Home / News & Analysis / Security experts say Chrome 69’s ‘forced login’ feature violates user privacy

Security experts say Chrome 69’s ‘forced login’ feature violates user privacy

A new feature in the latest version of Google Chrome that logs users into the browser when they sign in to a Google site has come under fire.

Until recently, it was the user’s choice to log-in to the browser. Now, any time that you sign in to a Google site in Chrome 69 — like Google Search, Gmail or YouTube — Chrome will also log you in, too.

But the change has left users unclear why the “feature” was pushed on them in the first place. Many security folks have already panned the move as unwanted behavior, arguing it violates their privacy. Some users had good reasons not to want to be logged into Chrome, but now Chrome seems to takes that decision away from the user.

Matthew Green, a cryptography professor at Johns Hopkins, rebuked the move in a blog post over the weekend, arguing that the new “forced login” feature blurs the once-strong barrier between “never logged in” and “signed in” — and erodes user trust.

“Where Facebook will routinely change privacy settings and apologize later, Google has upheld clear privacy policies that it doesn’t routinely change,” said Green. “Sure, when it collects, it collects gobs of data, but in the cases where Google explicitly makes user security and privacy promises — it tends to keep them.”

“This seems to be changing,” he said.

Google staff defended the change on Twitter, said there was little to worry about — that the change was designed to only alert the user that they were logged in, and that the browser wouldn’t sync their bookmarks, browsing history and passwords across devices without permission.

Tying my browsing history to an identity *implicitly* has privacy implications, even if I somehow avoid the option that uploads this data to Google.

— Matthew Green (@matthew_d_green) September 22, 2018

Green conceded that although Google is not syncing data from the beginning, the user interface makes it difficult to know if browser data is shared with Google once a user is logged in. The “dark pattern” of the browser’s logged-in user interface now makes it possible to trick a user into switching on sync by mistake. Once your data is shared, there’s little a user can do to pull back. Without giving his explicit consent to have his data synced in future, he said Google could later decide, as it did with the “forced login” feature, to switch on the browser sync feature without telling anyone.

“Just because you’re violating my privacy doesn’t make it OK to add a massive new violation,” he said.

Other security experts agreed with Green, with some promising to switch browsers.

The Chrome guys get a lot right. This isn’t one of them. https://t.co/H1LoY9llho

— Ryan Naraine (@ryanaraine) September 23, 2018

Sadly I noticed I’m logged in to Chrome on my work account. Moving over to Firefox this morning. I agree about the “dark pattern” on the Sync “button”. https://t.co/jO7k1KrktP

— John Graham-Cumming (@jgrahamc) September 24, 2018

Trust is a fickle thing. Chrome isn’t just seen as secure and trustworthy, but many see it as neutral, Green said — a free and open source tool, rather than an extension of Google other core businesses. By breaking down that “sacred wall” between the two has users rattled — and some wanting to switch from Chrome altogether.

What may have been a helpful feature on paper to stop users from accidentally using someone else’s account on a shared computer has blown up in Google’s faces — and not because of the decision, but because users weren’t given a choice.

