back to article Google actually listens to users, hands back cookies and rethinks Chrome auto sign-in

Stung by criticism over its creepy cookie hoarding and automatic sign-in in Chrome, Google has pulled a swift U-turn. Kind of. kids drink milkshake That syncing feeling when you realise you may be telling Google more than you thought READ MORE Chrome 70, due in October, walks back controversial changes in the browser that …

  1. pavel.petrman

    Google still know everything about almost everyone, regardless of a switch.

    There are browser extensions (for Firefox at least) which show you (and let you choose) the domains from which there are javascript files loaded and executed on every website you visit. I installed one recently and have noticed that about seventy to ninety per cent of websites load assets from one Google domain or another. Couple that with one or two android phones in your vicinity (even if you personally don't have one) or, God forbid, being photographed with one. Send one or two e-mail messages to a Gmail account every now and then. Basically, all our base are belong to Google already. Public pressure achieving this one switch hidden somewhere deep in the guts of Chrome - if it ever has an effect (cf. the switch for the location services in Android) - does one thing only: lulls some more gullible DK's* into thinking that everything is actually quite fine.

    * DK for Dunning-Kruger, meaning here those who are a bit above the uninitiated mass thinking they got a hunch when they actually don't.

    1. Anonymous Coward
      Anonymous Coward

      Re: Google still know everything about almost everyone, regardless of a switch.

      Google and Facebook both got caught buying bank-transaction / credit-card info plus hospital / medical / patient data. That tells you everything you need to know about where this is going. Adblockers don't stop server-side analytics. The chrome cookie switch is the low hanging fruit of tracking, its not the complete picture!

      What you have to look at is how and why both industrial surveillance complexes want into china. Its not just about the numbers, they also have the best infrastructure to monitor and track every citizen and score them. That's the end game and its coming West. Book a flight on Musk's rocket or there's no escape!

      1. Tinslave_the_Barelegged

        Re: Google still know everything about almost everyone, regardless of a switch.

        Adblockers don't stop server-side analytics.

        Maybe not, but I wonder what a combination of ublock origin and the EFF's Privacy Badger would do on the new slurpy chrome/chromium? It's possible to disallow cookies using Privacy Badger, and even block connections entirely, to say nothing of what's possible with a well crafted hosts file. One can see an extension to yoyo.org adserver blocks aimed at analytics overreahc, for example.

    2. Tinslave_the_Barelegged

      Re: Google still know everything about almost everyone, regardless of a switch.

      Basically, all our base are belong to Google already.

      That may be true, but it is not inevitable that we the people, whether citizens or subjects, will roll over and accept this. To maintain some vestige of what it means to be human, we must continue to resist, making life as hard for data collectors as possible.

    3. Anonymous Coward
      Anonymous Coward

      Re: Google still know everything about almost everyone, regardless of a switch.

      "I installed one recently and have noticed that about seventy to ninety per cent of websites load assets from one Google domain"

      And it's wanker devs, no doubt some hang around on here, that pull these assets and scripts from 3rd party sites with no checks as to whether the file is what it's supposed to be or what data might be leaked from visitors and expose risk to everyone. Put the effing files on your server where you can check them first and not have third parties gatecrash your shit.

    4. JohnFen Silver badge

      Re: Google still know everything about almost everyone, regardless of a switch.

      All of that is why I don't allow websites to run code on my machines, I firewall off all internet communications by default, both incoming and outgoing, don't use Google services or programs, buy things with cash as much as possible, and so forth.

      The major companies that insist on spying on us are engaging in what amounts to a wholesale assault on the public. I can't stop all of the incoming punches, of course, but I can stop a lot of them -- and every little bit helps.

      1. Pen-y-gors Silver badge

        Re: Google still know everything about almost everyone, regardless of a switch.

        @JohnFen

        Out of curiosity, with all those blocks, what exactly do you use t'interwebs for? Pinging servers for fun?

        1. JohnFen Silver badge

          Re: Google still know everything about almost everyone, regardless of a switch.

