Like Eric Law[1], I felt like while there were some rough spots in the UX for the Chrome login and sync features, the issue was very overblown (I'd feel very differently if sync had been enabled automatically). I don't have much more to say than Law does --- except maybe that when your arch-competitor is speaking out on your behalf, maybe the narrative has gone a little haywire.
I figured Google would do something cosmetic (again, that's all that I think they really needed to do) to clear up the misconceptions here, but they've added a Matthew Green switch (which is what we all need to call it from now on). That's better than I'd hoped for.
The sync thing was overblown. The cookies thing was a bit more concerning to me.
Not so much from a privacy angle but from more of a 'Chrome has lots its way' angle.
A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.
Glad to see they are listening to user feedback and reacting quickly.
> Glad to see they are listening to user feedback and reacting quickly.
I consider an opt-out as paying lip service to the feedback. Clearly they feel the default is more important than the generated angst. Reaction clearly needs to be even stronger to affect real change. An opt-in (e.g. a dialog on next Google login from Chrome asking for feature enable) is a compromise, an opt-out is to appease the temporarily upset while keeping all that they added in place and defaulted.
This is not an olive branch, don't accept it, condemn the continued incremental marriage of Google browser+services, and continue to move on and de-google yourself where you reasonably can.
You seem to be looking at the choice of opt-in vs. opt-out from the perspective of a user who actually cares about the feature.
Much more common, though, I'd say, is the type of user who will accept whatever the default is, because they just don't care.
Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.
If you think something is good for people, you have to consider the large group of users who don't want to put in the time/energy to evaluate whether the thing is good for them, but just want the program to shut up and do what it does by default—whatever that is.
It’s not just that the user doesn’t care. I don’t want to have to monitor constantly hackernews to find out what new invasion of privacy google will sneak in discretely, even if there is a switch somewhere to opt out. I want to be able to rely on the tools I use.
The issue with this line of thinking is that this change isn't really a privacy invasion. Account consistency didn't at all affect privacy. You still had to opt in to syncing, which did affect privacy.
I would be surprised if it didn't affect google's capacity to track you nominally.
When I flush all cookies from my browser session, and open a new session, I am a new user to google's various tracking mechanism. If I am an authenticated google user, then I am not.
I would agree that there was at least potentially an issue due to it re-logging you in. But I'll note that no one wrote a blog post about that. Someone just mentioned that on twitter after this was already a big "controversy".
In other words, you had half of HN claiming to be leaving Chrome over something they had no reason to believe had any privacy implications, and in reality, has either 0, or really close to 0, actual privacy implications.
I made a claim about HN being a small group in the grand scheme, and someone countered by claiming that most users didn't understand what was changing. But I think the funny thing is that the average user, who had the understanding that "literally nothing" was changing, would have been closer to the truth of the situation than the average HN commenter.
Not to say that the result of the hullabaloo was bad, I actually think this set of updates only improves things over where they are now, but its still a really strange sequence of events.
But if it re-logs you back in when you re-open the browser, it may be technically a different cookie, but it is a cookie with your real identity attached to it (as opposed to an anonymous cookie like if you started a fresh session on an older version of the browser). So practically, that has the same effect that if the cookie was never deleted.
The parent means, logging out and staying logged out of the browser, would have exactly the same behaviour as logging out of your Google Account would in Firefox.
The whole point of the feature was just that:
1. “are you logged into your Google Account from the perspective of Gmail et al” is now the thing the browser chrome itself reports; and
2. you now need to be logged into your Google Account in the cookies sense for Chrome sync to function; logging out of your Google Account turns off Chrome sync.
Before, people could be in a state where they have Chrome sync enabled with foo@gmail, but are not logged into foo@gmail from a cookies perspective, and are potentially even logged into bar@gmail.
This is the state that has been eliminated—now, the browser chrome’s login state reflects your Google Account web-cookie login state, because they’re one-and-the-same; and every method that logs you out of your Google account from a web-cookie perspective, also logs you out of Chrome (and vice-versa.)
Consider the privacy implications of someone who logs out of Gmail, but is still logged into Chrome sync as said Gmail user; and then lets someone else use the computer. That is what is no longer possible.
It’s a privacy improvement targeted at the people who expect “logging out” of their Google account to be one unilateral action that frees a computer of all artifacts related to their original logging-in. Which, until recently, wasn’t true: if you originally logged in by entering your credentials into the “new Chrome profile wizard” (where they set up the credential as both your synnc and web-cookie credential), and then logged out of one, it wouldn’t affect the other.
No, I mean you can log out of your Google account in the browser and it actually logs you out. Deleting your cookies does re-create a cookie (which is weird), but logging out in browser (I see it as "Exit Joshua" on Chrome on OSX) deletes Google cookies and doesn't recreate any.
It is difficult for me to assess the validity of this statement. I cannot tell if the behaviour is or is not a privacy invasion. What I can tell is that it is not in the direction of greater privacy. That it is not a feature I'd requested, want, or am comfortable with. And it's in line with multiple past trust violations.
That Google are announcing walking this back within days of release and publicity suggests some measure of the storms roiling the 'Plex presently.
>What I can tell is that it is not in the direction of greater privacy
For you, it may be a no-op, but for many users, it is a net increase in privacy (people who use multiple accounts or who use accounts on shared computers).
>That Google are announcing walking this back
Erm, sort of, I guess. There are some small changes.
What numbers, precisely, do you have on this? Because it sounds to me as if you're arguing from a position of ignorance.
There might be some benefit to the small number of users who 1) have multiple devices and 2) share one or more of those amongst several other people in the same account in ways that this Chrome feature ... might address. But this doesn't strike me as some overwhelmingly large use case.
The system for user separation on shared computers is called ... user accounts. Which every mainstream consumer operating system has supported for the past 17 years (Windows XP being the latecomer to this game.)
Otherwise, this is a broadening of Google's ever-expanding ingestion of user data, either directly or by way of one more (or an incremental series of) "small change". If I notice my enemy maneuvering me to his advantage, I counter that maneuver. In my case, it's meant uninstalling Chrome and Chromium from any systems on which that's possible.
(My much-regretted purchase some years ago of an Android tablet being the primary exception, though I'm resolved to not repeat that mistake, despite a dire lack of viable market options presently. Purism and Ubuntu may be nearing useful products.)
...small changes...
In the Universe in which I inhabit, Google specifically addressed user feedback and sign-in changes. I cannot find your characterisation of their announcement as accurate under any charitable interpretation.
Therein lies the disagreement - Google thinks it is good for people to log in to Google services via their browser, and to always be logged in (it's certainly good for Google!), therefore they choose these defaults, opting in to login and to tracking.
> Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.
Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.
> Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.
Most people won't know that these chrome features exist. Most people don't go digging through options and settings, they just download chrome and go, go, go.
The cookies thing could be seen as a bug: the button does remove the cookies, but because your google sign in state is now tied to the browser sign in state, new cookies will immediately be set.
To fix this, the “remove cookies” button would also have to sign you out of chrome which would also feel weird from a UX perspective.
All in all I think this was just released a bit early before all UX edge cases could be tackled (or even discovered. Sometimes you find things only in wider rollouts)
If exempting Google's cookies from being cleared was a bug, they would not have added a message in the UI that "you won't be signed out of your Google Account":
> The cookies thing could be seen as a bug: the button does remove the cookies, but because your google sign in state is now tied to the browser sign in state, new cookies will immediately be set.
Then maybe tying the Google state to the browser state was a mistake and should be reverted?
>A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.
Heh, I wonder if the next privacy blunder from Google will make you further reconsider your "voluntary vendor lock-in" approach :)
I disagree the sync thing was overblown. A website's cookies and the internal functionality of the browser are conceptually very different and (up to now) well differentiated concepts. Mixing them up and blurring the lines between them is just a portal to confusion of the average user, who is already confused enough.
I fear that changes like this will eventually make it impossible to effectively explain to an average user even the basics of how the web works.
Google's claim (which I'm inclined to believe) is that the previous state is more confusing to the average user. While we think in terms of "content" vs "browser", apparently the average user does not, and finds it confusing that part of the browser is signed into Google, but part isn't.
That may be, but that doesn't mean the concept should be abandoned and the browser married to the content in inexplicable ways. At least the way things are now, I am able to understand what is going on and teach it to my parents. If the non-average users also stop understanding what is happening behind the covers, is there any hope left for the open web?
I think that change was merited because of the "signed into chrome vs google" issue they were trying to solve. Say I clear my cookies on a signed-in, syncing account.
With G Cookies also deleted, I may wonder "Why is my picture in the top right but no Google services are using it??". To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be.
The logical thing to do, if your real aim is to have browser sign in state reflect cookie state, is to sign out the browser when someone clears their cookies.
That would make total sense to users.
I think this is clear evidence that Google made this change to keep more users signed into Google so they can collect more of your data without telling you.
What data is it that Google collects without telling the user? Granted, they don't issue some pop-up notification or e-mail for every piece of data they collect, as the collect it, but every user has full access to all of the data points Google collects. They are highly transparent about the data they collect and even give users the option to delete that data from Google's records.
I could be mistaken, however, so I'm curious - what data does Google collect without telling the user, at least by making that data collection transparent?
It’s a dangerous precedent to begin with, I remember platform abuse was a serious concern when Google first launched Chrome. Over the years they’ve built up enormous trust by keeping Chrome (mostly) conflict-free. The moment Chrome really turns into “Google Browser” it will no longer be the default choice (although I suspect we may already be too late to undo this).
So instead of putting in bizarre kludges in various parts of the UI fix the underlying issue - browser login should not be a prominent feature (it should be called sync bookmarks/history in settings somewhere), google logins should not be displayed in browser chrome and google websites should not get special treatment (either in cookies or login status).
That’s why people are complaining - they see that google clearly wants to privilege their own sites and logins in chrome and push the users to always be signed in with google across any site. Great for google, bad for user privacy and the open web.
"To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be"
I highly doubt the common person knows what a cookie is, let alone how to clear them.
A simple solution would be to add an extra step when clearing cookies that asks if you would like to stay signed into your Google session and clear or keep those cookies based on your selection.
The extent the common person (might) know about cookies is that sometimes it's helpful to clear them to speed up your computer and/or as part of other magical rituals.
It's Eric Lawrence and while I don't think he's off base, the disclaimer literally says he used to work on Chrome, so I don't think he is speaking as a competitor here.
Also, in my (admittedly, n=1) experience, Sync was enabled automatically, perhaps because I had tried it at some point.
> when your arch-competitor is speaking out on your behalf, maybe the narrative has gone a little haywire.
When the enemy of their enemy becomes their friend, the question then is who their common foe is. Microsoft is actively working to push the needle in the same direction as Google on ignoring and removing user choice in their products. An ex-Chrome dev at Microsoft defending dark patterns from his former team by mocking user concerns (as you are, with your "Matthew Green switch") is hardly an objective slam dunk.
I remember AOL and Compuserve back in the early 90s on Mac OS 7. They were online services, and they had something to do with the Internet, but it was a walled garden.
Google is free to do integrate their online environment into their client, but it's dishonest to continue to call it a web browser much longer.
This is an amusing way of framing a ban. Supposedly it's a three-month probation.
Oh well, let's make the best of it. October's coming up. How about a ghost story? "Once upon a time, there was an HN user. Now only those with showdead enabled can see him..."
Won’t change my mind and will stick to Firefox after having switched because of this. First I don’t want to be logged in in my browser at all. Second, and probably more important, software is about trust. Even for an open source project, no one has the time to review millions of lines of code. So unfortunately one has to rely on what one believes is the behavior of the authors of the software. And what google did is to shatter that trust by sneaking that change discretely.
Same here. Why does Chrome log you in in the first place?
I mean I know it from the companies perspective of course. They want to consolidate as much data about you as possible. And tie you into their ecosystem.
But what is the user facing benefit? Syncing your bookmarks across devices?
Syncing bookmarks, recently opened tabs, passwords, autofill(?). These are genuine benefits when you're working with laptops, desktops, phones and tablets. Whether they're worth the cost of data mining is another matter of course.
These are genuine benefits when you're working
with laptops, desktops, phones and tablets.
I work with all of these devices. Yet I don't want any of that syncing.
The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users? Of all the pages that have nothing to do with them?
Same with passwords. So they have a gigantic database with all of their users passwords for all the services the users use? Even those totally unrelated to Google?
> I work with all of these devices. Yet I don't want any of that syncing.
So... you're happy that they're giving you the option to turn it off then, right? I mean, you appear to concede that someone users want this. You want the option to turn if off, which you're getting. That seems like good news.
Except your tone doesn't seem to match your logic.
FWIW: I use Firefox too. But... I mean come on folks. They messed up, they're fixing it. The obsession with hatred and flamage is getting a little out of control.
The issue is that trust breaches can't just be rolled back. You put people in a situation where they don't want to get caught out by the next change that the press doesn't pick up and/or you don't hear about.
It's possible that I want my passwords (of other sites) synced on all instances of Chrome across my devices, but I don't want Google to know these passwords (obviously). They have an "encrypt-passwords" feature for that.
The difference is whether or not Google can see your passwords.
When you use a passphrase, your data will presumably be encrypted with your passphrase and thus only be visible to you with knowledge of the passphrase. Not even Google could see the data while it would be stored on their servers.
Encryption during transit means that no bad actors like hackers, unscrupulous ISP's or overzealous governments can access your data _while_ it travels over the wires towards Google's servers but Google can still do what it wants with your data.
I would assume it's the standard tradeoff - if you lose the key to the password DB (be it an actual cryptographic key or a password you synthesize it from), you lose access to the data, and some people are more interested in guaranteeing access to their data over avoiding storing it with an external entity.
(I work for Google but on nothing remotely related to this.)
One advantage that wasn't mentioned is the ability to send a tab between devices.
I'm looking at something on my desktop, have to go somewhere, so I just send the tabs to my phone and continue consuming. If I forget to do so, I can also use the url bar to search through common history, so that I could enter a few words from the title and go back to that article.
That being said, I personally wouldn't trust Google to do this, so I use Firefox that I believe encrypts data client-side by default.
> The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users?
They claim sync data is end-to-end encrypted. However they would already have your browsing history if you have address bar suggestions enabled.
Here's one way: there's not a singular axis that users wanting sync and users not wanting sync can be placed on and compared.
The other poster expressed how the feature sucked for their purposes. But the feature wasn't made to punish them, it was made after evaluating the preferences of many users, which is what my question is getting at.
Features can introduce risks in various ways. I discovered this long ago through a software vendor's annual feature request solicitation, in which I learned to be ware of what others ask for: you may get it.
Specifically as to sync: I would love to be able to sync certain elements of browser state between my systems.
Not between one of my systems, some arbitrary third party of questionable trust and intentions, and another of my systems. But directly between my systems.
Google actively thwart this.
A feature of most early browsers was the ability to save bookmarks to a file, and import that elsewhere. By slight extension, a browser session or tab state can be saved, either directly, or as bookmarks.
Chrome does not do this, either at all, or on all platforms. It's most resistant to this on the consumption-only platform of Android.
This has been a major point of frustration to me for a year and a half as I've been wanting to dump user state from one system to another, without Google intermediating that exchange for me. I've found no means of accomplishing this.