Check Also

The limits of coworking

It feels like there’s a WeWork on every street nowadays. Take a walk through midtown Manhattan (please don’t actually) and it might even seem like there are more WeWorks than office buildings. Consider this an ongoing discussion about Urban Tech, its intersection with regulation, issues of public service, and other complexities that people have full PHDs on. I’m just a bitter, born-and-bred New Yorker trying to figure out why I’ve been stuck in between subway stops for the last 15 minutes, so please reach out with your take on any of these thoughts: @[email protected] Co-working has permeated cities around the world at an astronomical rate. The rise has been so remarkable that even the headline-dominating SoftBank seems willing to bet the success of its colossal Vision Fund on the shift continuing, having poured billions into WeWork – including a recent $4.4 billion top-up that saw the co-working king’s valuation spike to $45 billion. And there are no signs of the trend slowing down. With growing frequency, new startups are popping up across cities looking to turn under-utilized brick-and-mortar or commercial space into low-cost co-working options. It’s a strategy spreading through every type of business from retail – where companies like Workbar have helped retailers offer up portions of their stores – to more niche verticals like parking lots – where companies like Campsyte are transforming empty lots into spaces for outdoor co-working and corporate off-sites. Restaurants and bars might even prove most popular for co-working, with startups like Spacious and KettleSpace turning restaurants that are closed during the day into private co-working space during their off-hours. Before you know it, a startup will be strapping an Aeron chair to the top of a telephone pole and calling it “WirelessWorking”. But is there a limit to how far co-working can go? Are all of the storefronts, restaurants and open spaces that line city streets going to be filled with MacBooks, cappuccinos and Moleskine notebooks? That might be too tall a task, even for the movement taking over skyscrapers. The co-working of everything… Photo: Vasyl Dolmatov / iStock via Getty Images So why is everyone trying to turn your favorite neighborhood dinner spot into a part-time WeWork in the first place? Co-working offers a particularly compelling use case for under-utilized space. First, co-working falls under the same general commercial zoning categories as most independent businesses and very little additional infrastructure – outside of a few extra power outlets and some decent WiFi – is required to turn a space into an effective replacement for the often crowded and distracting coffee shops used by price-sensitive, lean, remote, or nomadic workers that make up a growing portion of the workforce. Thus, businesses can list their space at little-to-no cost, without having to deal with structural layout changes that are more likely to arise when dealing with pop-up solutions or event rentals. On the supply side, these co-working networks don’t have to purchase leases or make capital improvements to convert each space, and so they’re able to offer more square footage per member at a much lower rate than traditional co-working spaces. Spacious, for example, charges a monthly membership fee of $99-$129 dollars for access to its network of vetted restaurants, which is cheap compared to a WeWork desk, which can cost anywhere from $300-$800 per month in New York City. Customers realize more affordable co-working alternatives, while tight-margin businesses facing increasing rents for under-utilized property are able to pool resources into a network and access a completely new revenue stream at very little cost. The value proposition is proving to be seriously convincing in initial cities – Spacious told the New York Times, that so many restaurants were applying to join the network on their own volition that only five percent of total applicants were ultimately getting accepted. Basically, the business model here checks a lot of the boxes for successful marketplaces: Acquisition and transaction friction is low for both customers and suppliers, with both seeing real value that didn’t exist previously. Unit economics seem strong, and vetting on both sides of the market creates trust and community. Finally, there’s an observable network effect whereby suppliers benefit from higher occupancy as more customers join the network, while customers benefit from added flexibility as more locations join the network. … Or just the co-working of some things… Photo: Caiaimage / Robert Daly via Getty Images So is this the way of the future? The strategy is really compelling, with a creative solution that offers tremendous value to businesses and workers in major cities. But concerns around the scalability of demand make it difficult to picture this phenomenon becoming ubiquitous across cities or something that reaches the scale of a WeWork or large conventional co-working player. All these companies seem to be competing for a similar demographic, not only with one another, but also with coffee shops, free workspaces, and other flexible co-working options like Croissant, which provides members with access to unused desks and offices in traditional co-working spaces. Like Spacious and KettleSpace, the spaces on Croissant own the property leases and are already built for co-working, so Croissant can still offer comparatively attractive rates. The offer seems most compelling for someone that is able to work without a stable location and without the amenities offered in traditional co-working or office spaces, and is also price sensitive enough where they would trade those benefits for a lower price. Yet at the same time, they can’t be too price sensitive, where they would prefer working out of free – or close to free – coffee shops instead of paying a monthly membership fee to avoid the frictions that can come with them. And it seems unclear whether the problem or solution is as poignant outside of high-density cities – let alone outside of high-density areas of high-density cities. Without density, is the competition for space or traffic in coffee shops and free workspaces still high enough where it’s worth paying a membership fee for? Would the desire for a private working environment, or for a working community, be enough to incentivize membership alone? And in less-dense and more-sprawl oriented cities, members could also face the risk of having to travel significant distances if space isn’t available in nearby locations. While the emerging workforce is trending towards more remote, agile and nomadic workers that can do more with less, it’s less certain how many will actually fit the profile that opts out of both more costly but stable traditional workspaces, as well as potentially frustrating but free alternatives. And if the lack of density does prove to be an issue, how many of those workers will live in hyper-dense areas, especially if they are price-sensitive and can work and live anywhere? To be clear, I’m not saying the companies won’t see significant growth – in fact, I think they will. But will the trend of monetizing unused space through co-working come to permeate cities everywhere and do so with meaningful occupancy? Maybe not. That said, there is still a sizable and growing demographic that need these solutions and the value proposition is significant in many major urban areas. The companies are creating real value, creating more efficient use of wasted space, and fixing a supply-demand issue. And the cultural value of even modestly helping independent businesses keep the lights on seems to outweigh the cultural “damage” some may fear in turning them into part-time co-working spaces. And lastly, some reading while in transit: The Grim Future of Urban Warfare – The Atlantic, Darran Anderson New York’s New Wage Law for Uber Drivers is a Lesson for Cities Around the World – MIT Technology Review, Erin Winick Can New Home Building Tech Help Solve the Affordability Crisis? – FastCompany, Adele Peters Homelessness Rises More Quickly Where Rent Exceeds a Third of Income – Zillow Research, Chris Glynn & Alexander Casey Vote on Temescal to Test Core Values – StreetsblogSF, Roger Rudick L.A. Approves New Rules for Airbnb-Type Rentals After Years of Debate – Los Angeles Times, Emily Alpert Reyes Can France Revive its Industrial Heartland? – FT, Harriet Agnew Why Communities Across America Are Pushing to Close Waste Incinerators – CityLab, Rebecca Stoner

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.