          I use the internet for the same things that everyone else uses the internet for, except that I avoid social media. I'm just very cautious about it. Being very selective about what code I allow a website to execute on my machine and forgoing Google services in no way reduces the usefulness of the internet.

          1. This post has been deleted by its author

            1. JohnFen Silver badge

              Re: Google still know everything about almost everyone, regardless of a switch.

              I don't. As I said, I firewall everything off by default. Then I allow specific programs and end points on an as-needed basis. My goal is to prevent the unauthorized communications that so many apps engage in these days.

              1. Teiwaz Silver badge
                Joke

                Re: Google still know everything about almost everyone, regardless of a switch.

                I don't. As I said, I firewall everything off by default. Then I allow specific programs and end points on an as-needed basis

                What do you do in your (supposedly free time), design cilice and hair-shirts, flagellate yourself for an hour or two before bed?

    5. JCitizen
      Go

      Re: Google still know everything about almost everyone, regardless of a switch.

      Don't know if this would solve the problem, but I add the DuckDuckGo cookie blocking and search engine to Chrome. Everywhere I go, the websites complain that I'm blocking cookies - it does have a way to allow them for favorite sites that make a living off them. After all the internet isn't really free. Whether chrome can circumvent this, I don't know but it would be easy to test.

      Close Chrome and run CCleaner to exit all cookies from the system. Open Chrome and visit a site that hosts chrome cookies and LSOs. Check the cookie vault in CCleaner to see if they show up. If they do, then that add on isn't capable of blocking chrome cookies. I assume it does though. Occasionally when chrome updates, it tries to delete DuckDuckGo - but that might just be because they are search engine competitors - that is reason enough for Google to try and defeat them.

    6. Mike Tubby

      Re: Google still know everything about almost everyone, regardless of a switch.

      I think you are referring to a new economy - its called 'surveillance economics' where if you didn't pay for the product you are the product ... its an implied bargain (sort of) since if you use gmail you [should] expect Google to index all of your email, if you use Chrome or Edge you should expect (Google, Microsoft) command line completion and spelling mistake correction convenience tools to work using the URLs that you access. If you use public DNS (8.8.8.8, 8.8.4.4, 1.1.1.1 and soon 9.9.9.9) you should expect your source IP to be matched against your hostname queries.

      I have put in place some mitigations since I saw much of this coming...

      1. I run my own DNS servers for both my own DNS zones and as recursive resolvers. I do not use public DNS or my ISP's DNS

      2. I run my own Email servers with Exim 4 and Dovecot. I ensure that SSL with AES-256-GCM over IPv6 is used everywhere possible. My email clients (Windows and Android) use SSL with my servers.

      3. I use different email addresses like mike.facebook@ mike.ebay@ mike.paypal@ mike.amazon@ ... and alias them on my incoming server so that big data slurpers cannot easily join things together - this also significantly reduces the attack surface for hackers that steal back-end databases

      4. I web browse with Chrome, Firefox or Brave and use AdBlock and use several different machines. I don't 'sign in' to services such as Chrome

      5. For things like Google services such as Play Store, Webmaster tools, etc. I use a Gmail 'burn' account - nobody else knows it or uses it, hence nothing lost if I throw it away.

      6. I don't put my mobile phone number, name, address, date of birth on anything I can avoid and where I do my DOB is deliberately wrong (and different). For suspicious/dodgy websites I use throwaway aliases.

      People should think InfoSec and minimise what information about themselves they give away.

      Mike

  2. msknight Silver badge

    The increaste in non-techy people....

    ... asking me how to get off Google services has increased considerably in the last year.

    It seems that the chocolate factory has managed to spook the heck out of people in a manner that Microsoft never managed to do.

    The increase of interest in my Sailfish phone has also increased. People are asking questions and want to know more.

    1. Version 1.0 Silver badge

      Re: The increaste in non-techy people....

      How to get off Google services? ... A pair of wire clippers will do the job.

    2. Mark 85 Silver badge

      Re: The increaste in non-techy people....

      First... don't use Chrome. I do though only for one website.