That is one element of the tyranny of the minimum viable user, as well as of Google cattle-prodding its users into the feed chutes.
They already have most of your browsing history simply by having you logged into your Gmail and browsing the sites having Google Analytics installed (which is most of the sites on the internet these days).
Ironically, from the article itself, this automatic sign in will not turn sync on automatically. This is probably the most confusing decision that can be.
There is, or at least was, a notable feature that synced data can be encrypted with a separate password, client-side. I can't vouch for its strength, but it's there.
While I understand and agree that they're benefits for the user, its interpretation and decision shall be made by the users themselves.
If the company supplying these features are forcefully making these decisions on behalf of me, I can assume that there are other intentions and motivations for providing these services to me for "free".
That "Save this login" stuff in Chrome drives me up the wall. I understand you can disable it under Settings (and I do) but I see it on other people's computer too and I feel a bit of me die inside when they click "Save login" just to make it go away.
Completely agree. It's ironic that users who click "remember my password" are 10x more likely to forget their password.
The next step in this equation is even more frustrating - people who's default workflow to signing in is to click 'I forgot my password', and proceed through those steps to instil a new password. And then the cycle continues.
People who can't remember their password often forget it due to having used that feature. Forcing yourself to type a password in over and over will pretty quickly encode it into muscle memory.
This is a little ridiculous. Do you think there is no value in password managers? It's almost certainly better to have many complex passwords managed for you and only one strong password to protect them all, than to remember the same few passwords used across many accounts, decreasing the overall security of those accounts.
I understand healthy skepticism of Google, but essentially claiming password managers (which is what this feature is) are bad, for the sake of criticizing Google, is bad.
I think you've misunderstood me. I'm not criticising Google here. I just dislike any tool that encourages people to unintentionally forget passwords for the sake of "getting this annoying prompt out of my way". This can be a "remember me" on a website's own page, or a browser feature.
A good password manager is a great tool and more secure than a few simple memorable passwords. But when I use it, I'm making a conscious trade-off between memorable passwords and secure ones, but usually I'll at least need to memorise a master.
I'm fact just thinking about it - if Chrome's signin affinity is turned on, and I have chosen "remember me", AND I use the password manager, isn't that effectively equivalent to having your entire password manager with a "remember me"?
Out of the total population of the chrome users, how many really use more than 1 computer? These benefits may apply only for few users, probably in single percentage figures, which does not justify pushing it down the throats of everyone.
And that's probably one of the situations where you would precisely _not_ want synchronization. Now not only Google but your employer has access to your complete browsing history!
I think the majority of cases where it's helpful is between some traditional computing device, such as a laptop or desktop, and a mobile device such as a smart phone or small tablet. I think that's actually a fairly large amount of people.
That's also one of the situations it's most useful in, as having your saved passwords already present on your phone when you try to log into a site you generally don't from your phone is extremely helpful.
Well unfortunately Microsoft and Apple don't appear to be working on a account sync feature at the moment so Chrome offering synchronization between my Windows, Mac, and iPhone is the next best thing for me, personally. I like having my bookmarks and history shared between my devices.
I would assume this is to compete with Apple's offerings (after all Apple doesn't just sign you into the browser, but into the OS nowadays). Apart from Chrome OS, Google doesn't have any other way to offer similar (tab-syncing, etc) functionality and signing you into their own browser is the closest they can get.
Yes, opt-in is the beginning, middle and end of the problem here. Google has plenty of tools to inform users of these capabilities and allow them to turn them on or off. I wouldn't even mind if they nagged me a couple of times with a pop-up about browser log in, or a confirmation that I want to keep or delete Google cookies. But on-by-default features have a special responsibility to be conservative with a user's privacy.
I actually value and use sync. Google sees most of by browsing through page-hosted GA anyway! But at best, this was really lazy product management that smacks of condescension about less technical users (don't worry your head about these cookies). And at worst, it's testing the waters on some really nefarious strategies.
Data in Firefox Sync is end-to-end encrypted, while data synced to Chrome is subject to Google's privacy policy.
"The security model of Firefox Sync ensures that your sync data is encrypted before it ever leaves your machine, and that the password to unlock this encryption is never transmitted to the server. Not even Mozilla can access your sync data, so while we transmit it all over TLS for additional security, we do not depend on the confidentiality of TLS to keep your data safe."
"When you sync Chrome with your Google Account, we use your browsing data to improve and personalize your experience within Chrome. You can also personalize your experience on other Google products, by allowing your Chrome history to be included in your Google Web & App Activity."
First I don't want to be logged in in my browser at all.
OK but I expect that most Chrome users feel different about that. Most are probably happy that this UI change makes things less confusing.
Second, and probably more important, software is about trust. [...] And what google did is to shatter that trust by sneaking that change discretely.
Why did the UI change shatter trust for you? It doesn't enable syncing so I don't see what the big deal is. With syncing out of the equation, I can imagine that you don't like being logged in in the browser for aesthetic reasons or something, but to have one's trust shattered?
>And what google did is to shatter that trust by sneaking that change discretely.
How did you expect them to announce a change they probably perceive as a minor UX improvement? Also this has been brewing for months in canary/beta, it's not like they actually snuck the change as you imply.
How did you expect them to announce a change they probably perceive as a minor UX improvement?
Just because you split a large change into a set of minor UX improvements and have different excuses for each individual change, that doesn't make the direction of travel any less damaging.
To be clear, the direction of travel is for Google to abuse their de-facto monopoly on search and browsers to own SSO across the web and track their users completely, at which point they will pretty much own your entire web experience (logins, browser history, maps, news, search, tracking, analytics - all this data will form a huge moat making it hard to compete and hard to resist decisions made by google about the web) - even if you don't use them they'll own the experience of the majority of your customers. This is why these small changes are so pernicious, and why people have reacted badly to them. This is why people reacted so badly to AMP.
This is not an argument over technicalities or quibbles over UX, this is a fundamental question of who owns the web.
Google have built up a lot of trust over the years by keeping the browser independent of their other operations, and making great technical progress with Chrome, but these changes (and others like starting to abuse their search monopoly by privileging certain google results) show that is not going to last - they are now at the monetising phase of their lifecycle, and nothing can stop it - a huge corporation has a momentum of its own.
The competition to their products is a click away. People use google products because they find them more useful. If that's a result of the data they have, who cares?
People use google products because they find them more useful
No - because they are free, ubiquitous, and often installed by default. People choose their browser as they would choose a hat, from the limited selection available.
I have already switched to Firefox and loving it (Facebook container, tracking protection enabled), but these changes are welcome and responsive.
I hope this is a wake up call that privacy implications need to be seriously considered during product design (even if the intent was better UX), and hidden changes without any UI/notice is going to make issues blow up far more than if there was clear in-app communication.
I did as well. DuckDuckGo, ublock origin, privacy badger. I haven’t used Firefox seriously in 5 years or so and I’m very pleased with the experience.
To be honest, it’s best to use an independent company for your internet browser. Google’s incentives and business model no longer matches web browsing for someone who cares about privacy.
I'm the last person to defend google, but in the beginning a reasonable argument could be made that what they wanted was better performance of javascript and website rendering in general. Microsoft, Mozilla and Apple were the only engine developers in town. Two were the default on their OSs and Mozilla was the choice of those who made a choice. So there was no real incentive to compete on performance.
Chrome was introduced by Google with the idea of improving performance of webbrowsers in general so they could do more with web-apps. That did seem somewhat reasonable at the time.
But since Chrome became the market leader, the incentives have changed.
Google used to pay people working on Firefox, including the lead engineer at the time, Ben Goodger. They pulled them to work on Chrome. Had they wanted, they could have invested more in Firefox to improve its performance. But what they really wanted was full control over their own Web browser.
I don't think he/she meant "Chrome". It makes no sense to me if you substitute "Chrome" for "Firefox", considering the context of the comment and its parent comment.
Ah, so maybe the meaning was "I've just switched to Firefox after having not used it seriously for five years". It's interesting that that interpretation was so obvious to so many people but not me!
I switched to Firefox developer edition couple weeks ago before this incident. Reason: my laptop temperature goes up to 80C+ with about 10 tabs opened in Chrome, whereas with Firefox it stays around 60C. But with this sync and cookie fiasco I am never going back, even if they fix the CPU optimization issue in a future update.
I actually use Chrome for everything Google, and Firefox for everything else. It's a constant reminder that I need to stop using Google services. I don't open it much anymore, just to check my gmail which still has a few emails going to it, and to find my android whenever I lose it.
Do you have any details of which ones? I have not discovered any so far - everything seems to work just as well in Firefox (e.g. gmail, youtube, search, maps, adwords, adsense, analytics, cloud console, webmaster tools are the ones I requently use on Firefox with zero issues)
Unfortunately, Chrome 70 is also when `www` subdomain is slated to get re-hidden, and when web audio breaking changes are slated to get re-introduced.
There's just too much to keep up with at this point.
I'm happy about this change, it's a big move in the right direction. But it doesn't give me any confidence for the future. It's crazy that users have to do this every single release. It can't continue like this.
I have no idea anymore what it would take to get me to switch back to Chrome or to start recommending it to friends and family. I feel like Google is actively training technical communities to distrust them. It's going to turn into some kind of Pavlovian response.
Yes, I think that's exactly what danShumway meant by "users have to do this every single release", i.e., give feedback about a big upcoming change that should never have been made in the first place.
One week it's the domain hiding, another week it's cookie clearing. Who knows what Google is planning to change next time? It's not sustainable for us to go reactive every month.
There's an awfully big disconnect if the makers of the world's most-used web browser are routinely trying to change it in ways that users force them to immediately revert. That's not what good stewards do.
I feel this attitude of “just do it and see if enough people complain” is inherent in these big web companies.
Just look at how they do product naming. How many times have we seen Google or Facebook launch projects with the same name as an existing project and just use their size to steamroll over refernce to the existing work?
E.g. the Go programming language or Facebook’s Flow checker for starters.
You missed paren't point. It's not about if you can see the changes immediately in the next release, it's that you have to be constantly vigilant as to what they're going to do next, like looking over your shoulder.
You can do that, but it's time consuming and exhausting. You're better off switching browsers.
That's overly dramatic. Both Chrome and Firefox are excellent browsers, and are developed in the open for all to see. They are examples of open source done right.
> Both Chrome and Firefox are excellent browsers, and are developed in the open for all to see.
I still think you're misunderstanding. The problem is that Google as an organization has the incentive to pull shady shit. It may be noticed, but watching Reddit/HN to see if your browser, which should protect you/be trustworthy, is pulling shady stuff, or whether you may've missed a story of it doing so is still exhausting and keeps you wondering.
All companies have the potential to do shady things. The majority of Google's changes to Chrome have benefited end-users, and not Hacker News goers. We live in a bubble here, and lately it's been an outrage bubble. There's little substance to any of it.
A recent example: Hackers hate the idea of removing "www". Why? Because it's less accurate and we love accuracy. We think about what happens to the DNS if the www isn't a CNAME for the root, and how this isn't technically accurate.
Real users don't care. The UI is cleaner and make important information like what domain they're actually on more pronounced. This may help reduce phishing attacks and make URLs more legible.
Integrating sync is the same way. I'm not surprised that hackers hate it, but end users will appreciate the convenience. Android had the feature for years already.
We need to get out of this bubble and stop assuming we're the core audience. It isn't evil to design for somebody that isn't us.
The URL hiding change is NOT reversed or shelved, only delayed:
> Thanks for the feedback so far. We plan to collect additional feedback, particularly about the enterprise use case, before launching the feature. We will not be launching the "www" elision in M70.
Maybe it’s just a vocabulary quirk — to me, “shelved” implies “postponed indefinitely, but might come back someday”, not “cancelled forever”. So it is “shelved” according to how I understand that word.
As you correctly point out, it’s not necessarily cancelled forever.
Too bad there wasn't enough feedback about http:// and https:// hiding to make any difference. The biggest problem is that the two are hidden differently.
The last that I heard, it was temporarily removed in Chrome 69, and `www` would be reintroduced in 70. Unless things have changed again since then, `m` was the only change that was actually shelved.
We also need to avoid situations where a positive reversal/fix distracts people from the introduction of a new problem, like URL display changes related to AMP.
It's not targeted to technical communities. Chrome's market share is 50% and growing. It became successful in the first place because it's fast and simple. It's clearly targeted to average Joe by design, not programmers.
Many of the complaints that Chrome has gotten are not specific to technical communities. People were mad about `www` not because the technical communities have a thing for seeing the subdomains, but because there's a risk that average Joes can be phished when they're removed, and because on some domains the removal makes technical support for people like Joe harder. Similarly, the Web Audio complaints were not merely that the technical community wanted more control, it was that the changes broke the web for non-technical users in a way that commercially advantaged Google's own properties.
Secondly, Google's external PR has never taken this stance. Google invests a lot into interfacing with the dev community and positioning Chrome as a dev-friendly browser. I very much doubt that any Chrome dev on Twitter would agree with what you're saying. They would say that Chrome is trying to be a browser for both casual and advanced users.
As long as Google advertises Chrome that way, I don't see the problem with the technical community demanding a certain level of consideration. How many people on HN use Chrome (or at least did a week ago ;))? If Chrome isn't designed for people like them, than it seems like the obvious solution is for any tech savvy communities to en masse switch to Firefox and do the majority of their development/testing there.
But again, most of the changes that people are mad about aren't tech-specific concerns. I don't use Chrome for daily browsing; I'm mad that Google made a change that made it easier for them to spy on my parents. I'm responsible for protecting them. I'm responsible for mitigating Chrome's technical problems when they impact nontechnical users and customers that I care about.
One positive, is that the response was fast and direct. In the past, negative user feedback has tended to be buried, or felt like it, or ignored, or felt like it.
This time, somebody decided the only clean path out was to be responsive: to make changes which reflected community concern and to tell people about them
Which I think, is good. I vastly prefer the google which tells people it listened, to the one which says it listens but doesn't tell us whats happening to the inputs we give.
(thats the one which lies behind any three-dots 'send feedback' hooks in almost any google app or s/w I use: I never get the sense anyone reads it, cares about it)
The fact that this all happened in the first place is really telling. It's nice that they've backed these features off (a bit) but there's a reasonably clear signal to take away from this.
When company and customer interest are misaligned this is the result. There are plenty of cases where a strong leader in the company with a strong ideology can hold this stuff back, but companies normally outlast those individuals and eventually there's nobody left to stand in the way.
It's wonderful that we were able to make enough noise and fuss that the cost/benefit shifted sufficiently but this will happen again, and then again, and so on... And eventually, we'll be tired of yelling or won't be able to yell loud enough.
Vote with you attention and your data and your money. Switch to Fastmail or Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another not-so-great-for-developers-anymore Apple macbook pro. Choose these options even if they aren't as good because if we don't support the handful of companies who are trying to do something other than gobble up all of our attention and data we're in for a really dark future for the web.
It does seem weird that this would be lauded. I want my browser to be completely independent of what I'm doing on the website because there is no telling what the browser might be doing on my OS and frankly if I want to sign into a website, I will. It's not any of my browser's business what I do on the websites I visit. This seems like a fundamental part of sandboxing but maybe other people don't see it that way.
