When someone in the security community raised this, it turned out that apparently this is intended behaviour from Google’s side as confirmed by multiple googlers and they were wondering why the new behaviour might feel abusive to some people. Some folks working on Chrome pointed out that most people can’t differentiate between logging into a Google Site and logging into Chrome and this has lead to problems with shared computers, where person A logs into GMail, but person B is logged into Chrome. This prompted Chrome developers to come up with the change that erases the distinction entirely.
It is at this point that I should note that I don’t personally use Chrome, as I felt it was too closely corporate Google even before this change. This is also not a post arguing that “some users can tell the difference, therefor…”, I do believe software should be written with the common users in mind. Interestingly, the common user belief that strongly equates Chrome with a Google Service (and not an application or tool) is probably the more accurate view of Chrome, post release 69. It’s worth wondering from where users got that impression and why.
So if this change is just about bringing Chrome in line with what most users believe anyway, what’s the fuss? Perhaps it’s not about what people believe, but what is right. Perhaps Google doesn’t want Chrome, currently having majority browser market share, to be a neutral platform. A lot of people, developers especially, believe that Chrome is a Google-influenced but more or less neutral tool and then this widespread belief has to be reconciled with the Chrome-as-a-service thinking.
Violating the content vs browser separation layer doesn’t just conform to what a lot of users believe, it also ties what’s happening inside the browser to Google on an unprecedented level, throwing the neutrality of Chrome as a platform into question. What’s the next thing that Google and only Google can make Chrome do? Concerned about shared computers but you’re not Google? There is no neutral API to log someone out from Chrome and prevent data from being synced if it’s about person A logging into Facebook in person B’s Chrome profile.
Many schools, including Madison, use Google services. Matthew Green dives into Google’s privacy policy.