      Second use something along the of https://someonewhocares.org/hosts/ for IE which blocks almost all ads, cookies, etc. from sites other . I believe there's a similar blocker for Firefox, but again, I only use it for one or two sites.

      When I'm running IE, it's my choice to unblock websites and accept their ads and those damn cookies. The cookies get deleted nightly via a script.

  3. Oengus Silver badge

    For how long

    I'll believe Google when I see the changes implemented. When they are implemented, I wonder how long they will remain in place. Like the TLAs Google keep trying to get people to believe their view of the world is the only "correct view" and that a benevolent, all caring Google knows best what we really want.

    1. Anonymous Coward
      Anonymous Coward

      Re: For how long

      You can trust Google about a far as you can thrown the MS CEO from the shore into Puget Sound. i.e. not very far.

    2. DougS Silver badge

      They got caught

      With their hands in the proverbial cookie jar. They'll try again, and hope people aren't paying attention next time.

  4. Walter Bishop Silver badge
    Linux

    Iridium enhance privacy browser

    Iridium Browser is based on the Chromium code base. All modifications enhance the privacy of the user and make sure the most secure technologies are used.” link

    1. Walter Bishop Silver badge
      Linux

      Re: Iridium enhance privacy browser

      Given the 2 thumbs up & 1 thumb down, do the down voter minding explaining the reason for the down vote?

      1. JohnFen Silver badge

        Re: Iridium enhance privacy browser

        "the down voter minding explaining the reason for the down vote?"

        There's no point in asking. If the downvoter was going to make an argument, they would have. My attitude about downvotes is that they mean literally nothing if they aren't accompanied with an explanation.

        Personally, however, I reject all Chromium-based browsers out of hand. Anything coming from Google requires extra scrutiny and screening, and I don't have the time or interest required to engage in the necessary security review of Chromium.

  5. jaywin

    Options

    So it's apparently too difficult, will be too confusing and will clutter the interface to allow Chrome to use backspace to go back a page, like every other browser did and still does, but absolutely fine to quickly slap one in to stop this auto sign in?

    1. Pen-y-gors Silver badge

      Re: Options

      How many users have I been browsing the interwebs?

      How is it I only discovered 'backspace' today?

      1. Anonymous Coward
        Anonymous Coward

        Re: Options

        "How is it I only discovered 'backspace' today?"

        It means you don't use the keyboard shortcuts that much in a browser, but that's ok. Because most of the time on your mobile browser, you won't get a keyboard anyway.

    2. Stratman
  6. DJV Silver badge

    "tucked away in the Privacy and Security settings"

    Crikey, you're not kidding! The other day I wanted to view and delete a particular cookie as I was testing a website I'm building.

    On Chrome it took the following steps:

    1) Bring up the Settings screen.

    2) Scroll down and click on Advanced.

    3) Click on Content Settings (no, not the one below that mentions Cookies but only allows you to clear them in bulk from there).

    4) Click on Cookies.

    5) Click on See all cookies and site data.

    6) Enter the site name in the Search cookies field.

    7) Click on the site name to show the list of cookies (a further click takes you to the cookie contents).

    8) Click on the X to delete it.

    Firefox is marginally easier.

    1) Bring up the Options screen.

    2) Click Privacy & Security.

    3) Click Manage Data.

    4) Enter the site name in the search field.

    5) Select the cookie and Remove Selected.

    However, if you now want to see the cookie contents in Firefox you've now got to use the F12/Developer Options instead, which is a tad annoying.

    I'm sure these things used to be far easier to get at in the past - so much for "making our lives easier"! Sigh...

    1. LDS Silver badge

      I'm sure these things used to be far easier to get at in the past

      Firefox did dumbed down cookie management recently, making more difficult to selectively delete cookies. Don't know if because the money the get from Google.

    2. Woodnag

      Re: "tucked away in the Privacy and Security settings"

      Shift Ctrl Delete gets you to the Clear Browsing Data settings page in Chrome/ium.

