate reasons.

- Auto sign in and the "Google account indicator": this is almost certainly the result of discussions between the Chrome security team (security indicators, phishing, etc) and Google UX requests. Heck, they even say that the indicator was motivated by user research around session management.

- Tracking: I'm not sure what extra tracking was added to Chrome beyond the existing telemetry they've had since the beginning of the project.

- Google cookies: explained above - a reasonable idea at some manager or UX designer's local scope that got misinterpreted.

If they really wanted to sneak in goodies to supercharge their ad business, it would look a lot worse (and be a lot less obvious) than this. For instance, there's nothing stopping them* from automatically enabling Chrome Sync and removing the option for encrypted syncs tomorrow... which is another issue, but a different scope of discussion.

* Aside from their entire legal department, of course.

> Try being a cell phone OEM who wants to use Android but without Google integration. Impossible.

Tell that to Vivo, Oppo, Honor, Huawei, Xiaomi, Meizu, OnePlus, Lenovo, Qiku, Smartisan, Amazon, etc.

OK, try being and OEM who wants to use Android but without Google integration in a country where Google is legal. I think Amazon backs up that point, not yours.

Google is legal in Russia, and there is a rumour Yandex is going to launch Android smartphone in a month or so. And the store.yandex.com is up.

Now that you've extended it beyond phones, tell that to Comcast, Samsung, Nikon, etc.

Yet most of them have to install play store. There is no going away from Google completely unless you're Amazon on large budget and you make a big branch off Android source.

> most of them have to install play store

Not in China. Some of them have an "International ROM" with play store, but not because they have to, just for non-Chinese users convenience.

Not in China.

Fortunately, the EU is starting to do something about that: https://www.theverge.com/2018/7/18/17580694/google-android-e...

C'mon, that's a bit of a cartoon characterization. Privacy related stuff must go through legal first when a change is more than just testing a shade of blue. It's not the Wild West in there.

If I had to guess: their end goal is not explicitly to collect more advertising data for Google, but it's to minimize friction around the use of Google services.

How can you have one without the other? Google services exist to drive advertising. Anything to make a Google service better for the user has a corresponding impact on Google's ad business.

And no one from the engineering of the chrome team had balls to tell the manager "No, not doing it. It is wrong".

I don't think it was an isolated person. The tone of the blog post is that we're surprisingly passionate to want clearing cookies to actually clear cookies. Am I the only one who detects a condescending tone here?

We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.

I find it interesting that you use the word “champion”. I had a discussion the other day with a well experienced consulting colleague of mine. His view was that every company has Champions which in turn reflect the company culture and values. For consulting companies these are partners. For google it used to be the CS PhDs (my guess). Maybe, this is changing at google right now and other people are becoming the “champions”, which might explain the underlying reasons this happened in the first place

If they hadn't perma-stored the cookies, we'd all be pointing out how stupid it is that clearing your cookies logs you out of the browser. This would be clear evidence of what a stupid idea it is to match browser sign-in state to your cookies.

There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.

> There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.

Maybe I'm just being pedantic and there's no real-world difference, but I'm a little more okay with the browser creating new cookies whenever they're cleared vs not clearing cookies when asked.

Not entirely okay with it, mind you. Especially since browser logins are now two-way.

I thought that's what was happening. Maybe that was just when you delete individual Google cookies.

Could be. Like I said there's not much functional difference, but one is more palatable somehow. IMO.

> This would be clear evidence of what a stupid idea it is to match browser sign-in state to your cookies.

It must certainly is a stupid idea.

Agreed. My point is that there's no good cookie retention policy under this design.

This is probably the most important change:

> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.

For those interested in source code, one can review Chromium's implementation of this feature in chrome_signin_helper [1], dice_response_handler [2], and adjacent source files in the /chrome/browser/signin/ folder [3], as well as the files in the /components/signin/core/browser/ folder [4]. To my eyes, it seems an API call is made from the browser to Google to obtain the signed-in state.

[1] https://chromium.googlesource.com/chromium/src.git/+/master/... [2] https://chromium.googlesource.com/chromium/src.git/+/master/... [3] https://chromium.googlesource.com/chromium/src.git/+/master/... [4] https://chromium.googlesource.com/chromium/src.git/+/master/...

I have no doubt this is a direct result of the feedback in the hacker news thread. Googlers read our comments and take them seriously when there is true merit. Keep making noise folks, it matters.

Agreed. Now: does Mozilla read these?

I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.