I imagine more and more so called convenient features might come where Chrome can suddenly install entire Windows apps, clean my files, and replace my OS. Then again, why not. Who am I to tell Google how to compete, maybe they can replace Windows with something better by gradually bloating up Chrome into an OS inside an OS.
If the HN backlash is anything to go by, a lot of people see it the same way as you (me included).
Every company will act in it's best interest not ours, particularly in the case of Google who are blatantly building out a vision of what they want the web to be for 1 singular purpose: to more closely monitor you for the purpose of selling your online activity to the highest bidder.
This much influence being concentrated is bad for the web.
you're a techie i'm guessing? How many of your friends/family ask for tech support/advice? There's a serious multiplier effect at work. I'm a high school IT teacher. I influence approx 600 students per year. We now cover online privacy and I will be setting assignments that ask students to investigate and make reasoned arguments about the impact of Google's dominance on their privacy.
Once you annoy enough of the tech literate, word will start to spread. Slowly, then quickly. How do you think Chrome got its foothold to begin with?
I won't deny that the tech crowd can influence things, but it's become quite hard for regular users to quit the whole Google panoply of services and tech products. Mail, browser, maps, dns, search, etc... It isn't painless and easy to abandon all of this and I have doubts even tech-savvy influencers can counter it at this point, only by word of mouth.
And about how Chrome got a foothold in the first place, I distinctly remember Google agressively advertising their own product on their search engine page, and bundling the binary with everything under the sun (Adobe Reader, anti-virus, etc...). Every time you installed software, there was a good chance Chrome was included with it. Tech influencers had their part in the success of Chrome, but it definitely wasn't the only factor, or maybe even the most important one.
anecdotal, but i don't know anyone outside of HN who actually thought this was a bad idea. on the contrary, most of my coworkers that use shared pcs praised logging in to both the browser and other google services as it helps them improve their productivity.
Google is kind of a special case in that they are the developer of the biggest web browser and the developer of the biggest web-apps. The integration between the two becomes somewhat inevitable at that point. Eventhough I too very much disagree with it.
> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.
I really want to know who the internal champion was for getting the cookies to be perma-stored in the first place. It has to be someone relatively high up and I’m genuinely curious how high it goes.
Based on what I know of the Chrome team, it was probably the conclusion of some UX manager or the result of a user study they did around Google authentication. If I had to guess: their end goal is not explicitly to collect more advertising data for Google, but it's to minimize friction around the use of Google services. This leads to decisions like the cookie one.
I don’t know why but I get an intense feeling of disgust at “people at higher position” making stupid decisions like this one.
My cynicism kicks in and I feel like they know exactly what they’re doing, but the bottom line is more important than anything including causing a PR storm on HN and tech blogs.
Strip down emperor’s clothes and truly reveal the nature of big corporations and their greed to ruin everything for the benefit of the shareholders and their bonus targets - ethics, privacy and environment.
Perhaps I have a problem with extreme levels of cynicism.
In my experience at Google, "people at higher positions" do not really make these kinds of decisions. Someone at the leafmost position in the organization comes up with some research and recommendations and if nobody stops them, they go ahead and do it. It's actually really disorganized.
I feel like integrating auto sign in, tracking and Google cookies is less of a disorganized decision and more of a premeditated, carefully snuck in effort for their ads business. All the stars align for the bottom line.
Just look at the state of Android. Try being a cell phone OEM who wants to use Android but without Google integration. Impossible.
Honestly, I'm going to have to disagree with the first statement. Like any large project, it was planned, but all for separate reasons.
- Auto sign in and the "Google account indicator": this is almost certainly the result of discussions between the Chrome security team (security indicators, phishing, etc) and Google UX requests. Heck, they even say that the indicator was motivated by user research around session management.
- Tracking: I'm not sure what extra tracking was added to Chrome beyond the existing telemetry they've had since the beginning of the project.
- Google cookies: explained above - a reasonable idea at some manager or UX designer's local scope that got misinterpreted.
If they really wanted to sneak in goodies to supercharge their ad business, it would look a lot worse (and be a lot less obvious) than this. For instance, there's nothing stopping them* from automatically enabling Chrome Sync and removing the option for encrypted syncs tomorrow... which is another issue, but a different scope of discussion.
* Aside from their entire legal department, of course.
OK, try being and OEM who wants to use Android but without Google integration in a country where Google is legal. I think Amazon backs up that point, not yours.
Yet most of them have to install play store. There is no going away from Google completely unless you're Amazon on large budget and you make a big branch off Android source.
C'mon, that's a bit of a cartoon characterization. Privacy related stuff must go through legal first when a change is more than just testing a shade of blue. It's not the Wild West in there.
If I had to guess: their end goal is not explicitly to collect more advertising data for Google, but it's to minimize friction around the use of Google services.
How can you have one without the other? Google services exist to drive advertising. Anything to make a Google service better for the user has a corresponding impact on Google's ad business.
I don't think it was an isolated person. The tone of the blog post is that we're surprisingly passionate to want clearing cookies to actually clear cookies. Am I the only one who detects a condescending tone here?
We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.
I find it interesting that you use the word “champion”. I had a discussion the other day with a well experienced consulting colleague of mine. His view was that every company has Champions which in turn reflect the company culture and values. For consulting companies these are partners. For google it used to be the CS PhDs (my guess). Maybe, this is changing at google right now and other people are becoming the “champions”, which might explain the underlying reasons this happened in the first place
If they hadn't perma-stored the cookies, we'd all be pointing out how stupid it is that clearing your cookies logs you out of the browser. This would be clear evidence of what a stupid idea it is to match browser sign-in state to your cookies.
There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.
> There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.
Maybe I'm just being pedantic and there's no real-world difference, but I'm a little more okay with the browser creating new cookies whenever they're cleared vs not clearing cookies when asked.
Not entirely okay with it, mind you. Especially since browser logins are now two-way.
> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.
For those interested in source code, one can review Chromium's implementation of this feature in chrome_signin_helper [1], dice_response_handler [2], and adjacent source files in the /chrome/browser/signin/ folder [3], as well as the files in the /components/signin/core/browser/ folder [4]. To my eyes, it seems an API call is made from the browser to Google to obtain the signed-in state.
I have no doubt this is a direct result of the feedback in the hacker news thread. Googlers read our comments and take them seriously when there is true merit. Keep making noise folks, it matters.
I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.
Firefox is basically unusable with this bug; Facebook takes forever to load, and even Reddit r/firefox shows "A webpage is slowing down your browser" bar at the top.
But apparently this has been going on for 2+ years and Mozilla hasn't been able to fix it.
Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox, it's both concerning and surprising that a bug of this proportion has gone on so long.
Neither of those bugs have to do with 100% CPU on rMBP. Their about using an inefficient presentation path which increases GPU power usage. You can mitigate this today by setting gfx.compositor.glcontext.opaque to true. Further, Firefox Beta has additional texture upload performance improvements that will reduce cpu usage.
If you're actually experiencing 100% cpu usage, post a profile using https://perf-html.io/ and I can try tell you why.
2) Set display options - "more space" under System Preferences.
3) Run Firefox. Load any website. No extensions; safe mode doesn't matter.
4) 100%+ CPU, fans kick up and run high, system gets hot and slows to a crawl.
Chrome and Safari run totally fine under the same conditions.
It's documented pretty thoroughly in the first Bugzilla link I posted; the second one is an offshoot where they're trying to solve this specific issue. If you do happen to work at Mozilla, would really appreciate your help escalating.
EDIT: I now have a perf file showing significant issues when clicking on a YouTube video. It gives an error when trying to upload it to the site, but if you contact me through email (in my HN profile), I can send it over.
4.7% of your users, but what percentage of web developers?
If that second number is substantially higher (and I personally suspect it is, but I don't have data backing that up) I think it would be very reasonable for Mozilla to prioritize MacOS. Getting web developers to use firefox makes firefox work better for everyone because it makes more sites work well with firefox.
Yeah, we do prioritize Mac disproportionately to its market share for that reason. It does sometimes happen that we have to make hard calls though, and that's what Jeff is referring to.
On that note, one of the key motivators behind WebRender (our new graphics backend) is that it provides hardware acceleration across all platforms, including mac (whereas our current Direct2D acceleration works only on Windows). So Mac graphics performance should generally improve once we get that shipped.
I build internal tools in my organization. Most of our developers are on MacOS and use Chrome day to day. Most of our users are on Windows. Whenever a browser specific issue comes up, we do our best to address it, but our first response is typically "go install Chrome". Chrome adoption is 97% internally, 2.5% Safari, and the remaining 0.5% is Edge. We have a 0% internal Firefox usage rate.
Draw from that what you may, but I bet that dynamic is happening in other places.
4.7% of your users... and how much of that is because you are finding it difficult to prioritise work specific to that platform? It sounds like a chicken-and-egg problem to me.
Now don't get me wrong: I'm a big fan of Firefox, and have used the dev edition as my main work browser since Quantum came out. However, that's a terrible attitude to take. You have half a billion dollars per year of revenue. The second-largest desktop platform should be a major priority. Certainly above all of the other non-core-Firefox projects you're working on, however cool they may be.
I also have this problem, and it's a reason not to use Firefox for me. Maybe you only have 4.7% of users on MacOS precisely because of problems like these?
I spent a few minutes trying to replicate on a MacBook Pro (Retina, 13-inch, Late 2013) with Firefox 62.0.2 and could not replicate, browsing a number of resource intense sites.
Interesting, as this is the same MBP I have, and same Firefox version. I now have a perf file showing the issue. Can't upload it (it gives an error), but would be happy to send it to anyone who thinks they can help.
I'm on Mac OS 10.11.6 (15G22010). The regression might be due to some interaction between Firefox and changes in the OS, if you're on a more recent version.
I've been doing this since the first-gen rMBP, and I've never had this issue. No matter my scaling, I idle at about 5% CPU with about 80 tabs and 10 windows actively open.
I'm not sure what it is with your MBP but my Firefox does the same thing anytime I open a phys.org page -- one Firefox at work using Ubuntu 16.04 and the other at home using Windows 7 both exhibit it.
Edit:
Actually I just checked and the Windows 7 machine doesn't do it any more. I'm not sure if maybe a Firefox update fixed that here. I'll double check at work tomorrow too
I don't have a rMBP, and others who may be curious to help may not either. Uploading performance profiles from various websites to the mentioned URL will give everyone something to poke at.
That profile shows all of the time being spent in script execution. Are you sure that setting a different resolution has a dramatic effect on the amount of CPU being used?
Nope. I'm not the Retina Mac person. I'm gonna guess a lot of sites make the system busy with scripts, they all post 100+% CPU loads, fans go on, system gets warm - just to load them. Every once in a while the go nuts well after loading and I'll see a Web Content process over 100% and just stay there but I don't know which tab is causing the problem, so I usually end up killing the whole browser.
I don't know exactly what conditions are required to reproduce the bug, but it clearly does not apply to all rMBPs. I'm on a 15-inch 2016 rMBP and have been using Firefox on it successfully since I got it. Before that I spent a couple months on a 2013 rMBP, also no problems.
Edit: For people who want to compare notes: High Sierra 10.13.6, Firefox 62.0.2, resolution is set to "Default for display" (which I think does mean it's doing interpolation of some sort). Automatic graphics switching is enabled. I don't have any trouble watching YouTube videos.
It happens when you set your rMBP display to "Scaled" in display preferences, which is what most developers do. (Edit to your edit: Try the "More Space" option in your display preferences! It's amazing.)
Similar to the sibling comment, I can't seem to repro. I switched "More Space", restarted Firefox, loaded up a dozen or so tabs. I even watched a YouTube video for about 10 minutes. The video did cause CPU to jump a bit, but it dropped when I unloaded the tab, and nothing I've done (including the video) has caused any sort of lag like described in your first post or subsequent follow-up.
I'm not sure what to say. I'm sure the issue is real, but it seems like we're missing something in the triage. There has to be something else that makes a difference.
I've got a 15" "late 2013" rMBP, set display options to "more space." I've got a total of 45 tabs open between a couple different windows (I use the userChrome hack to re-enable multiple tab rows.) Cycled between tabs, refreshed, navigated around FB, GMail, etc. Can't get the CPU to do anything out of the ordinary.
> I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.
On the flip side, I've had a recurring bug in Chrome (until very recently) where for any long running session the Browser process will consume 100% of 1 core. I've had it across multiple machines and profiles, including a completely clean profile with no extensions - I've never managed to be able to nail down the common elements.
With my 2012 rMBP (first gen retina, with nVidia GT 650M) I cannot play video on various websites using Firefox since about a year or two. Did an OS reinstall, switched to nVidia native drivers, nothing helps. It plays the first second of video, then freezes, audio does continue. Youtube does work, but performance is poor.
Facebook is super relevant for our business. Not only do we advertise on there, but I also sit on Messenger and answer computer and phone repair questions from friends, and get tagged in "Help! My computer stopped working" types of posts. It drives good business to our repair shops.
Facebook has also replaced forums for our industry (cell phone/computer repair), so it's how we find out about the latest trends and innovations. Yesterday I used a document posted on a private FB group to fix 3 2011 15" MacBook Pros with failing GPUs (previously considered "unfixable.")
For the industry and business I'm in, there's no substitute.
That's interesting. I would have assumed that Reddit was a much better resource for at least the technical docs. Many subreddits include a crazy amount of very specific information about just about anything you can think of.
Totally agree in general; I've gone down the "Reddit rabbit hole" almost too many times to count.
Private groups on FB can be more discerning about their membership, which is also what makes them interesting.
Many of the cell phone repair groups I'm in require you to have a repair business, so the groups don't get flooded with what they call "plz bro" posts. (i.e. "How do I fix an iPhone screen?" beginner posts.)
It also forms a tighter community; we pretty much all know each other on there, so we refer business back and forth a lot, and use Messenger heavily to buy, sell, and just chat about really obscure or weird repairs that come in the door.
However I'm disappointed that their response is essentially lip service to the highlighted problem. If I read the article correctly, the auto-signin will continue to be the default and you'll get an option to turn it off. This does not address the breach of trust issues highlighted in the thread and linked posts .. unless they're going to ask you about signing in to the browser before doing it. Also, the consequences of saying "yes" to that would continue to be unclear if one path leads to data sync and another path doesn't.
Personally, browsers don't need users to signin. They can sync data laterally with other instances. I suppose Google hasn't heard of bonjour.
Counterpoint, we shouldn't fucking have to. They should fucking know not to keep google cookies around when you explicitly say to clear cookies. It's that whole "don't be evil" motto that they completely abandoned a decade ago.
I wouldn't use those words. I would replace that with "when the backlash is large enough"
Also I read several comments in that thread about how all of that feedback was pointless because the "vast majority of users don't care."
This type of comments always come up after anything a bad company does. You don't need the majority of users to force a change. In fact no movement ever starts with a majority.
That said, Google can no longer be trusted not to screw over Chrome users in the future. Trying to track users this aggressively and then only backing down after a large backlash doesn't really tell me that Google will be playing nice from now on.
They have to realize its not just about the auth cookies, its about ethics, and it should be reflected in the entire product line. Using Firefox and DuckDuckGo now because I appreciate better ethics. Honestly I become more and more aware recently.
