The latest update to Chrome (Chrome 70) sneaks in yet another ‘convenience’ for you. When you use Chrome to login to and Google account (Gmail, YouTube, etc.), it will automatically also log you into Chrome. That could be handy – if you want to sync your Passwords, Payment handlers, bookmarks, browsing history, search history, etc. But it could be a serious security and privacy breach if the machine you’re using is not your machine; whether that be in work, college, library, internet-cafe etc.
There is no pop-up warning you, or asking your permission, and you are opted in automatically when you update to Chrome 70. Fortunately you can disable it. It’s in the same location as the previous sneaky ‘convenience’ was added, as described in my previous blog post “Chrome 68 Payment Handler API – is it storing Payment Methods?“.
Thanks to issues raised by users as described in this Google Blog “Product updates based on your feedback” Google relented and included the option to turn off the auto Chrome sign-in. But why did the opt-out only come after a wave of negative feedback? Didn’t Google realise in their design meetings the opt-out was a necessity? Or did they prioritise the data they’d gather over your security and privacy?