Firefox is basically unusable with this bug; Facebook takes forever to load, and even Reddit r/firefox shows "A webpage is slowing down your browser" bar at the top.

Active relevant bugs are here: https://bugzilla.mozilla.org/show_bug.cgi?id=1404042 https://bugzilla.mozilla.org/show_bug.cgi?id=1429522

But apparently this has been going on for 2+ years and Mozilla hasn't been able to fix it.

Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox, it's both concerning and surprising that a bug of this proportion has gone on so long.

Edit: Jeff from Mozilla has reached out. I sent him a perf log and a screenshot. Tracking here: https://bugzilla.mozilla.org/show_bug.cgi?id=1494186

Neither of those bugs have to do with 100% CPU on rMBP. Their about using an inefficient presentation path which increases GPU power usage. You can mitigate this today by setting gfx.compositor.glcontext.opaque to true. Further, Firefox Beta has additional texture upload performance improvements that will reduce cpu usage.

If you're actually experiencing 100% cpu usage, post a profile using https://perf-html.io/ and I can try tell you why.

Steps to reproduce:

1) Pick a rMBP. Any one.

2) Set display options - "more space" under System Preferences.

3) Run Firefox. Load any website. No extensions; safe mode doesn't matter.

4) 100%+ CPU, fans kick up and run high, system gets hot and slows to a crawl.

Chrome and Safari run totally fine under the same conditions.

It's documented pretty thoroughly in the first Bugzilla link I posted; the second one is an offshoot where they're trying to solve this specific issue. If you do happen to work at Mozilla, would really appreciate your help escalating.

EDIT: I now have a perf file showing significant issues when clicking on a YouTube video. It gives an error when trying to upload it to the site, but if you contact me through email (in my HN profile), I can send it over.

1) I'm running a MacBook Pro (Retina, 15-inch, Mid 2015)

2) My display options are set to "more space"

3) I loaded this hackernews thread.

4) Firefox and it's child processes are using <1% cpu.

If I aggressively scroll this page I can push the cpu usage up. We have a variety of fixes in the pipeline that will help with this (https://bugzilla.mozilla.org/show_bug.cgi?id=1429522, https://bugzilla.mozilla.org/show_bug.cgi?id=1265824). That being said, only 4.7% of our users are on MacOS so it's more difficult to justify prioritizing work specific to that platform.

4.7% of your users, but what percentage of web developers?

If that second number is substantially higher (and I personally suspect it is, but I don't have data backing that up) I think it would be very reasonable for Mozilla to prioritize MacOS. Getting web developers to use firefox makes firefox work better for everyone because it makes more sites work well with firefox.

Yeah, we do prioritize Mac disproportionately to its market share for that reason. It does sometimes happen that we have to make hard calls though, and that's what Jeff is referring to.

On that note, one of the key motivators behind WebRender (our new graphics backend) is that it provides hardware acceleration across all platforms, including mac (whereas our current Direct2D acceleration works only on Windows). So Mac graphics performance should generally improve once we get that shipped.

I build internal tools in my organization. Most of our developers are on MacOS and use Chrome day to day. Most of our users are on Windows. Whenever a browser specific issue comes up, we do our best to address it, but our first response is typically "go install Chrome". Chrome adoption is 97% internally, 2.5% Safari, and the remaining 0.5% is Edge. We have a 0% internal Firefox usage rate.

Draw from that what you may, but I bet that dynamic is happening in other places.

4.7% of your users... and how much of that is because you are finding it difficult to prioritise work specific to that platform? It sounds like a chicken-and-egg problem to me.

First off, thank you for all of your hardwork. I'm grateful for the existence of Mozilla.

However, I would like to ask... 4.7% translates to how many millions of people?

Now don't get me wrong: I'm a big fan of Firefox, and have used the dev edition as my main work browser since Quantum came out. However, that's a terrible attitude to take. You have half a billion dollars per year of revenue. The second-largest desktop platform should be a major priority. Certainly above all of the other non-core-Firefox projects you're working on, however cool they may be.

I also have this problem, and it's a reason not to use Firefox for me. Maybe you only have 4.7% of users on MacOS precisely because of problems like these?

I spent a few minutes trying to replicate on a MacBook Pro (Retina, 13-inch, Late 2013) with Firefox 62.0.2 and could not replicate, browsing a number of resource intense sites.

Interesting, as this is the same MBP I have, and same Firefox version. I now have a perf file showing the issue. Can't upload it (it gives an error), but would be happy to send it to anyone who thinks they can help.