      Didn't find this out til yesterday meself :{

      1. VinceH Silver badge
        Thumb Up

        Re: "tucked away in the Privacy and Security settings"

        Just tried that in Palemoon and it brought up a "Clear recent history" dialogue, with the option to select what you want to delete (Cookies, browsing history, cache, etc) and to choose "how recent" (last hour, last two hours, last four hours, today, or everything).

        I have it set to wipe cookies, history, etc, when I close the browser - but this could be a useful shortcut sometimes.

    3. Anonymous Coward
      Anonymous Coward

      Re: "tucked away in the Privacy and Security settings"

      If you're building or testing a website, I would recommend opening the developer console, clicking the Application tab and you can see all the site's cookies and then delete them all or individually.

      Also, you can search settings in Chrome, which helps find what you're after.

      1. overunder

        Doesn't matter, what you say, target I.E.

        @LDS: "Don't know if because the money the get from Google."

        Is this still true? I thought about 5 years ago Google stoped thier funding all together. At least I thought I read that (5 years ago :-/). I HOPE I'm right, but now that familiar fear has crawled back.

        Anyways, what I've noticed about Chrome recently is that it appears to perform better due to the fact it's intentionally targeted. i.e., it's the new I.E. (pre-Firefox assualt). As a web developer of old, how many times did you have the conversation of defending why you intentionally target I.E.? 100? 1000? More? But looking back now regardless of browser, what did that mentality bring us? HTML5 really didn't change shit. It seems it ultimately just made spying on us not only easier, but also harder to detect.

        It might be that time again where Mozilla should open the wounds of the dominant browser, just like they did to I.E. It is clear that Google is the new Microsoft (or dare I say worse).

        1. JohnFen Silver badge

          Re: Doesn't matter, what you say, target I.E.

          "how many times did you have the conversation of defending why you intentionally target I.E.?"

          Doing so was indefensible then, and it's indefensible now. Websites should target an HTML standard, and never target a specific browser.

          1. overunder

            Re: Doesn't matter, what you say, target I.E.

            "Doing so was indefensible then, and it's indefensible now."

            Now yes, but then? It was indefensible not to target I.E. if you were a Web dev.

            I'm clearly old, because I remember a time when if you didn't intentionally target I.E., nobody would hire you and most importantly, nobody could use your website. There's still crusty orgs to this day that insist you use I.E, government and private alike.

            Being realistic, from 1997 (1998 for sure) to about 2004 there was only 1 desktop operating system (Windows) and 1 browser (Navigator died off). Not to mention the clearly not so clear HTML 4 standard, which XHTML tried to rectify, and so badly didn't (strict was a good concept, but running alongside dynamic... hmmm).

            But my point was, the old saying of When in Rome is starting to mean When in Chrome.

            1. JohnFen Silver badge

              Re: Doesn't matter, what you say, target I.E.

              "I'm clearly old, because I remember a time..."

              As do I! Nonetheless, it was a terrible, user-hostile practice that web devs should have fought tooth and nail against. And should now, as well.

    4. JohnFen Silver badge

      Re: "tucked away in the Privacy and Security settings"

      "I'm sure these things used to be far easier to get at in the past"

      In the case of Firefox, that was the very recent past. Then Mozilla decided that people didn't really need to know any of that stuff.

  7. LDS Silver badge
    Devil

    Sure, they listened....

    .... to the desperate crying of someone at Google who just looked at GDPR fines...

    1. Anonymous Coward
      Anonymous Coward

      Re: Sure, they listened....

      GDPR Fines?

      Zero!

      They'll find some way to make sure that none of their European Operations actually earns even one Cent.

      Then they'll hope that their friends in the US Courts block any attempt to get the money out of the US operation.

      TBH, they simply don't care. They need your data more and more and are apparently prepared to go to pretty well any length to get it.

      1. Pascal Monett Silver badge

        Um, GDPR fines are not based on local revenue, they are either a set amount or based on world-wide revenue, so making an EU branch not have revenue will make no difference.

