【】
作者:百科 来源:綜合 浏览: 【大中小】 发布时间:2024-11-22 01:03:00 评论数:
The internet has erupted over Google’s latest Chrome release — and not in a good way.
With an updated user interface, enhanced password manager, and a slew of other updates, you would assume the latest version of Google’s popular web browser, Chrome 69, would be eliciting some pretty good responses.
But security experts just shined a light on a controversial feature that came with the latest Google Chrome that previously wasn’t announced by the search giant.
A Google Chrome user recently pointed out on Hacker News that Google now forces you to login to your Google account on Chrome if you login to any other Google service using the browser. Logging out of a Google service will also force log you out of Google Chrome.
While there are a number of concerns being leveled at Google here, the issue is essentially two-part. The major issue is the obvious one. Users don’t understand why logging into Gmail, Google Docs, or any other Google service would need to force Google Chrome to also connect to their Google accounts, presumably giving Google access to its browser history, saved passwords, and other personal information. The other issue of focus is Google’s decision to be so quiet about such a major change.
Google’s Adrienne Porter Felt, an engineer and manager for the Chrome browser, took to Twitter to explain a little bit more about the forced login changes.
Tweet may have been deleted
Felt, tackling the first main concern, points out that Chrome’s Sync feature, which shares browser information such as history with Google so it can be shared across your devices, is turned off by default.
Felt also explains that the reason Google decided to make this change was to put an end to any confusion users may have had when trying to sign out of public or shared devices. Basically, Google tied Chrome and Google accounts together so you wouldn’t sign into a service on Chrome and accidentally sync information with someone else’s account.
Tweet may have been deleted
Tweet may have been deleted
But a number of security professionals simply weren’t buying it.
Matthew Green, a cryptographer and professor at Johns Hopkins University, wrote a lengthy blog post explaining why this move from Google was enough cause for him to stop using Google Chrome entirely. In his post "Why I’m done with Chrome," Green points out that a user would have had to be signed into Google Chrome to begin with for this to be a problem needing a fix to begin with. So, why force users to sign in?
Additionally, Green makes the case that if this was such a positive fix to a major issue, Google would have presented it publicly along with all the other new features and changes. He also points to an issue Mashable has discussed before: dark patterns. With settings options presented by a design and in a language Google sees fit, do Google Chrome users even know what they’re really opting in for if they choose to opt-in to Sync?
Going a step further, security expert Bálint made the case that Google Chrome is essentially a Google service now as opposed to a separate application that can live on its own without being tied to a Google account. The argument here is if you wouldn’t trust Google with your documents, files, or photos due to privacy concerns, then you now can no longer trust Google Chrome with your information either.
The issue here is that there’s no simple fix. Google Chrome is the most popular web browser. According to StatsCounter, Chrome holds nearly 60 percent of the marketshare, so opinions are bound to be all over the place. You can agree with the security experts who find the changes to be a massive privacy issue. You can agree with those who find Google’s new forced login changes to be helpful. There’s certainly truth to both. But there’s no doubt Google self-sabotaged whatever its intentions were by keeping mum about it.
Featured Video For You
From balloons to satellites, here’s how big tech is battling it out to bring internet to the most remote areas
TopicsCybersecurityGooglePrivacy