I figured Google would do something cosmetic (again, that's all that I think they really needed to do) to clear up the misconceptions here, but they've added a Matthew Green switch (which is what we all need to call it from now on). That's better than I'd hoped for.

[1]: https://textslashplain.com/2018/09/24/chrome-sync/

> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.

I hope this is a wake up call that privacy implications need to be seriously considered during product design (even if the intent was better UX), and hidden changes without any UI/notice is going to make issues blow up far more than if there was clear in-app communication.

They're building in features that integrate their browser into their web pages.

As far as I'm aware no other major browser holder has done anything of that sort, but I'm probably missing some examples.

I've currently got 6 different gmail accounts pinned. So which Google account am I supposed to be signed into Chrome for?

- Search

- Analytics

- Email

- Storage

- Android tracking

- Online video

- Chrome which is now becoming a portal to the GoogleWeb

I don't want any company to control this much of what I do online as a matter of principle.

At this point they're a victim of their own success.

There's just too much to keep up with at this point.

I'm happy about this change, it's a big move in the right direction. But it doesn't give me any confidence for the future. It's crazy that users have to do this every single release. It can't continue like this.

I have no idea anymore what it would take to get me to switch back to Chrome or to start recommending it to friends and family. I feel like Google is actively training technical communities to distrust them. It's going to turn into some kind of Pavlovian response.

I really want to know who the internal champion was for getting the cookies to be perma-stored in the first place. It has to be someone relatively high up and I’m genuinely curious how high it goes.

Surprised to say that not much has changed with the move. I was able to find all my extensions in the firefox addons. Life continues

When company and customer interest are misaligned this is the result. There are plenty of cases where a strong leader in the company with a strong ideology can hold this stuff back, but companies normally outlast those individuals and eventually there's nobody left to stand in the way.

It's wonderful that we were able to make enough noise and fuss that the cost/benefit shifted sufficiently but this will happen again, and then again, and so on... And eventually, we'll be tired of yelling or won't be able to yell loud enough.

Vote with you attention and your data and your money. Switch to Fastmail or Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another not-so-great-for-developers-anymore Apple macbook pro. Choose these options even if they aren't as good because if we don't support the handful of companies who are trying to do something other than gobble up all of our attention and data we're in for a really dark future for the web.

This time, somebody decided the only clean path out was to be responsive: to make changes which reflected community concern and to tell people about them

Which I think, is good. I vastly prefer the google which tells people it listened, to the one which says it listens but doesn't tell us whats happening to the inputs we give.

(thats the one which lies behind any three-dots 'send feedback' hooks in almost any google app or s/w I use: I never get the sense anyone reads it, cares about it)

"Oh whoops we got caught. We'll give the few upset people an extra check box to revert to old behavior. But luckily no one else will ever know."

I have learned an important fact that Ad business is rotten at the core - meaning it has direct conflicts with users. Therefore, I can never come to trust any Ads businesses: Facebook, Google, Snapchat, etc and recently Adobe and Microsoft.

I’m disgusted at the state of advertisement in modern society. It ruined cable, radio, social media, road sides, magazines and the very fabric of society. Turns out that our attention has a huge price tag.

These marketing / ad tech companies masquerading as consumer products will inevitably drift toward more invasion of privacy and user exploitation.

[1] https://chromium.googlesource.com/chromium/src.git/+/master/... [2] https://chromium.googlesource.com/chromium/src.git/+/master/... [3] https://chromium.googlesource.com/chromium/src.git/+/master/... [4] https://chromium.googlesource.com/chromium/src.git/+/master/...

I still love the rationale for this decision:

> Over the years, we’ve received feedback from users on shared devices that they were confused about Chrome’s sign-in state.

Their solution: Let's add another state - the "sync" state - I'm sure this won't be confusing to users at all /s

Anyway, 90-95 % of users will probably just stick with the default value because they either don't know about the option or don't care enough to change it, hence from Google's perspective introducing it won't hurt their data collection efforts that much while they can at least say they did something to protect people's privacy. This is why I think "privacy by default" is so important, and it's sad to see that some of the largest players in the data collection space still ignore it.

Do you still want to play with your users, Google? It's your product and your choice. Good night and good luck

Thanks!

To be honest, it’s best to use an independent company for your internet browser. Google’s incentives and business model no longer matches web browsing for someone who cares about privacy.

I wouldn't use those words. I would replace that with "when the backlash is large enough"

Also I read several comments in that thread about how all of that feedback was pointless because the "vast majority of users don't care."

This type of comments always come up after anything a bad company does. You don't need the majority of users to force a change. In fact no movement ever starts with a majority.

That said, Google can no longer be trusted not to screw over Chrome users in the future. Trying to track users this aggressively and then only backing down after a large backlash doesn't really tell me that Google will be playing nice from now on.

I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.

Firefox is basically unusable with this bug; Facebook takes forever to load, and even Reddit r/firefox shows "A webpage is slowing down your browser" bar at the top.

Active relevant bugs are here: https://bugzilla.mozilla.org/show_bug.cgi?id=1404042 https://bugzilla.mozilla.org/show_bug.cgi?id=1429522

But apparently this has been going on for 2+ years and Mozilla hasn't been able to fix it.

Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox, it's both concerning and surprising that a bug of this proportion has gone on so long.

Edit: Jeff from Mozilla has reached out. I sent him a perf log and a screenshot. Tracking here: https://bugzilla.mozilla.org/show_bug.cgi?id=1494186

I imagine more and more so called convenient features might come where Chrome can suddenly install entire Windows apps, clean my files, and replace my OS. Then again, why not. Who am I to tell Google how to compete, maybe they can replace Windows with something better by gradually bloating up Chrome into an OS inside an OS.

Edit: Permalink to the relevant comment: https://bugs.chromium.org/p/chromium/issues/detail?id=883038...

We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.

Now Google is the portal. I’m done with it.

Don't every freaking website have "Keep Me Signed In" (Don't use this on shared computer) message for decades already?

There are lot of people working on it (including my startup) to solve the problem that are fraught with ad-tech in general and we are making progress but there is lot of inertia in the industry when it comes to change.

Personally, browsers don't need users to signin. They can sync data laterally with other instances. I suppose Google hasn't heard of bonjour.

"Only on TV and radio, and in magazines, and movies, and at ball games... and on buses and milk cartons and t-shirts, and bananas and written on the sky." (And that was in 1999. The 2018 version would have to be extended: "And in our email, and in the Windows start menu, and in our phones, and on shopping carts and subway turnstiles, and maps, and video games, and in photo albums, and even inside of other ads. And the ads watched you as much as you watched them. But not our dreams.")

Not so much from a privacy angle but from more of a 'Chrome has lots its way' angle.

A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.

Glad to see they are listening to user feedback and reacting quickly.

Also, in my (admittedly, n=1) experience, Sync was enabled automatically, perhaps because I had tried it at some point.

There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.

Communication about it seems to be. The actual code changes seem like they'll roll out in um... 3 or so months from now?