I set up Chrome remote desktop for a family member today, and absolutely sync is enabled simply by signing in. Sure, it presents "Undo" after the fact, but on visiting the associated Google account, it had already copied everything. I have NFC where this article sourced "sync isn't automatic", but it clearly is. Zero UI indicator it's happening until the Undo button appears, by which time you've already been ripped off.
Nice to at least see they're making it opt-out, but the damage has already been done.
Even the linked article on HN was more about the implications of this change - without any notice. It removed one wall of protection that users who didn't want Sync had.
Many people _purposefully_ don't want to sign into Chrome. The change suddenly signed them in, without notice or confirmation. That's problematic.
This is a strawman -- many, many people were aware that this change did not enable sync for existing accounts, and were concerned regardless. Matthew Green does an excellent job articulating all of the reasons why this is a terrible change, and specifically notes that sync is not among them: https://blog.cryptographyengineering.com/2018/09/23/why-im-l...
Too late. I am already done with Google as I was done with Facebook a few years ago. There seems to be no end to the privacy issues and user exploitation that crops up. If it isn't one thing it is another.
These marketing / ad tech companies masquerading as consumer products will inevitably drift toward more invasion of privacy and user exploitation.
I agree, more people need to not accept these type pseudo apologies which provide a toggle to turn it off after the fact, they damn well know that 99% of people won't turn it off. And they are doing this on billions of devices.
Don't every freaking website have "Keep Me Signed In" (Don't use this on shared computer) message for decades already?
I’ve realized something over the years: Remember how “cool” Google was in 2007!? I vividly remember.
I have learned an important fact that Ad business is rotten at the core - meaning it has direct conflicts with users. Therefore, I can never come to trust any Ads businesses: Facebook, Google, Snapchat, etc and recently Adobe and Microsoft.
I’m disgusted at the state of advertisement in modern society. It ruined cable, radio, social media, road sides, magazines and the very fabric of society. Turns out that our attention has a huge price tag.
Not to age myself I remember how cool Google was in 1999. The joy of actually finding what you wanted and not getting sucked into some ad sponsored portal.
Google has invested billions into search and it is nearly impossible for a small startup to invade the search business.
For example, imagine a company that allows you to search the internet without ads but charging say $2.99/month fee to use it. Even if I am willing to pay, the search accuracy and ability for a small company to compete with google is nearly impossible.
So here we are. Perhaps I’ll switch to DuckDuckGo. They recently got funding and I feel like they’re “cool” right now until if they grow huge and we are back to square one.
This is the endless corporate loop we are stuck with.
The popular narrative was that Microsoft wasn’t investing too much of anything in IE after around IE6 when they didn’t have any competition and didn’t start reinvesting until later.
But there is a huge difference now with search. Google owns one of the mobile platforms and pays the other dominant platform over $2 billion a year to be the primary search engine.
Firefox and Mozilla were not a small startup - they had (comparatively) boatloads of money (now they have even more) and a huge number of free developers :)
I think the main point is to not try to copy Google. DDG is power users' search engine for now, and that's OK. You may leverage power users help in tags, and other features, that would minimize the overhead in hardware platform. To make an extreme example - imagine how many data about the particular user would you need to have and how many resources would you need to spend on AI models training to give the same result by guessing and AI that user would get from SQLite, having formulated simple request in SQL.
I'm really confused here. Earlier you were asking why open source couldn't build web search, like it built Firefox (sort of); and now you're saying just use Google? Open source can build a page that just uses Google, but that doesn't get you off a dependence on Google.
>So here we are. Perhaps I’ll switch to DuckDuckGo. They recently got funding and I feel like they’re “cool” right now until if they grow huge and we are back to square one.
DuckDuckGo's primary selling point is privacy. If they infringe on that, they die.
Also, I just switched to an iPhone again after years of using Android, for similar reasons. Apple is scary but right now I want to distance myself from Google as much as possible.
If their selling point is privacy, it conflicts with target advertisement business model. I’m curious how they plan to be profitable? Perhaps just good ol’ non targeted advertisement without user profiling?
> For example, imagine a company that allows you to search the internet without ads but charging say $2.99/month fee to use it. Even if I am willing to pay, the search accuracy and ability for a small company to compete with google is nearly impossible.
It doesn't even require payment. Even if you don't do any user targeting at all, insurance companies will transport a Scrooge McDuck money bin full of gold bullion to your location if you can show their car insurance ads to all the people who search for "car insurance" etc. Google itself operated this way for many years.
What you need is some competitive advantage over the incumbent.
I suspect a good way to do this is to make products for more technical users. Support powerful filters and scripting and regular expressions. Expose the internals of how it works to the user. Publish the source code and let people improve it -- do for search what Red Hat does for operating systems. It's a great model here because the cost of doing the indexing is still a moat even if the search code itself is completely open.
Big companies concentrate on the mass market. They've gone so far in the direction of making things so simple and generic that literally everyone can use it that they're leaving open an opportunity for someone to capture the subset of the market willing to suffer the complexity that comes from a more powerful interface.
You don't need 99% of the users, 5% is quite sufficient. If you make that you're worth a billion dollars and have the resources to make further improvements that allow you to compete in the wider market.
The endless corporate loop is natural. Everything in this universe is on an endless loop and nothing lasts forever. Just get used to change and use whatever is legit at the moment.
"Only on TV and radio, and in magazines, and movies, and at ball games... and on buses and milk cartons and t-shirts, and bananas and written on the sky." (And that was in 1999. The 2018 version would have to be extended: "And in our email, and in the Windows start menu, and in our phones, and on shopping carts and subway turnstiles, and maps, and video games, and in photo albums, and even inside of other ads. And the ads watched you as much as you watched them. But not our dreams.")
In the novel's world, each year is subsidized by a specific corporate sponsor for tax revenue. The years of Subsidized Time are:
Year of the Whopper
Year of the Tucks Medicated Pad
Year of the Trial-Size Dove Bar
Year of the Perdue Wonderchicken
Year of the Whisper-Quiet Maytag Dishmaster
Year of the Yushityu 2007 Mimetic-Resolution-Cartridge-View-Motherboard-Easy-To-Install-Upgrade for Infernatron/InterLace TP Systems for Home, Office or Mobile
Year of Dairy Products from the American Heartland
Year of the Depend Adult Undergarment (Y.D.A.U.)
Year of Glad
At this rate, the poor are better off without tv, radio and magazines. They’re largely just an entry portal into psychological extortion by these advertising firms.
I’m a huge fan of publicly funded media such as NPR and your local public radio station.
The shows and movies and articles and websites often only exist to pull in people to view the ads. There's far to much content for the sake of content where the goal is not to inform or educate, but merely to wrap around the ads (or in a lot of cases, be the ad).
That sounds like a good theory from our comfortable, affluent office chairs... until you think about it for approximately five seconds.
Would you rather have the children decide what they should learn in school, or the injured decide how their wound should be dressed? A fundamental aspect of our society's advancement is that we have become specialists: we almost all wear socks but very few of us would know how to make them. And even if we could, we wouldn't be able to make them quite so efficiently.
The poor—or the middle class, or the rich—shouldn't have to decide how they are being informed about the world any more than they should be expected to decide which type of stitching is used to assemble their socks.
You're literally comparing the decision making skills of lesser financial means to those of child - which strikes me as extremely problematic. To claim that the "us" commenters of HN have some specialized skillset, tuned to consume better media than the rest of the world, absolutely baffles me.
Can we agree that mentally stable adult humans, generally, should have some agency and responsibility to choose how they consume media?
You're putting words in my mouth. My point has nothing to do with someone's relative affluence or poverty. All I'm saying is that in almost all domains, everyone in modern society relies upon the expertise of others. That's equally true for Bill Gates as it is for the homeless person waiting in line at the soup kitchen.
I'm not even going to respond to your second paragraph because it's almost insulting that you thought it necessary to ask.
If we truly paid what it cost for content, instead of fueling about $1 trillion in middle-men, creators could get paid (very handsomely) and we wouldn't have as many societal problems.
I'm cautiously optimistic that a utility token like BAT, or some other way that people can provide micro-payments for content will win in the end. I'd gladly pay $0.25 to read a well written article on the Internet, so long as it went to the creator and didn't fund the advertising machine.
Micropayments used to be great idea, but didn't get traction.
By the way, for example of not-ad-driven internet you might look at China, where podcasts is $7 bln business (direct fees and subscriptions), video blogging is of course full of celebrities promoting big brands, but for the main part is still about direct "gifts" from viewers to tens of thousands of bloggers.
First, from what I can find, the average click-through rate online for ads is something like 2%. I suspect it's even worse for smaller blogs and independent sources that don't advertise using Google.
Let's assume you're getting a dollar every time someone clicks on an ad. I think that's high, but whatever. If we were to get everyone to start paying for content, that would translate to it costing around 2 cents for you to look at a page. If you're reading 30 articles from your favorite site every month, that's 60 cents a month. So people talk about how expensive content would be, but from what I can see it probably wouldn't take a huge amount of money to give sites the same amount of support that they're getting right now.
Secondly, I think it's at least a little bit problematic to say that ads make content free. The only reason why any company would ever pay to put an ad on someone's content is if they expect to make that money back, either by encouraging consumers to buy a different product than they normally would have, or by encouraging them to buy more of a given product than they otherwise would have. Statistically speaking, you are paying for content that is ad supported. If you weren't, nobody would put ads on that content.
And I realize that sounds a little bit like splitting hairs, but I get tired of this idea that ads don't have a consumer cost. If you completely get rid of ads through ad blockers, and by not listening to radio or watching live TV, and by not using any service that doesn't give you a purchase option... it will not take long until you become re-accustomed to "normal" levels of advertising. And once you are accustomed to that, you will immediately notice on venturing back into the ad-filled world just how much time and attention and mindspace that ads demand from you.
Everyone believes that they're atypical, and that ads don't encourage them to spend more, or to buy branded products instead of generic ones, or to treat practical products like status symbols. Most people are wrong about their own abilities though. Most people are affected by advertising. That doesn't mean that advertising is evil, there are lots of good use-cases for advertising -- but it does mean that ads aren't free.
It would be very hard to gather data on this, but I suspect that if you tracked the average spending habits of people who were inundated with ads, their monthly spending would increase more than the cost of buying a few magazine subscriptions. I suspect that's even true of most people on Hackernews. If anyone has data, they're welcome to prove me wrong though.
Doesn’t mean ads will die. Even if you pull everyone out of poverty, there’d be plenty of people who might not have cash to spare or even be unwilling to pay for all the content they consume. Plus there’s the slightly increased friction to paying compared to not paying and viewing ads. You have to make an active effort to pay, especially with micro-transactions, every time.
The trend is general: the tide is rising and lifting all boats.
> We are living through a period of rapid global poverty reduction. According to recent estimates, high, sustained growth across most of the developing world has helped nearly half a billion people escape $1.25-a-day poverty between 2005 and 2010. Never before have so many people been lifted out of poverty over such a brief period.
I work at an ad-tech startup, and I hear you. Ad-tech has lot of rotten apples. Advertising done right (aka unobtrusive, privacy conscious, and value additive) is a great for free information exchange. Bad ad is always bad, but ad may not always be bad.
There are lot of people working on it (including my startup) to solve the problem that are fraught with ad-tech in general and we are making progress but there is lot of inertia in the industry when it comes to change.
How can an advertisement not be bad? Ultimately it's always the goal to get someone to buy something they otherwise wouldn't. Even if you catch someone when they are already are looking to buy a product from your category you are trying to get them to buy your product instead of the competitor's. What would be helpful to the user in that moment is a product comparison that's honest and unbiased and not an advertisement. The goals of the advertiser and the consumer are inherently at odds.
I am an engineer and I love going to trade exhibitions. These shows are full of cool new tech once a year (Messe Dusselldorf, etc) and not only do you interact in a positive social way, but the people you meet you end up building long term customer-vendor relationships.
Perhaps it doesn't happen in the software but I work in Semiconductor industry. You can ask the same to anyone say in Fabrics industry or Electronics and they'll say the same. Trade shows are amazing and that's how advertising should be done - with respect, mutual interest and consent.
It depends on how useful the advertising is. It's not the tracking or privacy the regular user is most concerned about, it's the everyday experience that tells him advertising is still stupid and annoying.
Despite all the billion dollars ML systems with gazillion of factors analyzed on petabytes of data, all we've got is 'hey, you googled for a 10uA accuracy bench multimeter yesterday! now for two weeks we will show you all the $15 multimeters ever existed! (and most of them will be the same two Chinese models with different OEM labels)'.
Look at this (don't worry, it's short one-page) thread for example of how it might be instead - https://www.eevblog.com/forum/testgear/benchtop-dmm-advise-n... - and what if the message from Tek engineer that closed a deal was actually advertising? He just posted a link to relevant appnote, that's it. What if automatical advertising system showed the same link to the same appnote as an advertising to the same user?
For me, privacy and tracking is the problem. I have nothing against ads per se. I guess we should work on meaningful stats for ad billing that doesn't involve tracking to go back to content-based rather than targetted ads.
A lot of advertising is either raising awareness that a product category exists at all, or comforting potential buyers that people won't laugh at them if they buy a thing and it turns out to be a bad idea.
Consider the iPhone advertising campaign back in '07, modern smartphones would have taken another decade to take hold if Apple hadn't done such a masterful job telling people that a new category was being born.
Sometimes people will advocate 'doing your own research'. That is at odds with the fact that most people are incapable (not just disinterested in, but incapable) of evaluating all the decisions they make daily basis. Research the decisions you understand, copy someone else for the rest is the best strategy.
In that environment, even a good product needs some exposure to raise awareness that it exists. The game is more complicated than advertisers hypnotising an otherwise unwilling public.
> How can an advertisement not be bad? Ultimately it's always the goal to get someone to buy something they otherwise wouldn't.
Brand/product awareness. Sometimes you don't know what you want. And sometimes you don't know if certain product/solution exists for the problem you are facing. Believe it or not, one of my favorite apps is MyFitnessPal, I downloaded it via an ad because I was looking was health/fitness category product but never heard of MFP (few years ago before they were popular). I thought I will give it a shot and downloaded and solved my problems plus I discovered few more use cases for my health/fitness related interests.
Another example (rather misconception), "Google became famous via word of mouth". No, Google had prominent ad placement (aka powered by Google which was part of their contract) as a part of their deal with providing search on AOL/Yahoo portals. When non-tech savvy users searched on these portals they were exposed to Google and were exposed to much more superior search engine than that was available.
Your MyFitnessPal example seems more like luck to me than the norm. Ideally Google (or something similar) would naturally suggest MyFitnessPal to you based on your search history and ideally you'd get a comparison with other similar products. If Google knows you are interested in the product, why do they require payment from the vendor to tell you about the solution to your need?
Of course advertisements lead to spread of new products. That just means they work, not that they are necessarily beneficial to users. Every advertiser might believe that their product is beneficial to the user and therefore they are helping the consumer by telling them about the product. In reality that cannot be true for most advertisers.
There are a lot of products that I’ve either bought, recommended, or put up on my “list of things I’ll keep in my mind if I’m in the market” based solely on ads - mostly podcast ads:
BackBlaze - I think is s great service.
Hover: Anything is better than Godaddy.
Linode: I’ve recommended it to people who wanted cheap hosting.
Casper: recommended to a college student. His parents were happy with it.
