A small change in Google Chrome raises a lot of controversy about privacy



[ad_1]

Although Chrome has launched In 2008, as a new software, he was for years the dominant web browser, with over 60% market share on desktops and mobiles. So, when Chrome adjusts its features or strategies, it affects a huge number of people around the world. And a recent change in how Chrome handles connections has shown how much these changes can be overlooked.

Even if you do not know much about the subtleties of Chrome settings, you probably know that you can sign in to Google Chrome with your Google Account to sync your browsing history and other useful data between devices. This choice has always been a hallmark of Chrome, emblematic of the balance between Google's commercial incentive to swallow all your data and its stated purpose of respecting the privacy of users.

But a few weeks ago, when the release of its 10th anniversary, Chrome began to present a new behavior that alarmed users who remain deliberately disconnected. If you're signed in to a Google service like Gmail, an icon in the top right corner of the Chrome window now indicates that you're also signed in to Google's browser, regardless of your previous preference.

"This change is a decisive factor," commented a commentator known as Colordrops on Hacker News in early September, in one of the first threads about change. The perception, rightly so, was that Google Chrome now takes a simple connection to a given Google service as a carte blanche to be able to connect a user to other Google products and start sharing data like the one you want. navigation history.

"It was a brilliant line that they made, and they raped it without telling anyone, and updated their privacy policy that after the made people panic. "

Matthew Green, Johns Hopkins University

Over the weekend, Johns Hopkins cryptographer Matthew Green questioned Google's motives in a series of tweets. Adrienne Porter Felt, Director of Engineering Chrome, also responded on Twitterrather than automatically connecting users to Chrome, the new icon instead indicates a sort of intermediate state. Google indicates that the new Chrome connection is similar to Google's general single sign-on feature, which allows your connection to Gmail, for example, to be transferred to Google.com or any other service from the Google site. 39; ecosystem. The company claims that the new Chrome connection type does not provide more information about a user or their browsing habits on Google's servers than to disconnect them.

"Think of it as if you were adding" yo FYI, you are currently connected to Gmail "in the corner of the browser window," she wrote the Saturday. Porter Felt explained that the Chrome team has added the feature to reduce problems with simultaneous connections on shared computers. Elements such as data navigation may be unintentionally shared when two Google Accounts, one on Chrome, the other on Gmail, for example, are connected to the same device.

Porter Felt and other Chrome engineers also pointed out that connecting to Google Chrome because of another Google service did not automatically enable sync features and data sharing with Google, as if you intentionally connect to Chromium. "The simple connection to Gmail does not begin to sync with Google," said Mathieu Perreault, Director of Chrome Engineering. wrote. "It will reuse your Gmail credentials in case you want to sync, but … you have an extra step to consent to sync with Google. "

While the change is barely noticeable for customers who keep Chrome signed on an ongoing basis, these explanations still frustrate the privacy-conscious users who remain intentionally disconnected from Chrome. They also claim that this breached Google's privacy policy, which defines two distinct modes of Chrome: "Basic Browser Mode" and "Signed Chrome Mode". The new change complicates this dichotomy.

Although Chrome's developers have publicly stated this weekend that this partial connection to Google Chrome does not automatically synchronize data with Google's servers, Google confirms this statement. Chrome will start to sync if you click one of the sync buttons that appear in Chrome. It displays a final prompt confirming the decision with the option "Ok, I got it". Once synchronization starts, it will use the locally stored URLs you entered in the search box, but not the full browsing history before synchronization.

"It was a big change and they should have expected people to react," says Jim Fenton, independent privacy and security consultant. "People are therefore concerned from a design point of view that it might entice users to do what Google wants them to do." The way it was done really gave the impression of do something . "

It is difficult to know how the state of connection of the shadow differs from the total disconnection.

Google updated its privacy policy Monday morning to say, "On desktop Chrome, signing in or out of any Google web service (for example, google.com) allows you to access Google. Chromium. Synchronization is only enabled. Customize the specific information that you synchronize, use the "Settings" menu. You can see how much Chrome data is stored for your Google Account and manage it on the Chrome Sync dashboard. "The policy review does not fully specify what the third Twilight Zone connection state is or does, however.

"Even if no data goes up [to Google’s servers] It's a huge change, says Johns Hopkins Green. And they raped it without telling anyone and only updated their privacy policy after the fact that people panicked. "

Given the prevalence of Google's products and services, the company has repeatedly been criticized for changes such as the Chrome Connection Review that seem to further consolidate the power of the company. And while people frustrated with the change support the Chrome Privacy team's desire to reduce the risk of unintentional synchronization between accounts, they find that lack of clarity creates a lack of trust. Many massive Chrome initiatives have been for the greater good – such as the group's multi-year campaign to promote HTTPS web encryption and ding sites that do not use it. And users who avoid signing in to Chrome say they do not feel represented or considered in the latest Chrome changes.

For privacy-conscious users who do not want to be connected to Chrome and risk another policy change that exposes more of their data, the best option to continue using Chrome seems to be using a secondary browser for your Gmail account and others users. Google services. Which is an unattractive prospect.


Biggest cable stories

[ad_2]
Source link