You can send it to me at jrmuizel@mozilla.com

I'm on Mac OS 10.11.6 (15G22010). The regression might be due to some interaction between Firefox and changes in the OS, if you're on a more recent version.

I've been doing this since the first-gen rMBP, and I've never had this issue. No matter my scaling, I idle at about 5% CPU with about 80 tabs and 10 windows actively open.

I'm not sure what it is with your MBP but my Firefox does the same thing anytime I open a phys.org page -- one Firefox at work using Ubuntu 16.04 and the other at home using Windows 7 both exhibit it.

Edit: Actually I just checked and the Windows 7 machine doesn't do it any more. I'm not sure if maybe a Firefox update fixed that here. I'll double check at work tomorrow too

Can't reproduce that here (on either of two different machines)-- something else may be going on on your machine.

I don't have a rMBP, and others who may be curious to help may not either. Uploading performance profiles from various websites to the mentioned URL will give everyone something to poke at.

All I have to do is load gmail and it'll hit over 100% CPU in top. Usually between 125% and 175%. http://bit.ly/2QaGqzJ

That profile shows all of the time being spent in script execution. Are you sure that setting a different resolution has a dramatic effect on the amount of CPU being used?

Nope. I'm not the Retina Mac person. I'm gonna guess a lot of sites make the system busy with scripts, they all post 100+% CPU loads, fans go on, system gets warm - just to load them. Every once in a while the go nuts well after loading and I'll see a Web Content process over 100% and just stay there but I don't know which tab is causing the problem, so I usually end up killing the whole browser.

I don't know exactly what conditions are required to reproduce the bug, but it clearly does not apply to all rMBPs. I'm on a 15-inch 2016 rMBP and have been using Firefox on it successfully since I got it. Before that I spent a couple months on a 2013 rMBP, also no problems.

Edit: For people who want to compare notes: High Sierra 10.13.6, Firefox 62.0.2, resolution is set to "Default for display" (which I think does mean it's doing interpolation of some sort). Automatic graphics switching is enabled. I don't have any trouble watching YouTube videos.

It happens when you set your rMBP display to "Scaled" in display preferences, which is what most developers do. (Edit to your edit: Try the "More Space" option in your display preferences! It's amazing.)

Similar to the sibling comment, I can't seem to repro. I switched "More Space", restarted Firefox, loaded up a dozen or so tabs. I even watched a YouTube video for about 10 minutes. The video did cause CPU to jump a bit, but it dropped when I unloaded the tab, and nothing I've done (including the video) has caused any sort of lag like described in your first post or subsequent follow-up.

I'm not sure what to say. I'm sure the issue is real, but it seems like we're missing something in the triage. There has to be something else that makes a difference.

I tried this as well, can't reproduce.

I've got a 15" "late 2013" rMBP, set display options to "more space." I've got a total of 45 tabs open between a couple different windows (I use the userChrome hack to re-enable multiple tab rows.) Cycled between tabs, refreshed, navigated around FB, GMail, etc. Can't get the CPU to do anything out of the ordinary.

I very much doubt that “most” developers use “More space”.

Most developers in their early 20s seems plausible, but even there, I surveyed my team’s younger cohort, and it was less than 50%.

I have my display set to "scaled". I get the worst slowdown when streaming videos. 2013 15" w/ Nvidia gpu.

That is why I switched from Chrome to Safari for the daily driver, and Firefox for webdev stuff only

> I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.

On the flip side, I've had a recurring bug in Chrome (until very recently) where for any long running session the Browser process will consume 100% of 1 core. I've had it across multiple machines and profiles, including a completely clean profile with no extensions - I've never managed to be able to nail down the common elements.

With my 2012 rMBP (first gen retina, with nVidia GT 650M) I cannot play video on various websites using Firefox since about a year or two. Did an OS reinstall, switched to nVidia native drivers, nothing helps. It plays the first second of video, then freezes, audio does continue. Youtube does work, but performance is poor.

> Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox


I just tried this.

Firefox with one tab (with gmail opened) takes 20% CPU. (and a helper process "FirefoxCP Web Content", which takes 50% CPU, wow.)

Chrome with some 20 tabs, ~4-5% with all its processes (but a lot of ram, which I am fine with)

This is for a 2015 13-inch Macbook pro.

It’s a bit ironic you use Facebook but won’t use Chrome.