SquareSpace - anytime someone wants a website, I recommend them first.
Ting - I recommended someone check it out.
Betterment - I did my own research but I first heard about it on a podcast.
Synology: on my list when my hard drive fills up.
Eero - I don’t need it, but if someone asked me what to get, it would be the top of mind.
> Eero - I don’t need it, but if someone asked me what to get, it would be the top of mind.
I think that illustates the OP's point well; you don't have need or experience of the product, but the psychological infiltration of ads means that you'll recommend it anyway.
What exactly do you mean by "bad" here? If you're making a moral or value judgement about ads being bad, then I don't know how to respond to that. Animals of all types are evolved to acquire resources, at any cost. And humans have taken the social aspect of resource acquisition to an extreme level. I'm not a big fan of ads either, but people do what they do. And making moral or value judgements about primate behavior is extremely one-dimensional.
I mainly copied the "bad" wording from the parent comment. However, I think my last sentence wraps it up best for me: "The goals of the advertiser and the consumer are inherently at odds".
I feel like Advertisement should be a “pull” rather than “push” model.
I want to see different vendors when I decide to buy something. But when I’m on Instagram and browsing pictures, please don’t sell me a chef’s knife or a guitar.
I have no experience in marketing and advertisement. But from a user standpoint, I want to look through Yellow Pages and Vendor catalogs. Not bombarded with ads all the time. What are your thoughts?
Absolutely and you have your preferences. The "pull" model advertising tend to be extremely expensive. For example, search advertising in search engines. That is known as intent driven ads, where user is clearly mentioning their intent.
"Push" advertising can work great as long as user is not bombarded with too many ads. Also, ad creative copy needs to be exceptional to make it work. In real work, a good example of "push" advertising model is billboard advertising or print advertising in magazines. Most people don't mind Apple ads on billboards (where they spend lot of $$) because they are done really well. Unfortunately, in push model on digital advertising is not always great due to poor quality of creatives or flashy/obstructive ads that distract users.
Instagram does advertising surprisingly well but that's may by my opinion since I have seen lot of bad stuff in ad-tech. My GF works in textiles/product design world but loves ads on Instagram since she follows certain type of accounts related to work and she gets very context driven ads, which she loves. Similar to ads that you get in high end fashion magazine. Believe it or not lot of people buy magazines like Vogue for their advertising too. You can always mute ads from accounts that you don't find relevant.
Some apps/companies are going towards providing ad free option (like Spotify) for users who don't want ads at all, I think that will get more and more traction in coming years..
>For example, search advertising in search engines. That is known as intent driven ads, where user is clearly mentioning their intent.
Your example is still a "Push" ad. You're pushing your stuff without being asked. Looking for information on a topic is not a request for ads on that topic.
A pull ad would be an ad catalogue, or a website built purely for ads where people would go to explore for new things/services/whatever if, and only if, they wanted to.
I don't see how having the sign-in sync turned on by default can be compatible with "privacy by design and default" as mandated e.g. by the GDPR. I wonder if they will have to offer a EU version of Chrome soon therefore.
Anyway, 90-95 % of users will probably just stick with the default value because they either don't know about the option or don't care enough to change it, hence from Google's perspective introducing it won't hurt their data collection efforts that much while they can at least say they did something to protect people's privacy. This is why I think "privacy by default" is so important, and it's sad to see that some of the largest players in the data collection space still ignore it.
Matthew Green's blogpost made it sound like Google had access to everybody's authentication cookies and cleartext passwords. Comments on both HN and cryptographyengineering.com show that this is what users actually believe now.
It's not about storage it's about tracking. If Chrome syncs your web-based login cookie with your Chrome authentication it means they will associate the data your browser generates with your user account. I don't know what they collect there but I assume it's something, as otherwise why bother to log someone in?
It certainly means that it's possible, but of course it was potentially possible before, and the code is, afaik, open source, so you're free to look and see if they really are.
As for non-tracking reasons why this change: it improves the us for users who use multiple accounts or share accounts on a single system.
Sometimes things are just because they want a more useful product.
Maybe, it doesn't change the fact that it's not privacy by default, because that would require having the user explicitly opt in to the syncing of the two sessions. That has nothing to do with wether they actually collect or transmit any data.
>Maybe, it doesn't change the fact that it's not privacy by default
Why? If this change doesn't impact privacy, why is having it opt out not privacy by default? How is a no-op from a privacy perspective privacy-anything?
Is it a no-op though? From my understanding of the privacy policy, Chrome will send e.g. search queries along with other metrics to Google even when the syncing is turned off. As these things are turned on by default it means they would get associated (or at least would be associable) to the logged in user. Is that not the case?
Also, privacy by default means that no unnecessary data is created or shared between systems without asking the user first, regardless of what the purpose of this data sharing is. The Chrome browser and the Google web services are two different things, and most users will not expect that the two accounts are automatically tied together. The nice thing to do here would be to simply ask the user before syncing the logins. I suspect that the long-term goal here is to tie the browser history and search queries of more users to their Google accounts, because that information is very valuable (but also highly sensitive).
I'd prefer that Google not add this "feature," instead of just issuing a blog post that will go unread by 95% of people, and adding a setting that will go unknown to the same 95% of people.
"Oh whoops we got caught. We'll give the few upset people an extra check box to revert to old behavior. But luckily no one else will ever know."
I am one of whom has switched its browser because of this issue. I have seen that in the blog post, they claim Chrome will offer an option not to allow chrome sign in when you sing in on a google service. Let me describe your mentality: hey there who is aware of what they use. I have an option for you. You can turn this feature off. For the others, this will be default. Why don't you simply make this option closed as default?
Do you still want to play with your users, Google? It's your product and your choice. Good night and good luck
This is such a typical response that I would expect from any product management team. "We hear you, we're making small inconsequential changes to make you feel better, but the decision is final."
I still love the rationale for this decision:
> Over the years, we’ve received feedback from users on shared devices that they were confused about Chrome’s sign-in state.
Their solution: Let's add another state - the "sync" state - I'm sure this won't be confusing to users at all /s
for me, the latest issue was just the straw that broke the camel's back. I switched to FF + DDG + Protonmail because I don't like the idea of a Google web.
- Search
- Analytics
- Email
- Storage
- Android tracking
- Online video
- Chrome which is now becoming a portal to the GoogleWeb
I don't want any company to control this much of what I do online as a matter of principle.
At this point they're a victim of their own success.
I'm basically in the same boat. This move combined with the project dragonfly leaks has led me to conclude that google cannot be trusted with my data. That in turn led me to evaluate just how intertwined google is into my life and its pretty scary.
Reading this was infuriating. The usability rationale is a blatant lie. They did it to attempt to get Chrome users to adopt Google services more, just like they have with Android, changing what were formerly simple, generic apps to tie into google services (Play Music instead of an audio player, Downloads advertising Google Drive, Keep instead of a note taking app, etc). I like and use a lot of Google products but I don't appreciate my preferences being disregarded.
My complaint is not this specific change, but the thought, review and release process that allowed this to become the default. And what was the thinking behind not attempting to explain the cookie behavior that at the very least is surprising, but generally just a bit creepy, right?
Did users really need to explain this to Google? Perceptions of trustworthiness are based upon behavior, and this erodes that a bit. Not a massive amount, but enough to cast new features in a different light.
(The justification that 'most people will find this easier to understand' only goes so far and the fact it gets trotted out so often is itself concern. 'Being logged in everywhere makes your life easier!' Okay, ... and? Who else's life does it make easier and what are they gaining?)
Chrome is just spyware. Move on to Firefox already. At some point, Chrome was feeling faster than Firefox and some dev tooling warranted a try. But, with Firefox where it is now, seriously think why on Earth do you want to run this spyware from Google as your web browser.
As a Firefox user: it might be less of a spyware than Chrome, but with the Google funding Moz://a can't even plausibly deny they are not controlled competition on the browser market.
That switch strikes me as the perfect compromise - the default remains the automatic log in behaviour and those who don't want it have an out. If I were putting the automatic sign-in feature together I'd have considered this from the outset, but the Chrome devs have always had a preference for minimal UI. Usually this works in their favour, in this case it did not.
Don't conflate Chrome sign in with any web page sign in - not even Google's own. Call that web page neutrality.
Also, I wonder if it will allow signing in with one account and syncing to another as it used to before the current mess. My use case: Keep myself signed in to G Suite Apps (Gmail, Drive, Docs, etc.) with my work address, but sync my bookmarks, extensions and settings to my personal address.
Side point - the comment "email the senior product managers in charge of Chrome!" feels aggressive. It could be an email to a generic address where they sift feedback. That's hardly an unused option on the web. Is my comment here unfair?
While 100% you are correct in the point, I feel polite discourse on HN is the aspiration.
Comments on blog posts are usually close to useless, because the community cannot moderate/curate itself pretty effectively. HN and Reddit are far better tools for feedback.
Was holding back updating to 69, and after restarting le browser, boom I'm now im forced to use this crap with no way to go back.
Spent hours trying to figure out how to disable automatic updates on a Mac. Everything is so deliberately hidden it's disgusting. Find com.google.Keystone.xxx, LaunchAgents, plists, edit this XML, and edit that UpdateDefault field, policies, etc. [1]
Then, being fed up with Chrome, lets see Chromium website, maybe those guys without any bad motives can provide a developer friendly way to disable updates.. It should be somewhere in about:about right? Nop, clicking on how to turn off updates guide[2] redirects to a a Google page irrelevant to auto updates..
This reminds me of the time that Chrome didnt have any password (keychain) protection and they were claiming it was a Feature!
When I found out the Google update service secretly wake up at night to scan all my hard drive's they where quick to remove that "feature", but I'll never use a Google product again. (it could also have been a malware or virus). But who cares right ? Today everyone uploads their IP to the big vendors who's business model is far from only providing cloud storage.
> "While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome."
Frankly, is this just more subterfuge because this is opt-out and not opt-in? Most people wouldn't really understand whatever help text you put out there. If you word it in a way that makes saying yes look like the better option, people will do so (people generally say "yes" or "ok" to any dialog because they want to get rid of them and get to work). These are dark patterns that nobody should use, least of all a company that claimed long ago "do no evil".
If sync is left disabled, what else does signing into the browser do? I normally use Firefox, where my understanding is that when you sign in, you're specifically signing in to Firefox sync. Since these are separate options on Chrome, presumably there are other functions tied to browser login.
I still haven't seen any clear statement from Google on whether or not being signed in to Chrome w/out enabling sync alters what data flows from browser to Google in any way.
If signing in to Chrome is completely without any data exchange, collection, aggregation, or reporting, then please say so.
Their explanation about solving the inconsistency between the chrome browser logged in user and the google web site logged in users makes some amount of sense. I am sure there have been some interesting incidents where people's browsing habits were exposed to other users unintentionally and it's reasonable for Google to want to respond to that.
It seems unnecessary however to auto-log in a person to the chrome browser when there is no such login in the first place to solve this though. It would make more sense to just display a warning when the state is inconsistent rather than start auto-logging people in (regardless of sync state).
This is not attempting to fit user needs, this is an attempt to put out a PR fire and salvage quarterly earnings.
I'm still leaving, maybe even more-so because of the false heartfelt "ok let's do it your way". I will not be patronized, we're not on the same team anymore.
"It is not from the benevolence (kindness) of the butcher, the brewer, or the baker that we expect our dinner, but from their regard to their own interest."
Regardless of motivation (which is ultimately unknowable), is the tangible response from Google adequate?
Google didn't used to be in the business of collecting every byte of metadata as sneakily as possible to earn every possible cent of ad revenue; times have changed.
Furthermore, this is not one mistake. This is the loudest and most obvious mistake in a trail of increasingly adversarial moves.
Maybe Google's bottom line will go up, but it won't be with me, or with anyone I know if I can help it.
I don't understand, the piece looks like it promises to address all the problems highlighted in the past few days in Chrome 70. Why are you saying it is a PR piece?
Also, it represents a culture shift. Many engs and mgrs have moved on, retired, jumped to new shinies (when FB, Uber, Twitter, etc became the new shiny) allowing a culture shift via replacement with people who have a different compass guiding them.
Nothing surprising: Google's revenues come from advertisers. Advertising is its main focus. Not developing browsers, or even providing search results. Those are merely means to an end. And of course, all the users are targets for ads, NOT customers. A farmer's cows aren't his customers; same logic here.
Because there's literally nothing they could've said that would make them change their mind. This is the most reasonable response Google could've given. They've addressed every issue as promptly as possible, yet people just dismiss is as PR. It's a lose-lose battle, no matter what they do, people like this will always spin it in a negative way with zero justification.
Well they could have make the changes they're saying they're going to make in the first place. Or not have sent their developer relations goons out to say "move along, nothing to see here, folks" when people started complaining.
Sync is off by default, how is that not privacy friendly?
They will be deleting all cookies by default, how is that now privacy friendly?
The core feature itself, setting it off by default defeats the whole point of the feature, because it's for the 99.99% of users that are not power-users. It's also not a privacy issue because, again, sync is off by default.
One thought might be that a company interested in making decisions based on customer feedback would consult those customers before making a change like this.
they are solving issues and bugs that they probably already planned to address. they aren't doing anything because we asked them to, they are just pandering to their audience by saying that. IMO.
Of all of the things to be upset at google about this just isn't one of them for me. I'm not quite sure why this is the thing everyone is rallying against google about.
"...While we think sign-in consistency will help many of our users..."
There's the nub of the thing, and it's not just Google. Like the old song goes, everybody wants to rule the world. That is, if you have a popular service, you buy up other stuff, add on stuff you can do. Pretty soon your users have multiple accounts all over the place. You gotta go to some kind of single sign-on, right?
It's not that it's a bad idea, it's that it's the kind of idea that shouldn't apply to the universe. It's fine when it's your corporate site. Who wants to log into three dozen corporate systems? But when you get FB tracking you everywhere, Google integrating what you thought was a browsing app with it's universe of offerings....it doesn't work.
Yes, users probably wanted it, just like some of them want you to turn the damned thing off. But the key problem here is that single companies shouldn't be in the business of controlling all the information flow. Any architectural decision they make has social/political implications. For this chrome thing, they're trying to position google as the internet, not a place you go on the internet. Everybody wants to do that. And they all claim it's to help the users. But I don't want a company being the same thing as the internet, no matter what Aunt Sarah wants. It's not good for the rest of us. Add to that the way this was done, and then the engineering team being clueless?
It's not that they set out to do anything wrong. At some point, anything you do is wrong. You just have too much freaking power.
Google business model is the greatest con the Internet has ever seen. I mean, it's a con when your front says "we do no evil, we are cool", and your back is squeezing your users for everything they gave you (gmail monitoring, browsing habits, location history, adsense scam, and now permanent logging). Mind you, I just uninstalled Chrome. Luckily, I never really used it. I recommend Safari and Firefox.
I find it interesting reading all the comments here. I can understand the frustration of many HN users, but I also have seen "average" users be confused about switching google accounts on a shared computer. This change is aimed at helping the vast majority of their users understand which account is currently active, and if my experience helping family is any indication it is a good change.
I think the larger issue is the culture that not only thought that these changes were OK in the first place but also thought the sneaky manner in which they were rolled out was OK too.
