Chrome Header Image

With the release of Chrome 69, it was discovered that when you log into your Google account, or any Google service for that matter, you will also be automatically logged into Chrome whether you want to or not.

So what's the big deal?

According to a Adrienne Porter Felt, an engineer and manager on the Google Chrome team, it is not a big deal and this should just be seen an visual indicator that the user is logged into Google, but does not mean that data is actually being uploaded. 

On the other hand, Matthew Green, a cryptography professor at Johns Hopkins university, feels that this is a really big deal as it associates a browser with a Google account, which should never happen unless you choose to login to Chrome. Even if browsing data is not uploaded and sync is not enabled, there is data that could be gathered simply by the authentication process alone.

To make matters worse, by forcing users to login to Chrome when you use another Google service, such as Gmail, Chrome is placed into a completely different category in the Chrome privacy policy. For example, the privacy policy states that once you are signed in, various information is uploaded to Google.

When you sign in to the Chrome browser or a Chromebook with your Google Account, your personal browsing data is saved on Google's servers and synced with your account. This type of information can include:

  • Browsing history
  • Bookmarks
  • Tabs
  • Passwords and Autofill information
  • Other browser settings, like installed extensions

These settings are automatically loaded for you anytime you sign in to Chrome on other computers and devices. To customize the specific information that you synchronize, use the "Settings" menu. 

To users, this is downright confusing as on one hand you are being told that your data is not being uploaded unless you turn on sync, but the privacy policy states that data will be uploaded simply by signing in.

The fact that Google has decided forcibly sign you into the browser without your permission also causes Green to be concerned that one day they may decide to just start synchronizing your data when you are not looking.

"If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and  didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me?" stated Green in an article on why he's no longer using Chrome. "What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?"

Does Chrome actually synch without your permission?

When you log directly into Chrome, one of the features that is automatically enabled is sync. This feature automatically synchronizes your bookmarks, history, passwords, and other settings with your Google account.

Turn on Sync in Google Chrome
Turn on Sync in Google Chrome

Once sync is enabled, it is clearly shown when you go into settings.

Settings showing that Sync is enabled
Settings showing that Sync is enabled

Porter, though, has stated that when you are forcibly logged into Chrome by logging into a Google account, this Chrome login is simply being used as a visual indicator and sync is not enabled in the browser.

This appears to be true, as if you are forcibly logged into Chrome and open the settings, it shows that sync is disabled.

Logged in but sync not enabled
Logged in but sync not enabled

While  sync is not automatically enabled, it is still confusing when it comes to the user experience. Furthermore, while sync is not enabled, it is not clear as to what other information may be collected simply by the authentication process.

How to disable being forced to login to Chrome

If you want to continue using Chrome, but do not want your Google login state to be synchronized with the browser, you can turn it off using the account-consistency Chrome flag, which has the following description.  

Identity consistency between browser and cookie jar
When enabled, the browser manages signing in and out of Google accounts. – Mac, Windows, Linux, Chrome OS, Android

To disable "Identity consistency", you can follow these steps:

  1. Open Chrome
  2. Type chrome://flags/#account-consistency in the address bar and press enter.
  3. When the "Identity consistency between browser and cookie jar" flag is displayed, set it to Disabled.
    Disable account-consistency Chrome flag
    Disable account-consistency Chrome flag
  4. Chrome will prompt you to relaunch the browser in order to disable the feature, which you should do now.

With this feature disabled, you will no longer be forcibly logged into Chrome when logging into any other Google service such as Gmail or your Google account.

Developer Releases privacy-centric Ungoogled-Chromium

For those looking to use a more privacy-centric, but older version of Chrome, you can try out a third-party fork of Chrome called Ungoogled-Chromium.

"ungoogled-chromium is Google Chromium, sans integration with Google," states the repository's description. "It also features some changes to enhance privacy, control, and transparency."

According to the project these changes try to improve privacy by doing the following:

  • Disable or remove offending services and features that communicate with Google or weaken privacy
  • Strip binaries from the source tree, and use those provided by the system or build them from source
  • Disable features that inhibit control and transparency, and add or modify features that promote them (these changes are minor and do not have significant impacts on the general user experience)

For those who do not want to compile the source and just use a precompiled binary, there are versions for Linux, macOS, and Windows. The Linux and macOS versions have newer Chrome 68 builds and Windows has an available build from Chrome 67.

Related Articles:

Chrome 69 Keeps Google's Cookies After You Clear Browser Data

Google Experiments With Showing Search Queries in Chrome 71 Address Bar

Chrome 70 Lets you Control Automatic Login and Deletes Google Cookies

Google's Removing the file:// Scheme from Chrome's Address Bar

Chrome 69 Shows the WWW & M Subdomains Again, but It’s Only Temporary