  8. Anonymous Coward
    Anonymous Coward

    Chrome is the best

    They monitor everything I do. They keep me safe and warm from all the icky stuff on the web. They know everything I like, and don't like. The advertising is so great I don't even have to look for anything, they just tell me what I want. I don't keep secrets from mr google, he knows when I masturbate, when and what I eat, when I sleep, where I drive, the friends I keep. They even know my banking and home address. I keep mr google in my house to talk with me, plays songs for me, pick my TV shows, wakes me up. I am looking forward to when mr google can cook and clean for me too. I love google, it is my god, the only thing I need and want in life. Please love me back google, I need you. (for the idiots - this was sarcasm)

    1. Anonymous Coward
      Anonymous Coward

      Re: Chrome is the best

      NoooooOOOoooo!

      He loves ME best!

  9. chivo243 Silver badge
    Facepalm

    chrome goes too far

    I was freaked out the other day when I saw I was logged into Chrome, I chalked up to a senior moment during an unusually busy day...

    Glad there are alternatives to chrome. I used chrome because it was fast,(er)? Well, seems that comes at a price, and it's too high.

  10. Someone Else Silver badge

    Better than nothing...

    ...but only ever-so-slightly.

  11. Pen-y-gors Silver badge

    Would there be a market...

    for a random-background-surfing add-on for Chrome (and other browsers)? Something that quietly runs, visiting random webpages (SFW) and following links, patterned on human habits. That wouldn't stop the Google slurp, but it would bury your real connections in a smoke-screen of cruff.

    1. cbars

      Re: Would there be a market...

      no, because the code/behaviour would be analysed by your well resourced adversary and the cruft nicely filtered out.

      Also it's the wrong solution. The correct solution is to remove the problem (slurp slurp behaviour), but this is a societal issue and unlikely to be easy or fast. Historically, we tend to go down these mental roads every now and again, but inevitably end up back at equilibrium. Hopefully the same is true here and we'll eventually end up in a sensible middle ground.

      Digital records won't last forever, but they'll last a lifetime or so - I reckon we'll need a couple of those time periods as a society to recognise the downsides.

    2. JohnFen Silver badge

      Re: Would there be a market...

      Wouldn't it be a better idea to use a different browser entirely?

    3. Diogenes

      Re: Would there be a market...

      TrackMeNot

      Over the last few minutes I had the tab open it searched for 'beef recall' browsersoxx dorothy provine, southwest airines, hugh hefner, ipadcases....

      you get my drift

    4. Anonymous Coward
      Anonymous Coward

      Re: Would there be a market...

      "Something that quietly runs, visiting random webpages (SFW) and following links, patterned on human habits. That wouldn't stop the Google slurp, but it would bury your real connections in a smoke-screen of cruff."

      It would work as intended (technically) but might not work as you had intended. It's because on the internet random webpages and "SFW" will still end up with pretty awkward results.

  12. J4

    Can't say it often enough

    They collect data not because it has value in itself, but because it is the base to the real revenue stream of targeted ads. You can't stop the targeting, because other people / server side analytics / outright lies.

    But you can stop it having value. Block the ads. Block all the ads. Tell everyone you know to block. Help non-technical people to block. Block, block, and block again.

    The only way to stop criminal behaviour is to cut the rewards of crime. This is, has been, and will always be true.

  13. Teiwaz Silver badge

    Wrong Question

    What if no privacy/trust-fluent folks had uninstalled Chrome? Who would watch then?"

    Wrong Question.

    Why did privacy/trust-fluent folks install Chrome in the first place?

    Why even allow Oogle in?

    1. Throatwarbler Mangrove Silver badge
      Holmes

      Re: Wrong Question

      Because there are some Web application developers who code to Chrome explicitly and whose code will not otherwise work. If you're obligated to use those Web sites/applications for your job, you're basically obligated to use Chrome.

      1. JohnFen Silver badge

        Re: Wrong Question

        But if you're using Chrome because it's a requirement of your job, then the security/privacy threats it presents only affect your employer, not you. Sounds fair enough to me.

