The launch of Google Chrome 69 kept everyone enthralled with a trail of reports for some new features. In one instance, it facilitated users by introducing the random password generator. Whereas, on the other hand, it infuriated many people by announcing the removal of ‘www’ and ‘m’ subdomains from the URL. Nonetheless, the decision was withdrawn in this version due to outrage from users. We now have a report about another nasty feature in this Chrome version. Reportedly, Google Chrome secretly logs your activity whenever you visit a Google website.
Google Chrome Secretly Logs User Activities With “Chrome Sync”
Many of you might have already switched to the latest Chrome 69 browser. While exploring the features, you may not have noticed a new option that remained unannounced. Nonetheless, through this particular option, Google Chrome secretly logs users’ activities upon visiting a Google website.
Known as “Chrome Sync”, the tool utilises an auto-login mechanism for users. Hence, anyone browsing through a Google-owned website after logging-in (for instance, Gmail) would instantly be syncing their browsing details to Google.
What’s more problematic for many users is that Google simply logs the browser to your Google account without prior notice. It means you will get no intimation when Google starts syncing your browser.
Regarding why Google made this change, a Chrome engineer said in their tweet.
The intent is to prevent a common confusion in shared device situations where the login state of the browser ends up different from the login state of the content area. It does not turn on sync without an additional consent step
— Adrienne Porter Felt (@__apf__) September 22, 2018
Nonetheless, she further explains that this feature does not automatically send a user’s browsing history to the Google account. The moment a user signs-in to their Google account on any website, the browser window starts showing the account’s profile picture as the signed-in user. This gives an indication about your current logged-in state.
After that, the moment you sign-out of a website, your Google account logs off from the browser as well.
The new UI clearly reminds you whenever you're logged in to a Google account. Plus, you now only need to sign out in one place before you share your computer with someone else. 4/
— Adrienne Porter Felt (@__apf__) September 24, 2018
Turning Off ‘Chrome Sync’
While the sync option isn’t new in Chrome, it didn’t previously have this auto-login mechanism. However, with the recent change, people now look for ways to get rid of this seemingly unnecessary login.
Is there no way to disable it? Personally, it just makes me feel uncomfortable. I don't particularly want my account to be attached to my browser. It feels like I've logged in using my Gmail.
— Nathan (@NathOnSecurity) September 22, 2018
Well, turning this option isn’t difficult. Here is what a tweet explains to us.
you can go to chrome://flags//#account-consistency
then set it to disabled.
You have to go looking in the experimental flags section and it's only on desktop(so it's only an opt out for technical people who know what to do when they get to the flags page).
— The InfoSec Dragon (@books_n_infosec) September 24, 2018
According to Adrienne Porter Felt, the Sync option does not turn on automatically. Rather activating this option requires an additional step by the user. Nonetheless, people are skeptical regarding the actual behavior of this tool. Thus, anyone having doubts about the feature may choose to turn it off.
Would you prefer using Chrome Sync as it is, or would you turn it off? Do share with us your thoughts by commenting below.
Latest posts by Abeerah Hashim (see all)
- Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability - February 19, 2019
- Vulnerability In Xiaomi Electric Scooters Allows Attackers to Take Control of the Machine - February 17, 2019
- Firefox For iOS Now Offers Persistent Private Browsing With Firefox 15 - February 17, 2019