Google has started to automatically log some users into its services without their knowledge, a decision that has caused an uproar in the security community and led to a prominent researcher saying he has swapped browsers out of privacy concerns.
The policy change in Chrome version 69 means that Google account-holders who run the browser are automatically logged into Google services they visit. User consent isn't sought by the browser which authenticates to Google properties without notification other than placing a user's profile picture in the top right hand corner of the browser.
John Hopkins University lecturer and cryptographer Matthew Green protested the forced logins, prompting Chrome manager and engineer Adrienne Porter Felt to explain on Twitter that the change was made to avoid data leaking between accounts in when people share devices,
Logging in to Chrome associates people's browsing histories with their Google accounts.
While Chrome browsing histories are not currently synced to people's Google accounts, the fear is that this will happen in the near future and could become a major threat to privacy.
Green did not buy Porter Felt's explanation, and said the forced login policy "has enormous implications for user privacy and trust" that "makes a hash out of Google’s own privacy policies for Chrome."
"Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense," Green said.
User data on shared devices getting mixed up with their respective accounts is bad, but it would only happen if people are already signed into Chrome, Green said, before asking "... if signed-in users are your problem, why would you make a change that forces unsigned–in users to become signed-in?"
"Google needs to stop treating customer trust like it’s a renewable resource, because they’re screwing up badly," he added.
Green says he is now through with Chrome and has switched to Mozilla Firefox which he says is every bit as good as Google's web browser.