      2. Anonymous Coward
        Anonymous Coward

        Re: Wrong Question

        "Because there are some Web application developers who code to Chrome explicitly and whose code will not otherwise work."

        Unless that developer is working on plugins (which it shouldn't be an excuse because 1. NPAPI plugin is disable for chrome and 2. chrome new WebExtensions is supported by firefox, so porting it is easier), that developer should rethink his work approach.

        It's 2018, the age of getting stuck with browser specific like IE should be over. Web application done today should follow the new web standards, not browser specific rules.

        Even if there is an exception in which that developer had to use a specific browser, that developer should code base on a stable chromium not the proprietary google chrome. This at the very minimum ensures the companies' independence from google who keeps ending their products support.

  14. Anonymous Coward
    Anonymous Coward

    Don't be evil? Talk about Google 'Pure Evil'

    https://www.bbc.co.uk/news/technology-45653035

    ________________

    "'Catastrophic failure' - The letter alleges Google is working on:

    * A prototype interface designed to allow a Chinese joint venture company to search for a given user's search queries based on their phone number

    * An extensive censorship blacklist developed in accordance with Chinese government demands. Among others, it contained the English term "human rights", the Mandarin terms for 'student protest' and 'Nobel prize', and very large numbers of phrases involving 'Xi Jinping' and other members of the CCP

    * Explicit code to ensure only Chinese government-approved air quality data would be returned in response to Chinese users' search

    ________________

    Mr Poulson said the sum of these efforts amounted to a "catastrophic failure" of Google's internal policies on privacy - as well as going against assurances made to the US trade regulator regarding data protection measures in its products.

    ____

    "Dragonfly is part of a broad pattern of unaccountable decision making across the tech industry," Mr Poulson wrote."

    ________________

    Google Suppresses Memo Revealing Plans to Closely Track Search Users in China

    https://theintercept.com/2018/09/21/google-suppresses-memo-revealing-plans-to-closely-track-search-users-in-china/

    1. Anonymous Coward
      Anonymous Coward

      Internal Stasi to monitor Google's own people

      Anyone still in denial about Chrome & Google practices? Wake up:

      _____________________

      Google Suppresses Memo Revealing Plans to Closely Track Search Users in China

      https://theintercept.com/2018/09/21/google-suppresses-memo-revealing-plans-to-closely-track-search-users-in-china/

      _____________________

      "The memo was shared earlier this month among a group of Google employees who have been organizing internal protests over the censored search system, which has been designed to remove content that China’s authoritarian Communist Party regime views as sensitive, such as information about democracy, human rights, and peaceful protest."

      According to three sources familiar with the incident, Google leadership discovered the memo and were furious that secret details about the China censorship were being passed between employees who were not supposed to have any knowledge about it. Subsequently, Google human resources personnel emailed employees who were believed to have accessed or saved copies of the memo and ordered them to immediately delete it from their computers. Emails demanding deletion of the memo contained “pixel trackers” that notified human resource managers when their messages had been read, recipients determined."

      "The memo was first posted on an internal messaging list set up for Google employees to raise ethical concerns. But the memo was soon scrubbed from the list and individuals who had opened or saved the document were contacted by Google’s human resources department to discuss the matter. The employees were instructed not to share the memo."

      "Google reportedly maintains an aggressive security and investigation team known as “stopleaks,” which is dedicated to preventing unauthorized disclosures. The team is also said to monitor internal discussions."

      "The “stopleaks” team, which coordinates with the internal Google communications department, even began monitoring an internal image board used to post messages based on internet memes, according to one former Google employee, for signs of employee sentiment around the Project Maven contract."

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't be evil? Talk about Google 'Pure Evil'

        Dragonfly matched to this? Nice 1984 world that's going to be:

        https://neweconomics.org/2018/07/whats-your-score

  15. Anonymous Coward
    Anonymous Coward

    I *really* believe that they've backtracked on this.

    I for one will be shocked - shocked! - when a year from now it becomes obvious that Google changed the UI, but the data slurping continued with no changes at all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019