With the release of Chrome 69, it was discovered that when you log into your Google account, or any Google service for that matter, you will also be automatically logged into Chrome whether you want to or not.
So what's the big deal?
According to a Adrienne Porter Felt, an engineer and manager on the Google Chrome team, it is not a big deal and this should just be seen an visual indicator that the user is logged into Google, but does not mean that data is actually being uploaded.
Think of it as adding "yo FYI you're currently logged in to Gmail" in the corner of the browser window. That's what the feature does. It's different from the feature you seem to be talking about which we call sync, that has privacy implications.— Adrienne Porter Felt (@__apf__) September 22, 2018
On the other hand, Matthew Green, a cryptography professor at Johns Hopkins university, feels that this is a really big deal as it associates a browser with a Google account, which should never happen unless you choose to login to Chrome. Even if browsing data is not uploaded and sync is not enabled, there is data that could be gathered simply by the authentication process alone.
I’m still annoyed that Chrome has gone to mandatory Google login — exactly the same way Android did (and has received enormous criticism for) — and people at Google are acting like they’re surprised people are upset.— Matthew Green (@matthew_d_green) September 22, 2018
When you sign in to the Chrome browser or a Chromebook with your Google Account, your personal browsing data is saved on Google's servers and synced with your account. This type of information can include:
These settings are automatically loaded for you anytime you sign in to Chrome on other computers and devices. To customize the specific information that you synchronize, use the "Settings" menu.
The fact that Google has decided forcibly sign you into the browser without your permission also causes Green to be concerned that one day they may decide to just start synchronizing your data when you are not looking.
"If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me?" stated Green in an article on why he's no longer using Chrome. "What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?"
When you log directly into Chrome, one of the features that is automatically enabled is sync. This feature automatically synchronizes your bookmarks, history, passwords, and other settings with your Google account.
Once sync is enabled, it is clearly shown when you go into settings.
Porter, though, has stated that when you are forcibly logged into Chrome by logging into a Google account, this Chrome login is simply being used as a visual indicator and sync is not enabled in the browser.
Sync is not turned on unless you later turn it on.— Adrienne Porter Felt (@__apf__) September 22, 2018
This appears to be true, as if you are forcibly logged into Chrome and open the settings, it shows that sync is disabled.
While sync is not automatically enabled, it is still confusing when it comes to the user experience. Furthermore, while sync is not enabled, it is not clear as to what other information may be collected simply by the authentication process.
If you want to continue using Chrome, but do not want your Google login state to be synchronized with the browser, you can turn it off using the account-consistency Chrome flag, which has the following description.
Identity consistency between browser and cookie jar When enabled, the browser manages signing in and out of Google accounts. – Mac, Windows, Linux, Chrome OS, Android
To disable "Identity consistency", you can follow these steps:
With this feature disabled, you will no longer be forcibly logged into Chrome when logging into any other Google service such as Gmail or your Google account.
For those looking to use a more privacy-centric, but older version of Chrome, you can try out a third-party fork of Chrome called Ungoogled-Chromium.
"ungoogled-chromium is Google Chromium, sans integration with Google," states the repository's description. "It also features some changes to enhance privacy, control, and transparency."
According to the project these changes try to improve privacy by doing the following:
For those who do not want to compile the source and just use a precompiled binary, there are versions for Linux, macOS, and Windows. The Linux and macOS versions have newer Chrome 68 builds and Windows has an available build from Chrome 67.