[ewjordan]

Yeah...and that thread says that the change is basically nothing, just a UI indicator:

> Q: I don’t get, though — if you’re signed in to the browser but sync is off, then what does it mean to be signed in to the browser? What does it do besides sync?

> A: Not much, you can think of it like a Gmail login state indicator.

If that's fully the case, then there's nothing to see here and people are freaking out over nothing. Am I missing an important element here, other than that people don't trust Google?

[signal11]

@__apf__ is being slightly disingenuous when she says "Not much ... like a Gmail login state indicator." Google logins are used across the web by a lot of sites. For instance here's what happens when you visit an Indian financial paper, the Economic Times, using Chrome 69: https://imgur.com/a/nFvxI0U (some personal info has been blurred out).

I almost never visit the Economic Times, and I certainly never log in, but now it gets a chance to log me in using my 'real' identity, and there's even a popup to nudge me in that direction. Any site that implements Google Logins can do this, as far as I can tell. I'm pretty sure most people who chose to enable browser sync in Chrome didn't opt for this.

I think the Chrome team really screwed up on this by not considering how Google IDs are used across the web. And for what? The rather marginal scenario of eliminating confusion in shared-browser situations?

Or they knew the full implications and did it anyway, which is even more disturbing.

[grey-area]

It all makes sense if the end goal is for the browser to push google login across the web, and make google accounts the preferred way to log in to websites. In that case they're doing you a favour, it's all in your best interests, as well as Google's of course. [/sarcasm]

I simply don't trust a single corporation that much.

[torstenvl]

They are not doing me a favor. Software companies need to stop believing their own paternalistic propaganda. Nobody at Google is in a position to determine whether they are doing me a favor or not.

[grey-area]

It was sarcasm, this is how the google workers rationalise this to themselves (see other posts on this thread).

[torstenvl]

Sorry, my mistake.

[tedivm]

It's not the case though. Google's privacy policy has two different "modes" for Chrome, one for being logged in and one for being logged out. By tricking people into logging in without their consent they are also tricking people into allowing that extra data to be collected.

Their current argument is that they aren't actually collecting that data- just getting permission to- but that's kind of sketchy and still leaves them open to other changes that do start collecting things.

The other big issue people have with this is that the use case they're talking about- accidentally logging into a site and not logging out- is an issue with all websites, not just Google. Adding a UI for Google services explicitly is something only Google could do, which makes their browser less "neutral". This is why people keep bringing up antitrust. By taking advantage of their monopoly to further entrench that monopoly they are breaking the trust of their users.

[Zarel]

You're misreading the privacy policy. Google's privacy policy has two modes, one for sync on, and one for sync off. Logging into Chrome does not turn sync on, so you can be logged into Chrome and still covered by the "basic" privacy policy.

They aren't actually collecting that data because you haven't turned sync on.

[ntp85]

Yeah, well, but what keeps them from silently changing that, seeing that users are already logged in? The UI for the sync preferences is sketchy at best as it is right now and you're basically just one misclick away from handing all your browsing data over to Google.

[colordrops]

It's almost a certainty that they will continue down the slippery slope and start syncing data automatically in a future update. That sort of change has happened several times, so there is precedent.

[visarga]

But can't you protect your synced data with a passphrase?

[ntp85]

According to the Chrome privacy policy the synced data is inaccessible to Google if it is encrypted with a passphrase, even though this encryption seems to be weak: https://palant.de/2018/03/13/can-chrome-sync-or-firefox-sync...