Facebook is super relevant for our business. Not only do we advertise on there, but I also sit on Messenger and answer computer and phone repair questions from friends, and get tagged in "Help! My computer stopped working" types of posts. It drives good business to our repair shops.

Facebook has also replaced forums for our industry (cell phone/computer repair), so it's how we find out about the latest trends and innovations. Yesterday I used a document posted on a private FB group to fix 3 2011 15" MacBook Pros with failing GPUs (previously considered "unfixable.")

For the industry and business I'm in, there's no substitute.

That's interesting. I would have assumed that Reddit was a much better resource for at least the technical docs. Many subreddits include a crazy amount of very specific information about just about anything you can think of.

Totally agree in general; I've gone down the "Reddit rabbit hole" almost too many times to count.

Private groups on FB can be more discerning about their membership, which is also what makes them interesting.

Many of the cell phone repair groups I'm in require you to have a repair business, so the groups don't get flooded with what they call "plz bro" posts. (i.e. "How do I fix an iPhone screen?" beginner posts.)

It also forms a tighter community; we pretty much all know each other on there, so we refer business back and forth a lot, and use Messenger heavily to buy, sell, and just chat about really obscure or weird repairs that come in the door.

I use Facebook very occasionally, and when I do I use Firefox with containers enabled. Facebook and related sites get their own containers.

It seems that nowadays Mozilla is interested in PR much more than the Firefox browser. Every other day, there is some announcement or the other.

However I'm disappointed that their response is essentially lip service to the highlighted problem. If I read the article correctly, the auto-signin will continue to be the default and you'll get an option to turn it off. This does not address the breach of trust issues highlighted in the thread and linked posts .. unless they're going to ask you about signing in to the browser before doing it. Also, the consequences of saying "yes" to that would continue to be unclear if one path leads to data sync and another path doesn't.

Personally, browsers don't need users to signin. They can sync data laterally with other instances. I suppose Google hasn't heard of bonjour.

Bonjour aka zeroconf aka mDNS? How would it solve this issue?

Counterpoint, we shouldn't fucking have to. They should fucking know not to keep google cookies around when you explicitly say to clear cookies. It's that whole "don't be evil" motto that they completely abandoned a decade ago.

> when there is true merit

I wouldn't use those words. I would replace that with "when the backlash is large enough"

Also I read several comments in that thread about how all of that feedback was pointless because the "vast majority of users don't care."

This type of comments always come up after anything a bad company does. You don't need the majority of users to force a change. In fact no movement ever starts with a majority.

That said, Google can no longer be trusted not to screw over Chrome users in the future. Trying to track users this aggressively and then only backing down after a large backlash doesn't really tell me that Google will be playing nice from now on.

This was the last push I needed to totally switch to Firefox. U2F works and I'm using containers which makes me happy.

They have to realize its not just about the auth cookies, its about ethics, and it should be reflected in the entire product line. Using Firefox and DuckDuckGo now because I appreciate better ethics. Honestly I become more and more aware recently.

not a chance. they saw a sharp spike in conversions to FF. if they cared about the HN opinion, they’d never have implemented this in the first place.

Alas, we're still losing Inbox.

The noise was a distraction; the noisy were complaining about sync, which the change did not enable without an additional consent, as always.

I set up Chrome remote desktop for a family member today, and absolutely sync is enabled simply by signing in. Sure, it presents "Undo" after the fact, but on visiting the associated Google account, it had already copied everything. I have NFC where this article sourced "sync isn't automatic", but it clearly is. Zero UI indicator it's happening until the Undo button appears, by which time you've already been ripped off.

Nice to at least see they're making it opt-out, but the damage has already been done.

I tested this literally yesterday, created a new Chrome profile, logged in, and it didn't automatically turn on Sync.

I just tested again now, and took screenshots this time, and once again, it didn't automatically turn on Sync.


I haven't used Chrome Remote Desktop recently. What exactly were you doing when sync turned on?

I've been using Gmail without signing into Chrome. Post-update, I am signed in, but sync is still off.

Even the linked article on HN was more about the implications of this change - without any notice. It removed one wall of protection that users who didn't want Sync had.

Many people _purposefully_ don't want to sign into Chrome. The change suddenly signed them in, without notice or confirmation. That's problematic.

This is a strawman -- many, many people were aware that this change did not enable sync for existing accounts, and were concerned regardless. Matthew Green does an excellent job articulating all of the reasons why this is a terrible change, and specifically notes that sync is not among them: https://blog.cryptographyengineering.com/2018/09/23/why-im-l...

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact