Consider the case of two users, Alice and Bob. Alice has sync enabled, Bob does not.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits (due to shared auth cookies), but doesn't sync to the browser itself. Chrome is still logged into Alice's account, so Bob's browsing history is synced, but to Alice's history. This can have any number of unwanted consequences, from privacy consequences to Bob depending on whether or not you think Alice or Google are bad/compromised, to weirdnesses for Alice when she tries to check her history again.
Post this change, Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob, meaning that Bob's history is no longer synced. So for Bob, this is a privacy increase (since now Google and Alice have less access to his browsing history) in that situation, and a usability improvement for Alice.
You could maybe get a similar effect by having account consistency be a thing that always logs the current user out and only also logs you in if you opt in, but that can also I think lead to weird situations for everyday users.
In other words, the point of signing in is to make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits...make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Don't do that then.
There's a simple solution to this conundrum, but it involves google not hoovering up the browsing history of half the world by default. Unsurprisingly, the google team has decided not to implement that solution and instead has tied logins on a web page to logins in a browser ever more tightly, and this move is just another step on that road, until you can tell yourself that 99% of the world logs in to the browser, because it's just easier, so we'll make it opt out instead, and then by a series of small incremental steps, each of which seems reasonable, you're forcing users to log into google and send them your data to get any browsing done at all.
Logging in to the browser is the problem here, not the solution. You should log in to websites, not the browser, that separation is a good one and is there for very good reasons.
That is an extremely narrow example that ignores many other scenarios, some of them privacy related and some of them functionality related.
But I'll bite. In the scenario you just described, can't Alice still just look at her local history and get all of the same information? I just tested -- local history is accessible across accounts in Chrome 69.
So this change doesn't actually protect people who are sharing computers -- a private browsing session is what protects them. And this change doesn't make private browsing any easier.
Also in this scenario, if Bob isn't checking his email or something, he's very unlikely to go log Alice out of her account. So the extremely minor privacy boost that doesn't actually exist because all of Bob's history is still stored locally will still only happen if both Alice and Bob use Gmail.
Which makes it sound like this entire feature was the brainchild of some executive who genuinely can't comprehend someone borrowing a computer and not immediately signing into Gmail. A much better solution to the problem you're describing above would be to draw more attention to private browsing sessions in the UX, or to just have some kind of notification when the user signs out of Gmail.
Heck, you could have the same exact feature, except drop the auto-login part and only have the auto-logout. That would still be a useless feature because of the reasons above, but it would get rid of the vast majority of the privacy concerns the tech community is currently raising.
Auto-login is not necessary to fix the problem you're talking about.
How about popping up a message saying, "you're logging in to someone else's computer, would you like to do this in an incognito window?" Or something like, "you're signing in to a different Google account, would you like us to remember this account and preserve/sync history to account X, which is currently signed into Chrome".
If Bob logs into Alice's computer and forgets to log out all she has to do is hit the "sync" button and she can now view everything that's his synced with his account. Previously she would have at most his email, now she has that and more.
It's a potential privacy violation for Alice and Bob!
How about this scenario:
Alice has Chrome synced to her Google account on her PC.
Bob uses Chrome on his PC but has no Google account and does not log in to Google services. He does uses bookmarks though.
Alice visits Bob and borrows his PC to check her gmail, which logs her in to Bobs Chrome. Then either Alice at that time or Bob at a later date accidentally triggers sync in Bobs Chrome.
TWO bad things happen at this point.
1) all Alice's synced data is downloaded onto Bob's PC. Including her bookmarks and passwords
2) all Bob's bookmarks are synced with Alice's account and Chrome on her PC will download them next time it's online.
Thanks for the explanation. It seems to assume that Gmail is the internet. If people sometimes use Facebook or forums or games instead of Gmail, then history will appear to sync to random places, no?
Bob's browsing history is synced, but to Alice's history
I agree with you that this would upset Alice when she wants to check her personal browsing history. But isn't that the innate consequence of sharing your own computer with other persons? It is the same as Alice lending her MacBook to Bob without logging out herself first. Can't Alice simply log out her Chrome before giving to Bob?
Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob
Why should Gmail (or any Google service) be so special? If Bob log in to his Outlook account, shouldn't the same treatment happen (which clearly indicate a persona switch)? It is clear that Google is using its monopoly power between Google services and Chrome to reinforce the bond between "average users" and itself. Imagine if Chrome dwindles at ~10% market share instead. Do you ever think the Chrome team would have done this feature?
joshuamorton|7 years ago
Consider the case of two users, Alice and Bob. Alice has sync enabled, Bob does not.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits (due to shared auth cookies), but doesn't sync to the browser itself. Chrome is still logged into Alice's account, so Bob's browsing history is synced, but to Alice's history. This can have any number of unwanted consequences, from privacy consequences to Bob depending on whether or not you think Alice or Google are bad/compromised, to weirdnesses for Alice when she tries to check her history again.
Post this change, Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob, meaning that Bob's history is no longer synced. So for Bob, this is a privacy increase (since now Google and Alice have less access to his browsing history) in that situation, and a usability improvement for Alice.
You could maybe get a similar effect by having account consistency be a thing that always logs the current user out and only also logs you in if you opt in, but that can also I think lead to weird situations for everyday users.
In other words, the point of signing in is to make sure no one else can accidentally (or intentionally) siphon away your browsing history.
grey-area|7 years ago
Don't do that then.
There's a simple solution to this conundrum, but it involves google not hoovering up the browsing history of half the world by default. Unsurprisingly, the google team has decided not to implement that solution and instead has tied logins on a web page to logins in a browser ever more tightly, and this move is just another step on that road, until you can tell yourself that 99% of the world logs in to the browser, because it's just easier, so we'll make it opt out instead, and then by a series of small incremental steps, each of which seems reasonable, you're forcing users to log into google and send them your data to get any browsing done at all.
Logging in to the browser is the problem here, not the solution. You should log in to websites, not the browser, that separation is a good one and is there for very good reasons.
danShumway|7 years ago
But I'll bite. In the scenario you just described, can't Alice still just look at her local history and get all of the same information? I just tested -- local history is accessible across accounts in Chrome 69.
So this change doesn't actually protect people who are sharing computers -- a private browsing session is what protects them. And this change doesn't make private browsing any easier.
Also in this scenario, if Bob isn't checking his email or something, he's very unlikely to go log Alice out of her account. So the extremely minor privacy boost that doesn't actually exist because all of Bob's history is still stored locally will still only happen if both Alice and Bob use Gmail.
Which makes it sound like this entire feature was the brainchild of some executive who genuinely can't comprehend someone borrowing a computer and not immediately signing into Gmail. A much better solution to the problem you're describing above would be to draw more attention to private browsing sessions in the UX, or to just have some kind of notification when the user signs out of Gmail.
Heck, you could have the same exact feature, except drop the auto-login part and only have the auto-logout. That would still be a useless feature because of the reasons above, but it would get rid of the vast majority of the privacy concerns the tech community is currently raising.
Auto-login is not necessary to fix the problem you're talking about.
amaccuish|7 years ago
tedivm|7 years ago
To me that seems like a decrease in privacy.
Flenser|7 years ago
How about this scenario:
Alice has Chrome synced to her Google account on her PC.
Bob uses Chrome on his PC but has no Google account and does not log in to Google services. He does uses bookmarks though.
Alice visits Bob and borrows his PC to check her gmail, which logs her in to Bobs Chrome. Then either Alice at that time or Bob at a later date accidentally triggers sync in Bobs Chrome.
TWO bad things happen at this point.
1) all Alice's synced data is downloaded onto Bob's PC. Including her bookmarks and passwords
2) all Bob's bookmarks are synced with Alice's account and Chrome on her PC will download them next time it's online.
allenz|7 years ago
CrendKing|7 years ago
I agree with you that this would upset Alice when she wants to check her personal browsing history. But isn't that the innate consequence of sharing your own computer with other persons? It is the same as Alice lending her MacBook to Bob without logging out herself first. Can't Alice simply log out her Chrome before giving to Bob?
Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob
Why should Gmail (or any Google service) be so special? If Bob log in to his Outlook account, shouldn't the same treatment happen (which clearly indicate a persona switch)? It is clear that Google is using its monopoly power between Google services and Chrome to reinforce the bond between "average users" and itself. Imagine if Chrome dwindles at ~10% market share instead. Do you ever think the Chrome team would have done this feature?