Google Promises Chrome Changes After Privacy Complaints
Two complaints in recent days involve how Google stores data about browsing activity in files called cookies and how it syncs personal data across different devices. Google representatives said Monday and Tuesday there’s nothing to be worried about but that they’ll be changing Chrome nevertheless.
“We’ve heard — and appreciate — your feedback from the last few days, and we’ll be making some product changes,” tweeted Parisa Tabriz, a security team leader at Google.
Google added in a blog post Tuesday evening that it will add new options and explanations for its interface and reverse one Chrome cookie-hoarding policy that undermined people’s attempts to clear those cookies.
The situation shows the difficulties Google faces offering both the most widely used browser and one of the most powerful online advertising empires. Chrome is a powerful tool that lets websites gather the kind of personal information that makes it possible for advertisers to target ads for a particular audience. But Google operates some of the biggest online sites out there, and Chrome itself, if unfettered, has a view into our most private online activity.
Two Chrome complaints
The first complaint came on Saturday from Johns Hopkins University professor and cryptography expert Matthew Green, who objected to a change in the newest Chrome version showing when you’re logged into a Google website instead of the previous behavior, showing when you’re logged into Chrome’s service to sync passwords, browser history and other settings.
“I’m done with Chrome,” Green said, moving to Mozilla’s Firefox instead.
Google security team member Adrienne Porter Felt responded on Monday that Green’s worst fears — that logging into a Chrome website also engaged Chrome sync, sharing new data with Google — didn’t occur. The change, she said, was made so that people wouldn’t inadvertently leak private data when sharing a computer, a situation she said is common.
“Chrome desktop now tells you that you’re ‘signed in’ whenever you’re signed in to a Google website,” Porter Felt tweeted. “This does NOT mean that Chrome is automatically sending your browsing history to your Google account!”
Although Chrome doesn’t sync data unless you take another step, signing into a Google website does sign you into Chrome. But Google will let people reverse that practice.
“For users that disable this feature, signing into a Google website will not sign them into Chrome, Zach Koch, a Chrome product manager, said in Google’s blog post.
The second complaint came from Christoph Tavan, chief technology officer at ContentPass, a startup trying to let people pay for online content instead of yielding their privacy to advertisers. “‘Clear all Cookies except Google Cookies’, thanks Chrome,” Tavan tweeted when he discovered that Chrome keeps some Google cookies even if you try to clear all your browser’s cookies.
Tavan’s findings drew criticisms from employees working on rival browsers Firefox and Brave who saw Google’s cookies persist. Chrome’s cookie-clearing interface warns under some circumstances that “you won’t be signed out of your Google account” or that it “signs you out of most sites.” CNET reproduced the Chrome cookie-keeping behavior.
“If you’re signed in to Chrome, Chrome creates / restores Google auth cookies,” Tabriz tweeted Tuesday. “To stop that behavior, you can sign out.”
But that behavior won’t continue, Koch said.
“In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared,” he said. “We will change this behavior that so all cookies are deleted and you will be signed out.”