A new sync feature in the recently released Chrome 69 connects the browser to other Google properties such as Gmail or YouTube, so when a user signs into Gmail or YouTube, they’re also automatically logged into Chrome with the same account.
This not only caused inconvenience to end users but also prompted some users to raise privacy concerns that it might be unknowingly be sending their browsing data to Google servers.
This feature was offered as part of Google’s’ attempt to simplify the way Chrome handles sign-in.
Google originally claimed the feature was meant to prevent data from leaking between accounts on shared computers.
“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on,” said Chrome product manager Zach Koch, on Wednesday. “Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.”
Now, following criticism from privacy-conscious users, and user feedback, Google now offered to make changes to the Chrome’s’ auto-login feature.
Starting in the next release of Chrome (Version 70) due in mid-October will offer users better control over the auto-login experience, including a new toggle control “to turn off linking web-based sign-in with a browser-based sign-in.”
If this feature is turned on, logging into Gmail or YouTube or any other Google service will sign in users everywhere. However, once it’s disabled, signing into a Google website will no longer automatically sign them into Chrome, says Google.
Here is a picture of the new “allow sign” in settings in Chrome 70:
Google is also updating the user interface (UI) “to better communicate” the sync state of a user. That said, Google is not just changing the user profile icon that sits on the top-right corner on Chrome, but the change will clearly show a users’ sign-in state and “whether they’re syncing data to their Google Account.”
As shown in the image below, a new sync icon on top will show whether the syncing is in progress. Once the user signs in a Google account, a new “Turn on sync…” will become visible.
Chrome 70 UI with Turn on the sync button is shown:
Furthermore, the update will also change how Google handles “clearing of auth cookies.” In the current Chrome, Google keeps “auth cookies to allow to stay signed in even after cookies are cleared.” But, that is going to change, “all cookies in Chrome 70 will be deleted and the user will be signed out,” says Koch.
Chrome 70 is due to release in mid-October. In the meantime, the following easy steps will help prevent the Chrome browser from automatically managing login from other Google services:
- Open Chrome
- Type chrome://flags/#account-consistency in the address bar and press enter.
- When the “Identity consistency between browser and cookie jar” flag is displayed, set it to Disabled.