Privacy-conscious users were unhappy at being signed in to browser without consent.
Google will partially revert a controversial change made in Chrome 69 that unified signing in to Google’s online properties and Chrome itself and which further preserved Google’s cookies even when users chose to clear all cookies. Chrome 70, due in mid-October, will retain the unified signing in by default, but it will allow those who want to opt out to do so.
Chrome has long had the ability to sign in with a Google account. Doing this offers a number of useful features; most significantly, signed-in users can enable syncing of their browser data between devices, so tabs open on one machine can be listed and opened on another, passwords saved in the browser can be retrieved online, and so on. This signing in uses a regular Google account, the same as would be used to sign in to Gmail or the Google search engine.
Prior to Chrome 69, signing in to the browser was independent of signing in to a Google online property. You could be signed in to Gmail, for example, but signed out of the browser to ensure that your browsing data never gets synced and stored in the cloud. Chrome 69 unified the two: signing in to Google on the Web would automatically sign you in to the browser, using the same account. Similarly, signing out of a Google property on the Web would sign you out of the browser.
Google’s Adrienne Porter Felt, an engineering manager on the Chrome team, tweeted that the change was made to address some confusion on shared systems such as family computers. Prior to the change, Chrome users would remember to sign out of Google’s Web properties but leave the browser itself signed in with their account and hence sync any browser data, even if it was generated by other users of the machine. With the change, merely signing out of Google on the Web is enough to prevent this syncing.
Felt stressed that actually enabling syncing required an additional step; merely signing in to the browser isn’t enough to have your browsing history sent to the cloud, so nobody should find their private browsing data sent to Google accidentally.
Nonetheless, some Chrome users were unhappy at the change. Chrome 69 offers no way to decouple this unified logging in, so one errant click would be enough to enable syncing and send a ton of personal data to Google’s servers.
On top of this, Chrome 69 handles Google’s own cookies specially. When choosing to clear all the browser’s stored cookies, those cookies used to sign in to Google on the Web were being preserved, rendering them unremovable.
In response, Google is making changes to Chrome 70. The default behavior will remain as it is in Chrome 69, with signing in to the Web having the effect of signing in to the browser. However, there will now be an option to separate the two, allowing those who never want the browser signed in to do so. Further, the Google sign-in cookies will no longer be given special treatment and will be removed as normal when choosing to clear all the cookies. Chrome 70 is also going to make it clearer when syncing has been enabled.
Google hopes that this change will retain convenience for most Chrome users while also providing the separation that its most privacy-conscious users require.