Trust and good will are finite resources Google. There will be no switching back. The horse has already left the barn.
> When you sign out, either directly from Chrome or from any Google website, you’re completely signed out of your Google Account.
Am I reading this correctly? When I sign out from one of the Gmail accounts I keep open, I will be signed out of Chrome? I hope this is a misunderstanding.
Just tried and that certainly seems to be the case. Signing in, or out, of either chrome or website accounts will reflect that action in the other space.
Okay sure... please provide opt-out or disable option for the "Account Chooser" you currently force on everyone for web login.
I don't want my credentials hanging around on the page after I click 'sign out'.
The function of remembering login details on web forms is better left up to my browser, where saved logins are remembered according to my settings and choice, per site. It's not Google's place to stomp all over the well-understood concept of "sign out", with this half-baked "sort of signed out" reinvention.
He doesn't say Google doesn't track you with this stuff does he?
My guess is they know exactly which sites you visited so the fact you can't see the History sync feature means he's being disingenuous about it not being turned on.
And even if this isn't being used right now someone will eventually abuse that unwritten agreement between you and Google.
Okay that’s something, I’m sure you can understand I always assume that if the algorithms can track me at some point that information will be too tempting to integrate.
So it will be opt-out?
I'm sticking with vivaldi for now. I only used chrome because of the dev tools, and vivaldi being a chromium based browser has that as well, along with what seems like much less memory usage and snappier response.
Tangential: What is this blog template ? Opening it in chromium and doing pg up/down in quite succession makes it stutter and use 200% CPU. It's also so bad with readability. Why does a simple paragraph of text need all this ?
I have to say, I felt like I was one of the few supporters of this feature. But these changes make it even better and clearer for users and they might not have been made if there wasn't so much pushback. So, thanks everyone!
The 'suggested articles' that they sneaked into the Android Chrome 'new tab' page a few versions ago really get up my nose. There are some switches somewhere to turn them off but its hard to do.
A classic case of two steps forward, one step backward. Google knew this would be a big change for the tech community and devised a release strategy accordingly.
Google is going to continue this pattern of behavior. Two steps forward, backlash is too bad, one step back. Let the dust settle, another two steps forward...
It doesn't take long for the tide to turn when you compromise core values. Sugarcoating isn't going to work, I for one see your this trajectory as particularity troubling, if Google doesn't hold onto the reins of what little is left.
I hate to say it, but it looks like they addressed all my concerns. Except for the fact that I briefly enabled sync, thinking it was for cross-device tab syncing (silly me).
You wanted a company that doesn't sell your information. It would take five minutes to read their privacy policy to confirm this for yourself. Much easier than switching providers.
Ok, let me rephrase that: they monetise on my personal data and online behaviour. Selling the data would mean losing their unique position. Btw, interesting article currently top voted at HN about ex-google employee ;)
did anyone really like spam in Gmail. If not, Why Google didn't have fixed it yet, I am having that issues from 2014, I only check my email once in one or 2 week(s).
>We deeply appreciate all of the passionate users who have engaged with us on this
If only we could believe this. The last few Chrome updates have clearly shown that Google will undermine the users' privacy in the blink of an eye whenever they see fit.
When there's enough backlash, they will apologize in a cringy way and make some minor changes to appease to the community.
I had my reservations against Chrome, but changed to it anyway, because Firefox was in a bad state at the time. Now that is no longer the case and Vivaldi seems to be quite good, too.
>While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome.
The pretext of this feature is supposedly that people who share computers are accidentally signed into someone else's account and this solves that, but why should this be done at the browser level?
I have a hard time believing that anyone who uses the family computer doesn't have their own account in the OS, where their Chrome profiles will be kept separate. I also have a hard time believing that this isn't just about making sure every session is authenticated to make cross-device tracking easier/possible. It's why every Google app on iOS seems to want you to log in. I think my suspicion is probably correct since they're making it opt-out rather than opt-in (knowing most won't).
> I have a hard time believing that anyone who uses the family computer doesn't have their own account in the OS
What is that based on? I think it’s very unlikely on the contrary that the average “family computer” user (outside the tech bubble) would even know how to create a new Windows account, let alone bother to actually do it.
Sadly, its remarkably rare that people have accounts on a home PC. You can still setup a windows desktop with a password-less account, and many people do.
I don't understand the difference between "signed-in" and "sync on". If you're signed in and not syncing, why the hell are you even signed in? In a browser, I thought signing in had the sole purpose of syncing my stuff.
Dumb question, but what does "signed into Chrome" even mean? Since when do you sign into a Browser (or any other app on your computer, for that matter).
I use mostly Firefox, so what am I missing about Chrome?
Too little, too late. The cat is really and truly out of the bag.
As Microsoft did with Windows 10 Google have done with Chrome they have moved the capture of telemetry and personal data from their network to the users platform.
In the case of Chrome the community have the choice to fork our platform and thank google for their contribution, but say no thanks to thier continued stuardship of it.
Sometimes I wonder if senior execs really understand how precarious open source based business models are - like politics we can vote and change the leaders if they stop acting for the common good.
Who is committing to chrome? Who is fixing bugs reported by users?
Google employees. The community is... mostly users. Any fork of Chrome will likely fail, because there is no magical community of privacy minded developers that has the time and expertise to develop Chrome, which is a massive and highly complex piece of software.
If you really feel this way, just switch to Firefox. Mozilla actually has a team of developers who fix and improve it.
Note that a majority of Mozilla's funding comes from royalties paid by Google for ads clicked on SERPs inbound from the Google search box. So Google has the power to control Mozilla if they really needed to.
I figured Google would do something cosmetic (again, that's all that I think they really needed to do) to clear up the misconceptions here, but they've added a Matthew Green switch (which is what we all need to call it from now on). That's better than I'd hoped for.
[1]: https://textslashplain.com/2018/09/24/chrome-sync/
Not so much from a privacy angle but from more of a 'Chrome has lots its way' angle.
A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.
Glad to see they are listening to user feedback and reacting quickly.
I consider an opt-out as paying lip service to the feedback. Clearly they feel the default is more important than the generated angst. Reaction clearly needs to be even stronger to affect real change. An opt-in (e.g. a dialog on next Google login from Chrome asking for feature enable) is a compromise, an opt-out is to appease the temporarily upset while keeping all that they added in place and defaulted.
This is not an olive branch, don't accept it, condemn the continued incremental marriage of Google browser+services, and continue to move on and de-google yourself where you reasonably can.
Much more common, though, I'd say, is the type of user who will accept whatever the default is, because they just don't care.
Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.
If you think something is good for people, you have to consider the large group of users who don't want to put in the time/energy to evaluate whether the thing is good for them, but just want the program to shut up and do what it does by default—whatever that is.
When I flush all cookies from my browser session, and open a new session, I am a new user to google's various tracking mechanism. If I am an authenticated google user, then I am not.
In other words, you had half of HN claiming to be leaving Chrome over something they had no reason to believe had any privacy implications, and in reality, has either 0, or really close to 0, actual privacy implications.
I made a claim about HN being a small group in the grand scheme, and someone countered by claiming that most users didn't understand what was changing. But I think the funny thing is that the average user, who had the understanding that "literally nothing" was changing, would have been closer to the truth of the situation than the average HN commenter.
Not to say that the result of the hullabaloo was bad, I actually think this set of updates only improves things over where they are now, but its still a really strange sequence of events.
This is kind of what I mean, you can't talk about this without hyperbole.
The whole point of the feature was just that:
1. “are you logged into your Google Account from the perspective of Gmail et al” is now the thing the browser chrome itself reports; and
2. you now need to be logged into your Google Account in the cookies sense for Chrome sync to function; logging out of your Google Account turns off Chrome sync.
Before, people could be in a state where they have Chrome sync enabled with foo@gmail, but are not logged into foo@gmail from a cookies perspective, and are potentially even logged into bar@gmail.
This is the state that has been eliminated—now, the browser chrome’s login state reflects your Google Account web-cookie login state, because they’re one-and-the-same; and every method that logs you out of your Google account from a web-cookie perspective, also logs you out of Chrome (and vice-versa.)
Consider the privacy implications of someone who logs out of Gmail, but is still logged into Chrome sync as said Gmail user; and then lets someone else use the computer. That is what is no longer possible.
It’s a privacy improvement targeted at the people who expect “logging out” of their Google account to be one unilateral action that frees a computer of all artifacts related to their original logging-in. Which, until recently, wasn’t true: if you originally logged in by entering your credentials into the “new Chrome profile wizard” (where they set up the credential as both your synnc and web-cookie credential), and then logged out of one, it wouldn’t affect the other.
That Google are announcing walking this back within days of release and publicity suggests some measure of the storms roiling the 'Plex presently.
For you, it may be a no-op, but for many users, it is a net increase in privacy (people who use multiple accounts or who use accounts on shared computers).
>That Google are announcing walking this back
Erm, sort of, I guess. There are some small changes.
What numbers, precisely, do you have on this? Because it sounds to me as if you're arguing from a position of ignorance.
There might be some benefit to the small number of users who 1) have multiple devices and 2) share one or more of those amongst several other people in the same account in ways that this Chrome feature ... might address. But this doesn't strike me as some overwhelmingly large use case.
The system for user separation on shared computers is called ... user accounts. Which every mainstream consumer operating system has supported for the past 17 years (Windows XP being the latecomer to this game.)
Otherwise, this is a broadening of Google's ever-expanding ingestion of user data, either directly or by way of one more (or an incremental series of) "small change". If I notice my enemy maneuvering me to his advantage, I counter that maneuver. In my case, it's meant uninstalling Chrome and Chromium from any systems on which that's possible.
(My much-regretted purchase some years ago of an Android tablet being the primary exception, though I'm resolved to not repeat that mistake, despite a dire lack of viable market options presently. Purism and Ubuntu may be nearing useful products.)
...small changes...
In the Universe in which I inhabit, Google specifically addressed user feedback and sign-in changes. I cannot find your characterisation of their announcement as accurate under any charitable interpretation.
Certainly, for you or I, user accounts (and incognito windows) solve most of the problems that this change fixed. But most users aren't you or I.
Therein lies the disagreement - Google thinks it is good for people to log in to Google services via their browser, and to always be logged in (it's certainly good for Google!), therefore they choose these defaults, opting in to login and to tracking.
Many disagree.
Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.
Most people won't know that these chrome features exist. Most people don't go digging through options and settings, they just download chrome and go, go, go.
To fix this, the “remove cookies” button would also have to sign you out of chrome which would also feel weird from a UX perspective.
All in all I think this was just released a bit early before all UX edge cases could be tackled (or even discovered. Sometimes you find things only in wider rollouts)
https://twitter.com/ctavan/status/1044282084020441088
Then maybe tying the Google state to the browser state was a mistake and should be reverted?
Heh, I wonder if the next privacy blunder from Google will make you further reconsider your "voluntary vendor lock-in" approach :)
I've been using Firefox as my main dev browser for years and it has a huge, practical advantage:
- Usually it Just Works in every mainstream browser (had one single case in the last year where it broke in another browser).
My colleagues who use Chrome has to fix QA bugs more often than me it seems ;-)
Bonus: Support a good cause (cross browser compability)
I fear that changes like this will eventually make it impossible to effectively explain to an average user even the basics of how the web works.
With G Cookies also deleted, I may wonder "Why is my picture in the top right but no Google services are using it??". To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be.
The logical thing to do, if your real aim is to have browser sign in state reflect cookie state, is to sign out the browser when someone clears their cookies.
That would make total sense to users.
I think this is clear evidence that Google made this change to keep more users signed into Google so they can collect more of your data without telling you.
I could be mistaken, however, so I'm curious - what data does Google collect without telling the user, at least by making that data collection transparent?
Problem solved?
That’s why people are complaining - they see that google clearly wants to privilege their own sites and logins in chrome and push the users to always be signed in with google across any site. Great for google, bad for user privacy and the open web.
What happened to their very vocal concern over net neutrality from last year?
I highly doubt the common person knows what a cookie is, let alone how to clear them.
A simple solution would be to add an extra step when clearing cookies that asks if you would like to stay signed into your Google session and clear or keep those cookies based on your selection.
But the fact that they are different things is precisely the reason why they should remain separate, not conflated into one soggy, confusing mess.
Also, in my (admittedly, n=1) experience, Sync was enabled automatically, perhaps because I had tried it at some point.
Thanks!
When the enemy of their enemy becomes their friend, the question then is who their common foe is. Microsoft is actively working to push the needle in the same direction as Google on ignoring and removing user choice in their products. An ex-Chrome dev at Microsoft defending dark patterns from his former team by mocking user concerns (as you are, with your "Matthew Green switch") is hardly an objective slam dunk.
Google is free to do integrate their online environment into their client, but it's dishonest to continue to call it a web browser much longer.
G is eroding privacy every day, every release. They try to do it in small steps, as to allow the gsheeple to claim "overblown".
Wait a few months and sync will be automatically enabled.
What is that photo at the top? https://secure.gravatar.com/avatar/89c27d27b73dd3690b3dad59f...
We thought it was a dog, but then it was obvious it's in space. Now it just looks like a stuffed animal in space.
EDIT: Ah good, all of my comments start at the very bottom: https://imgur.com/yvYKXu4
This is an amusing way of framing a ban. Supposedly it's a three-month probation.
Oh well, let's make the best of it. October's coming up. How about a ghost story? "Once upon a time, there was an HN user. Now only those with showdead enabled can see him..."
I mean I know it from the companies perspective of course. They want to consolidate as much data about you as possible. And tie you into their ecosystem.
But what is the user facing benefit? Syncing your bookmarks across devices?
Syncing bookmarks, recently opened tabs, passwords, autofill(?). These are genuine benefits when you're working with laptops, desktops, phones and tablets. Whether they're worth the cost of data mining is another matter of course.
The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users? Of all the pages that have nothing to do with them?
Same with passwords. So they have a gigantic database with all of their users passwords for all the services the users use? Even those totally unrelated to Google?
So... you're happy that they're giving you the option to turn it off then, right? I mean, you appear to concede that someone users want this. You want the option to turn if off, which you're getting. That seems like good news.
Except your tone doesn't seem to match your logic.
FWIW: I use Firefox too. But... I mean come on folks. They messed up, they're fixing it. The obsession with hatred and flamage is getting a little out of control.
https://support.google.com/chrome/answer/165139
Perhaps you have never visited passwords.google.com :-)
> Passphrases are optional. Your synced data is always protected by encryption when it's in transit.
Data is protected when in transit and passphrase is optional. How is this a good feature?
When you use a passphrase, your data will presumably be encrypted with your passphrase and thus only be visible to you with knowledge of the passphrase. Not even Google could see the data while it would be stored on their servers.
Encryption during transit means that no bad actors like hackers, unscrupulous ISP's or overzealous governments can access your data _while_ it travels over the wires towards Google's servers but Google can still do what it wants with your data.
(I work for Google but on nothing remotely related to this.)
I'm looking at something on my desktop, have to go somewhere, so I just send the tabs to my phone and continue consuming. If I forget to do so, I can also use the url bar to search through common history, so that I could enter a few words from the title and go back to that article.
That being said, I personally wouldn't trust Google to do this, so I use Firefox that I believe encrypts data client-side by default.
