Google landed in some hot water earlier this week after Matthew Green, a cryptography professor, published a blog post pointing out that Google had sneakily started signing users into the Chrome browser after they logged into any of the Google-owned websites. In a new blog post, the company promised to make some changes to the next version of Chrome to rectify those mistakes.
Green's concerns with Google's move were twofold: first, that this was being done without permission, which is a violation of users' privacy; and secondly, that the language used on the drop down in Chrome was far too vague and did not explicitly communicate to users that while they were signed into the browser, their data was still not being synced to Google's servers.
Chrome Product Manager, Zach Koch, addressed these concerns today, by announcing that Chrome 70 will come with an option to disable automatic sign-ins to Chrome when a user signs in to their Google account on a website. He also clarified that the next update to the browser would include UI changes that more clearly distinguish between the three states Chrome can now run in: signed out, signed in without syncing, and signed in with syncing. These are shown in the image below.
Koch also announced a change to the way cookies are handled in the current version of Chrome. Even when a user chose to delete cookies, Google will keep the authentication cookies for their Google account so they would remain signed in to Google services. With the release of Chrome 70, this behaviour will be changed and all cookies will be deleted, with users being signed out of Google services.
That Google has finally come around following the backlash is a positive sign, though the fact that Google made such a major change to the browser without properly communicating it to users in the first place does leave a bad taste in the mouth.