X

Google promises Chrome changes after privacy complaints

The search giant comes under fire for hoarding cookies and logging its website users into Chrome.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
3 min read
chrome-lapel-pin-4sts.jpg

Google's Chrome browser.

Stephen Shankland/CNET

Google , on the defensive from concerns raised about how Chrome tracks its users, has promised changes to its web browser.

Two complaints in recent days involve how Google stores data about browsing activity in files called cookies and how it syncs personal data across different devices. Google representatives said Monday and Tuesday there's nothing to be worried about but that they'll be changing Chrome nevertheless.

"We've heard -- and appreciate -- your feedback from the last few days, and we'll be making some product changes," tweeted Parisa Tabriz, a security team leader at Google.

Google added in a blog post Tuesday evening that it will add new options and explanations for its interface and reverse one Chrome cookie-hoarding policy that undermined people's attempts to clear those cookies.

The situation shows the difficulties Google faces offering both the most widely used browser and one of the most powerful online advertising empires. Chrome is a powerful tool that lets websites gather the kind of personal information that makes it possible for advertisers to target ads for a particular audience. But Google operates some of the biggest online sites out there, and Chrome itself, if unfettered, has a view into our most private online activity.

Watch this: Details leak of Google's censored search engine

Two Chrome complaints

The first complaint came on Saturday from Johns Hopkins University professor and cryptography expert Matthew Green, who objected to a change in the newest Chrome version showing when you're logged into a Google website instead of the previous behavior, showing when you're logged into Chrome's service to sync passwords, browser history and other settings.

"I'm done with Chrome," Green said, moving to Mozilla's Firefox instead.

Google security team member Adrienne Porter Felt responded on Monday that Green's worst fears -- that logging into a Chrome website also engaged Chrome sync, sharing new data with Google -- didn't occur. The change, she said, was made so that people wouldn't inadvertently leak private data when sharing a computer, a situation she said is common.

"Chrome desktop now tells you that you're 'signed in' whenever you're signed in to a Google website," Porter Felt tweeted. "This does NOT mean that Chrome is automatically sending your browsing history to your Google account!"

Although Chrome doesn't sync data unless you take another step, signing into a Google website does sign you into Chrome. But Google will let people reverse that practice.

"For users that disable this feature, signing into a Google website will not sign them into Chrome, Zach Koch, a Chrome product manager, said in Google's blog post.

The first concern also surfaced earlier on Hacker News. The next bubbled up on Reddit.

Cookie hoarding

The second complaint came from Christoph Tavan, chief technology officer at ContentPass, a startup trying to let people pay for online content instead of yielding their privacy to advertisers. "'Clear all Cookies except Google Cookies', thanks Chrome," Tavan tweeted when he discovered that Chrome keeps some Google cookies even if you try to clear all your browser's cookies.

Some Google cookies -- small text files for things like tracking users, keeping them logged into websites and recording items in an online shopping cart -- survive intact even if you use Chrome 69's cookie deletion tool.

Some Google cookies -- small text files for things like tracking users, keeping them logged into websites and recording items in an online shopping cart -- survive intact even if you use Chrome 69's cookie deletion tool.

Screenshot by Stephen Shankland/CNET

Tavan's findings drew criticisms from employees working on rival browsers Firefox and Brave who saw Google's cookies persist. Chrome's cookie-clearing interface warns under some circumstances that "you won't be signed out of your Google account" or that it "signs you out of most sites." CNET reproduced the Chrome cookie-keeping behavior.

"If you're signed in to Chrome, Chrome creates / restores Google auth cookies," Tabriz tweeted Tuesday. "To stop that behavior, you can sign out."

But that behavior won't continue, Koch said.

"In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared," he said. "We will change this behavior that so all cookies are deleted and you will be signed out."

The best PCs for privacy-minded people

See all photos

First published September 11, 6:11 p.m. PT.

Update, 8:46 p.m. PT: Adds more background and screenshot of Google cookies that survive Chrome's cookie-clearing process.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Infowars and Silicon Valley: Everything you need to know about the tech industry's free speech debate.