They claim sync data is end-to-end encrypted. However they would already have your browsing history if you have address bar suggestions enabled.
Distributed, and it pays for itself using AdSense.
https://old.reddit.com/r/dredmorbius/comments/69wk8y/the_tyr...
Here's one way: there's not a singular axis that users wanting sync and users not wanting sync can be placed on and compared.
The other poster expressed how the feature sucked for their purposes. But the feature wasn't made to punish them, it was made after evaluating the preferences of many users, which is what my question is getting at.
Specifically as to sync: I would love to be able to sync certain elements of browser state between my systems.
Not between one of my systems, some arbitrary third party of questionable trust and intentions, and another of my systems. But directly between my systems.
Google actively thwart this.
A feature of most early browsers was the ability to save bookmarks to a file, and import that elsewhere. By slight extension, a browser session or tab state can be saved, either directly, or as bookmarks.
Chrome does not do this, either at all, or on all platforms. It's most resistant to this on the consumption-only platform of Android.
This has been a major point of frustration to me for a year and a half as I've been wanting to dump user state from one system to another, without Google intermediating that exchange for me. I've found no means of accomplishing this.
That is one element of the tyranny of the minimum viable user, as well as of Google cattle-prodding its users into the feed chutes.
If the company supplying these features are forcefully making these decisions on behalf of me, I can assume that there are other intentions and motivations for providing these services to me for "free".
The next step in this equation is even more frustrating - people who's default workflow to signing in is to click 'I forgot my password', and proceed through those steps to instil a new password. And then the cycle continues.
How is that ironic? People who can't remember their password would have the most reason to let an external apparatus save it for them.
I understand healthy skepticism of Google, but essentially claiming password managers (which is what this feature is) are bad, for the sake of criticizing Google, is bad.
A good password manager is a great tool and more secure than a few simple memorable passwords. But when I use it, I'm making a conscious trade-off between memorable passwords and secure ones, but usually I'll at least need to memorise a master.
I'm fact just thinking about it - if Chrome's signin affinity is turned on, and I have chosen "remember me", AND I use the password manager, isn't that effectively equivalent to having your entire password manager with a "remember me"?
That's also one of the situations it's most useful in, as having your saved passwords already present on your phone when you try to log into a site you generally don't from your phone is extremely helpful.
I actually value and use sync. Google sees most of by browsing through page-hosted GA anyway! But at best, this was really lazy product management that smacks of condescension about less technical users (don't worry your head about these cookies). And at worst, it's testing the waters on some really nefarious strategies.
I do have a Firefox account which syncs up my passwords, history, etc. so in a sense I'm still logged into the browser.
I do trust Mozilla more than I do Google with my personal data, though.
One more reason to go with Firefox.
"The security model of Firefox Sync ensures that your sync data is encrypted before it ever leaves your machine, and that the password to unlock this encryption is never transmitted to the server. Not even Mozilla can access your sync data, so while we transmit it all over TLS for additional security, we do not depend on the confidentiality of TLS to keep your data safe."
https://medium.com/mozilla-tech/how-firefox-sync-keeps-your-...
"When you sync Chrome with your Google Account, we use your browsing data to improve and personalize your experience within Chrome. You can also personalize your experience on other Google products, by allowing your Chrome history to be included in your Google Web & App Activity."
https://www.google.com/chrome/privacy/
OK but I expect that most Chrome users feel different about that. Most are probably happy that this UI change makes things less confusing.
Second, and probably more important, software is about trust. [...] And what google did is to shatter that trust by sneaking that change discretely.
Why did the UI change shatter trust for you? It doesn't enable syncing so I don't see what the big deal is. With syncing out of the equation, I can imagine that you don't like being logged in in the browser for aesthetic reasons or something, but to have one's trust shattered?
They've achieved so much ubiquity, that their offerings are becoming incompatible with an open web.
{ "SyncDisabled": true }
into /etc/chromium/policies/managed/test_policy.json (for debian linux) seems to do the trick for now, unsure how long it lasts...
see: https://www.chromium.org/administrators/policy-list-3#SyncDi...
How did you expect them to announce a change they probably perceive as a minor UX improvement? Also this has been brewing for months in canary/beta, it's not like they actually snuck the change as you imply.
Just because you split a large change into a set of minor UX improvements and have different excuses for each individual change, that doesn't make the direction of travel any less damaging.
To be clear, the direction of travel is for Google to abuse their de-facto monopoly on search and browsers to own SSO across the web and track their users completely, at which point they will pretty much own your entire web experience (logins, browser history, maps, news, search, tracking, analytics - all this data will form a huge moat making it hard to compete and hard to resist decisions made by google about the web) - even if you don't use them they'll own the experience of the majority of your customers. This is why these small changes are so pernicious, and why people have reacted badly to them. This is why people reacted so badly to AMP.
This is not an argument over technicalities or quibbles over UX, this is a fundamental question of who owns the web.
Google have built up a lot of trust over the years by keeping the browser independent of their other operations, and making great technical progress with Chrome, but these changes (and others like starting to abuse their search monopoly by privileging certain google results) show that is not going to last - they are now at the monetising phase of their lifecycle, and nothing can stop it - a huge corporation has a momentum of its own.
No - because they are free, ubiquitous, and often installed by default. People choose their browser as they would choose a hat, from the limited selection available.
Given that, their reaction on their blog seems above and beyond to me.
Edit: Downvoters, reply with how this is incorrect instead of downvoting.
I hope this is a wake up call that privacy implications need to be seriously considered during product design (even if the intent was better UX), and hidden changes without any UI/notice is going to make issues blow up far more than if there was clear in-app communication.
To be honest, it’s best to use an independent company for your internet browser. Google’s incentives and business model no longer matches web browsing for someone who cares about privacy.
Chrome was introduced by Google with the idea of improving performance of webbrowsers in general so they could do more with web-apps. That did seem somewhat reasonable at the time.
But since Chrome became the market leader, the incentives have changed.
And KHTML team in a cave.
Do you mean "I haven't used *Chrome" ..."? Otherwise I don't understand what you're trying to say.
Google software seems to be chrome-optimized, but it's usually only slightly slower on Firefox - it still works.
Maybe am too cynical, but I think it would be a wake up call to hide such features better in the future. This is Google we're talking about here.
There's just too much to keep up with at this point.
I'm happy about this change, it's a big move in the right direction. But it doesn't give me any confidence for the future. It's crazy that users have to do this every single release. It can't continue like this.
I have no idea anymore what it would take to get me to switch back to Chrome or to start recommending it to friends and family. I feel like Google is actively training technical communities to distrust them. It's going to turn into some kind of Pavlovian response.
Edit: Permalink to the relevant comment: https://bugs.chromium.org/p/chromium/issues/detail?id=883038...
One week it's the domain hiding, another week it's cookie clearing. Who knows what Google is planning to change next time? It's not sustainable for us to go reactive every month.
There's an awfully big disconnect if the makers of the world's most-used web browser are routinely trying to change it in ways that users force them to immediately revert. That's not what good stewards do.
Just look at how they do product naming. How many times have we seen Google or Facebook launch projects with the same name as an existing project and just use their size to steamroll over refernce to the existing work?
E.g. the Go programming language or Facebook’s Flow checker for starters.
It's not exactly a secret. Go download Canary and see what's in the pipeline.
You can do that, but it's time consuming and exhausting. You're better off switching browsers.
I still think you're misunderstanding. The problem is that Google as an organization has the incentive to pull shady shit. It may be noticed, but watching Reddit/HN to see if your browser, which should protect you/be trustworthy, is pulling shady stuff, or whether you may've missed a story of it doing so is still exhausting and keeps you wondering.
A recent example: Hackers hate the idea of removing "www". Why? Because it's less accurate and we love accuracy. We think about what happens to the DNS if the www isn't a CNAME for the root, and how this isn't technically accurate.
Real users don't care. The UI is cleaner and make important information like what domain they're actually on more pronounced. This may help reduce phishing attacks and make URLs more legible.
Integrating sync is the same way. I'm not surprised that hackers hate it, but end users will appreciate the convenience. Android had the feature for years already.
We need to get out of this bubble and stop assuming we're the core audience. It isn't evil to design for somebody that isn't us.
> Thanks for the feedback so far. We plan to collect additional feedback, particularly about the enterprise use case, before launching the feature. We will not be launching the "www" elision in M70.
Note: “before launching” the feature post-M70.
As you correctly point out, it’s not necessarily cancelled forever.
The statement applies to any delay within the range of "soon" and "not forever".
The last that I heard, it was temporarily removed in Chrome 69, and `www` would be reintroduced in 70. Unless things have changed again since then, `m` was the only change that was actually shelved.
Many of the complaints that Chrome has gotten are not specific to technical communities. People were mad about `www` not because the technical communities have a thing for seeing the subdomains, but because there's a risk that average Joes can be phished when they're removed, and because on some domains the removal makes technical support for people like Joe harder. Similarly, the Web Audio complaints were not merely that the technical community wanted more control, it was that the changes broke the web for non-technical users in a way that commercially advantaged Google's own properties.
Secondly, Google's external PR has never taken this stance. Google invests a lot into interfacing with the dev community and positioning Chrome as a dev-friendly browser. I very much doubt that any Chrome dev on Twitter would agree with what you're saying. They would say that Chrome is trying to be a browser for both casual and advanced users.
As long as Google advertises Chrome that way, I don't see the problem with the technical community demanding a certain level of consideration. How many people on HN use Chrome (or at least did a week ago ;))? If Chrome isn't designed for people like them, than it seems like the obvious solution is for any tech savvy communities to en masse switch to Firefox and do the majority of their development/testing there.
But again, most of the changes that people are mad about aren't tech-specific concerns. I don't use Chrome for daily browsing; I'm mad that Google made a change that made it easier for them to spy on my parents. I'm responsible for protecting them. I'm responsible for mitigating Chrome's technical problems when they impact nontechnical users and customers that I care about.
This time, somebody decided the only clean path out was to be responsive: to make changes which reflected community concern and to tell people about them
Which I think, is good. I vastly prefer the google which tells people it listened, to the one which says it listens but doesn't tell us whats happening to the inputs we give.
(thats the one which lies behind any three-dots 'send feedback' hooks in almost any google app or s/w I use: I never get the sense anyone reads it, cares about it)
Communication about it seems to be. The actual code changes seem like they'll roll out in um... 3 or so months from now?
Looking again, yep mid-October. So, no rush then. A couple of weeks worth of extra data collection it is then.
When company and customer interest are misaligned this is the result. There are plenty of cases where a strong leader in the company with a strong ideology can hold this stuff back, but companies normally outlast those individuals and eventually there's nobody left to stand in the way.
It's wonderful that we were able to make enough noise and fuss that the cost/benefit shifted sufficiently but this will happen again, and then again, and so on... And eventually, we'll be tired of yelling or won't be able to yell loud enough.
Vote with you attention and your data and your money. Switch to Fastmail or Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another not-so-great-for-developers-anymore Apple macbook pro. Choose these options even if they aren't as good because if we don't support the handful of companies who are trying to do something other than gobble up all of our attention and data we're in for a really dark future for the web.
They're building in features that integrate their browser into their web pages.
As far as I'm aware no other major browser holder has done anything of that sort, but I'm probably missing some examples.
I imagine more and more so called convenient features might come where Chrome can suddenly install entire Windows apps, clean my files, and replace my OS. Then again, why not. Who am I to tell Google how to compete, maybe they can replace Windows with something better by gradually bloating up Chrome into an OS inside an OS.
If the HN backlash is anything to go by, a lot of people see it the same way as you (me included).
Every company will act in it's best interest not ours, particularly in the case of Google who are blatantly building out a vision of what they want the web to be for 1 singular purpose: to more closely monitor you for the purpose of selling your online activity to the highest bidder.
This much influence being concentrated is bad for the web.
Viva la revolución!
HN isn't representative of most users of Chrome. I doubt that we qualify as "a lot" to Google. An extremely vocal minority, at best.
Once you annoy enough of the tech literate, word will start to spread. Slowly, then quickly. How do you think Chrome got its foothold to begin with?
And about how Chrome got a foothold in the first place, I distinctly remember Google agressively advertising their own product on their search engine page, and bundling the binary with everything under the sun (Adobe Reader, anti-virus, etc...). Every time you installed software, there was a good chance Chrome was included with it. Tech influencers had their part in the success of Chrome, but it definitely wasn't the only factor, or maybe even the most important one.
I really want to know who the internal champion was for getting the cookies to be perma-stored in the first place. It has to be someone relatively high up and I’m genuinely curious how high it goes.
My cynicism kicks in and I feel like they know exactly what they’re doing, but the bottom line is more important than anything including causing a PR storm on HN and tech blogs.
Strip down emperor’s clothes and truly reveal the nature of big corporations and their greed to ruin everything for the benefit of the shareholders and their bonus targets - ethics, privacy and environment.
Perhaps I have a problem with extreme levels of cynicism.
Just look at the state of Android. Try being a cell phone OEM who wants to use Android but without Google integration. Impossible.
- Auto sign in and the "Google account indicator": this is almost certainly the result of discussions between the Chrome security team (security indicators, phishing, etc) and Google UX requests. Heck, they even say that the indicator was motivated by user research around session management.
- Tracking: I'm not sure what extra tracking was added to Chrome beyond the existing telemetry they've had since the beginning of the project.
- Google cookies: explained above - a reasonable idea at some manager or UX designer's local scope that got misinterpreted.
If they really wanted to sneak in goodies to supercharge their ad business, it would look a lot worse (and be a lot less obvious) than this. For instance, there's nothing stopping them* from automatically enabling Chrome Sync and removing the option for encrypted syncs tomorrow... which is another issue, but a different scope of discussion.
* Aside from their entire legal department, of course.
Tell that to Vivo, Oppo, Honor, Huawei, Xiaomi, Meizu, OnePlus, Lenovo, Qiku, Smartisan, Amazon, etc.
Not in China. Some of them have an "International ROM" with play store, but not because they have to, just for non-Chinese users convenience.
How can you have one without the other? Google services exist to drive advertising. Anything to make a Google service better for the user has a corresponding impact on Google's ad business.
We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.
There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.
Maybe I'm just being pedantic and there's no real-world difference, but I'm a little more okay with the browser creating new cookies whenever they're cleared vs not clearing cookies when asked.
Not entirely okay with it, mind you. Especially since browser logins are now two-way.
It must certainly is a stupid idea.
> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.
[1] https://chromium.googlesource.com/chromium/src.git/+/master/... [2] https://chromium.googlesource.com/chromium/src.git/+/master/... [3] https://chromium.googlesource.com/chromium/src.git/+/master/... [4] https://chromium.googlesource.com/chromium/src.git/+/master/...
I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.
Firefox is basically unusable with this bug; Facebook takes forever to load, and even Reddit r/firefox shows "A webpage is slowing down your browser" bar at the top.
Active relevant bugs are here: https://bugzilla.mozilla.org/show_bug.cgi?id=1404042 https://bugzilla.mozilla.org/show_bug.cgi?id=1429522
But apparently this has been going on for 2+ years and Mozilla hasn't been able to fix it.
Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox, it's both concerning and surprising that a bug of this proportion has gone on so long.
Edit: Jeff from Mozilla has reached out. I sent him a perf log and a screenshot. Tracking here: https://bugzilla.mozilla.org/show_bug.cgi?id=1494186
If you're actually experiencing 100% cpu usage, post a profile using https://perf-html.io/ and I can try tell you why.
1) Pick a rMBP. Any one.
2) Set display options - "more space" under System Preferences.
3) Run Firefox. Load any website. No extensions; safe mode doesn't matter.
4) 100%+ CPU, fans kick up and run high, system gets hot and slows to a crawl.
Chrome and Safari run totally fine under the same conditions.
It's documented pretty thoroughly in the first Bugzilla link I posted; the second one is an offshoot where they're trying to solve this specific issue. If you do happen to work at Mozilla, would really appreciate your help escalating.
EDIT: I now have a perf file showing significant issues when clicking on a YouTube video. It gives an error when trying to upload it to the site, but if you contact me through email (in my HN profile), I can send it over.
2) My display options are set to "more space"
3) I loaded this hackernews thread.
4) Firefox and it's child processes are using <1% cpu.
If I aggressively scroll this page I can push the cpu usage up. We have a variety of fixes in the pipeline that will help with this (https://bugzilla.mozilla.org/show_bug.cgi?id=1429522, https://bugzilla.mozilla.org/show_bug.cgi?id=1265824). That being said, only 4.7% of our users are on MacOS so it's more difficult to justify prioritizing work specific to that platform.
If that second number is substantially higher (and I personally suspect it is, but I don't have data backing that up) I think it would be very reasonable for Mozilla to prioritize MacOS. Getting web developers to use firefox makes firefox work better for everyone because it makes more sites work well with firefox.
On that note, one of the key motivators behind WebRender (our new graphics backend) is that it provides hardware acceleration across all platforms, including mac (whereas our current Direct2D acceleration works only on Windows). So Mac graphics performance should generally improve once we get that shipped.
Draw from that what you may, but I bet that dynamic is happening in other places.
However, I would like to ask... 4.7% translates to how many millions of people?
Edit: Actually I just checked and the Windows 7 machine doesn't do it any more. I'm not sure if maybe a Firefox update fixed that here. I'll double check at work tomorrow too
Edit: For people who want to compare notes: High Sierra 10.13.6, Firefox 62.0.2, resolution is set to "Default for display" (which I think does mean it's doing interpolation of some sort). Automatic graphics switching is enabled. I don't have any trouble watching YouTube videos.
I'm not sure what to say. I'm sure the issue is real, but it seems like we're missing something in the triage. There has to be something else that makes a difference.
I've got a 15" "late 2013" rMBP, set display options to "more space." I've got a total of 45 tabs open between a couple different windows (I use the userChrome hack to re-enable multiple tab rows.) Cycled between tabs, refreshed, navigated around FB, GMail, etc. Can't get the CPU to do anything out of the ordinary.
Most developers in their early 20s seems plausible, but even there, I surveyed my team’s younger cohort, and it was less than 50%.
On the flip side, I've had a recurring bug in Chrome (until very recently) where for any long running session the Browser process will consume 100% of 1 core. I've had it across multiple machines and profiles, including a completely clean profile with no extensions - I've never managed to be able to nail down the common elements.
Why?
Firefox with one tab (with gmail opened) takes 20% CPU. (and a helper process "FirefoxCP Web Content", which takes 50% CPU, wow.)
Chrome with some 20 tabs, ~4-5% with all its processes (but a lot of ram, which I am fine with)
This is for a 2015 13-inch Macbook pro.
Facebook has also replaced forums for our industry (cell phone/computer repair), so it's how we find out about the latest trends and innovations. Yesterday I used a document posted on a private FB group to fix 3 2011 15" MacBook Pros with failing GPUs (previously considered "unfixable.")
For the industry and business I'm in, there's no substitute.
Private groups on FB can be more discerning about their membership, which is also what makes them interesting.
Many of the cell phone repair groups I'm in require you to have a repair business, so the groups don't get flooded with what they call "plz bro" posts. (i.e. "How do I fix an iPhone screen?" beginner posts.)
It also forms a tighter community; we pretty much all know each other on there, so we refer business back and forth a lot, and use Messenger heavily to buy, sell, and just chat about really obscure or weird repairs that come in the door.
Personally, browsers don't need users to signin. They can sync data laterally with other instances. I suppose Google hasn't heard of bonjour.
I wouldn't use those words. I would replace that with "when the backlash is large enough"
Also I read several comments in that thread about how all of that feedback was pointless because the "vast majority of users don't care."
This type of comments always come up after anything a bad company does. You don't need the majority of users to force a change. In fact no movement ever starts with a majority.
That said, Google can no longer be trusted not to screw over Chrome users in the future. Trying to track users this aggressively and then only backing down after a large backlash doesn't really tell me that Google will be playing nice from now on.
Nice to at least see they're making it opt-out, but the damage has already been done.
I just tested again now, and took screenshots this time, and once again, it didn't automatically turn on Sync.
https://imgur.com/a/ceShKkl
I've been using Gmail without signing into Chrome. Post-update, I am signed in, but sync is still off.
Many people _purposefully_ don't want to sign into Chrome. The change suddenly signed them in, without notice or confirmation. That's problematic.
These marketing / ad tech companies masquerading as consumer products will inevitably drift toward more invasion of privacy and user exploitation.
Don't every freaking website have "Keep Me Signed In" (Don't use this on shared computer) message for decades already?
I have learned an important fact that Ad business is rotten at the core - meaning it has direct conflicts with users. Therefore, I can never come to trust any Ads businesses: Facebook, Google, Snapchat, etc and recently Adobe and Microsoft.
I’m disgusted at the state of advertisement in modern society. It ruined cable, radio, social media, road sides, magazines and the very fabric of society. Turns out that our attention has a huge price tag.
Now Google is the portal. I’m done with it.
For example, imagine a company that allows you to search the internet without ads but charging say $2.99/month fee to use it. Even if I am willing to pay, the search accuracy and ability for a small company to compete with google is nearly impossible.
So here we are. Perhaps I’ll switch to DuckDuckGo. They recently got funding and I feel like they’re “cool” right now until if they grow huge and we are back to square one.
This is the endless corporate loop we are stuck with.
But there is a huge difference now with search. Google owns one of the mobile platforms and pays the other dominant platform over $2 billion a year to be the primary search engine.
Why do you think the search engine is unable to build a model leveraging a huge number of free developers?
Blekko did get volunteers to help edit our slashtags, and duckduckgo used to have volunteers help out with their duckduckhacks.
You'll need some people too probably.
DuckDuckGo's primary selling point is privacy. If they infringe on that, they die.
Also, I just switched to an iPhone again after years of using Android, for similar reasons. Apple is scary but right now I want to distance myself from Google as much as possible.
It doesn't even require payment. Even if you don't do any user targeting at all, insurance companies will transport a Scrooge McDuck money bin full of gold bullion to your location if you can show their car insurance ads to all the people who search for "car insurance" etc. Google itself operated this way for many years.
What you need is some competitive advantage over the incumbent.
I suspect a good way to do this is to make products for more technical users. Support powerful filters and scripting and regular expressions. Expose the internals of how it works to the user. Publish the source code and let people improve it -- do for search what Red Hat does for operating systems. It's a great model here because the cost of doing the indexing is still a moat even if the search code itself is completely open.
Big companies concentrate on the mass market. They've gone so far in the direction of making things so simple and generic that literally everyone can use it that they're leaving open an opportunity for someone to capture the subset of the market willing to suffer the complexity that comes from a more powerful interface.
You don't need 99% of the users, 5% is quite sufficient. If you make that you're worth a billion dollars and have the resources to make further improvements that allow you to compete in the wider market.
That's true of any endless loop or endless cycle—they could all be aborted by a sufficiently large asteroid.
"Only on TV and radio, and in magazines, and movies, and at ball games... and on buses and milk cartons and t-shirts, and bananas and written on the sky." (And that was in 1999. The 2018 version would have to be extended: "And in our email, and in the Windows start menu, and in our phones, and on shopping carts and subway turnstiles, and maps, and video games, and in photo albums, and even inside of other ads. And the ads watched you as much as you watched them. But not our dreams.")
In the novel's world, each year is subsidized by a specific corporate sponsor for tax revenue. The years of Subsidized Time are: Year of the Whopper Year of the Tucks Medicated Pad Year of the Trial-Size Dove Bar Year of the Perdue Wonderchicken Year of the Whisper-Quiet Maytag Dishmaster Year of the Yushityu 2007 Mimetic-Resolution-Cartridge-View-Motherboard-Easy-To-Install-Upgrade for Infernatron/InterLace TP Systems for Home, Office or Mobile Year of Dairy Products from the American Heartland Year of the Depend Adult Undergarment (Y.D.A.U.) Year of Glad
I’m a huge fan of publicly funded media such as NPR and your local public radio station.
Would you rather have the children decide what they should learn in school, or the injured decide how their wound should be dressed? A fundamental aspect of our society's advancement is that we have become specialists: we almost all wear socks but very few of us would know how to make them. And even if we could, we wouldn't be able to make them quite so efficiently.
The poor—or the middle class, or the rich—shouldn't have to decide how they are being informed about the world any more than they should be expected to decide which type of stitching is used to assemble their socks.
Can we agree that mentally stable adult humans, generally, should have some agency and responsibility to choose how they consume media?
I'm not even going to respond to your second paragraph because it's almost insulting that you thought it necessary to ask.
I'm cautiously optimistic that a utility token like BAT, or some other way that people can provide micro-payments for content will win in the end. I'd gladly pay $0.25 to read a well written article on the Internet, so long as it went to the creator and didn't fund the advertising machine.
By the way, for example of not-ad-driven internet you might look at China, where podcasts is $7 bln business (direct fees and subscriptions), video blogging is of course full of celebrities promoting big brands, but for the main part is still about direct "gifts" from viewers to tens of thousands of bloggers.
First, from what I can find, the average click-through rate online for ads is something like 2%. I suspect it's even worse for smaller blogs and independent sources that don't advertise using Google.
Let's assume you're getting a dollar every time someone clicks on an ad. I think that's high, but whatever. If we were to get everyone to start paying for content, that would translate to it costing around 2 cents for you to look at a page. If you're reading 30 articles from your favorite site every month, that's 60 cents a month. So people talk about how expensive content would be, but from what I can see it probably wouldn't take a huge amount of money to give sites the same amount of support that they're getting right now.
Secondly, I think it's at least a little bit problematic to say that ads make content free. The only reason why any company would ever pay to put an ad on someone's content is if they expect to make that money back, either by encouraging consumers to buy a different product than they normally would have, or by encouraging them to buy more of a given product than they otherwise would have. Statistically speaking, you are paying for content that is ad supported. If you weren't, nobody would put ads on that content.
And I realize that sounds a little bit like splitting hairs, but I get tired of this idea that ads don't have a consumer cost. If you completely get rid of ads through ad blockers, and by not listening to radio or watching live TV, and by not using any service that doesn't give you a purchase option... it will not take long until you become re-accustomed to "normal" levels of advertising. And once you are accustomed to that, you will immediately notice on venturing back into the ad-filled world just how much time and attention and mindspace that ads demand from you.
Everyone believes that they're atypical, and that ads don't encourage them to spend more, or to buy branded products instead of generic ones, or to treat practical products like status symbols. Most people are wrong about their own abilities though. Most people are affected by advertising. That doesn't mean that advertising is evil, there are lots of good use-cases for advertising -- but it does mean that ads aren't free.
It would be very hard to gather data on this, but I suspect that if you tracked the average spending habits of people who were inundated with ads, their monthly spending would increase more than the cost of buying a few magazine subscriptions. I suspect that's even true of most people on Hackernews. If anyone has data, they're welcome to prove me wrong though.
It's a straightforward extrapolation from data.
> We are living through a period of rapid global poverty reduction. According to recent estimates, high, sustained growth across most of the developing world has helped nearly half a billion people escape $1.25-a-day poverty between 2005 and 2010. Never before have so many people been lifted out of poverty over such a brief period.
https://www.brookings.edu/opinions/two-trends-in-global-pove...
500,000,000 people, 5 years.
There are lot of people working on it (including my startup) to solve the problem that are fraught with ad-tech in general and we are making progress but there is lot of inertia in the industry when it comes to change.
I'd be genuinely excited to learn otherwise.
Perhaps it doesn't happen in the software but I work in Semiconductor industry. You can ask the same to anyone say in Fabrics industry or Electronics and they'll say the same. Trade shows are amazing and that's how advertising should be done - with respect, mutual interest and consent.
Despite all the billion dollars ML systems with gazillion of factors analyzed on petabytes of data, all we've got is 'hey, you googled for a 10uA accuracy bench multimeter yesterday! now for two weeks we will show you all the $15 multimeters ever existed! (and most of them will be the same two Chinese models with different OEM labels)'.
Look at this (don't worry, it's short one-page) thread for example of how it might be instead - https://www.eevblog.com/forum/testgear/benchtop-dmm-advise-n... - and what if the message from Tek engineer that closed a deal was actually advertising? He just posted a link to relevant appnote, that's it. What if automatical advertising system showed the same link to the same appnote as an advertising to the same user?
Consider the iPhone advertising campaign back in '07, modern smartphones would have taken another decade to take hold if Apple hadn't done such a masterful job telling people that a new category was being born.
Sometimes people will advocate 'doing your own research'. That is at odds with the fact that most people are incapable (not just disinterested in, but incapable) of evaluating all the decisions they make daily basis. Research the decisions you understand, copy someone else for the rest is the best strategy.
In that environment, even a good product needs some exposure to raise awareness that it exists. The game is more complicated than advertisers hypnotising an otherwise unwilling public.
Brand/product awareness. Sometimes you don't know what you want. And sometimes you don't know if certain product/solution exists for the problem you are facing. Believe it or not, one of my favorite apps is MyFitnessPal, I downloaded it via an ad because I was looking was health/fitness category product but never heard of MFP (few years ago before they were popular). I thought I will give it a shot and downloaded and solved my problems plus I discovered few more use cases for my health/fitness related interests.
Another example (rather misconception), "Google became famous via word of mouth". No, Google had prominent ad placement (aka powered by Google which was part of their contract) as a part of their deal with providing search on AOL/Yahoo portals. When non-tech savvy users searched on these portals they were exposed to Google and were exposed to much more superior search engine than that was available.
Of course advertisements lead to spread of new products. That just means they work, not that they are necessarily beneficial to users. Every advertiser might believe that their product is beneficial to the user and therefore they are helping the consumer by telling them about the product. In reality that cannot be true for most advertisers.
BackBlaze - I think is s great service.
Hover: Anything is better than Godaddy.
Linode: I’ve recommended it to people who wanted cheap hosting.
Casper: recommended to a college student. His parents were happy with it.
SquareSpace - anytime someone wants a website, I recommend them first.
Ting - I recommended someone check it out.
Betterment - I did my own research but I first heard about it on a podcast.
Synology: on my list when my hard drive fills up.
Eero - I don’t need it, but if someone asked me what to get, it would be the top of mind.
I think that illustates the OP's point well; you don't have need or experience of the product, but the psychological infiltration of ads means that you'll recommend it anyway.
I want to see different vendors when I decide to buy something. But when I’m on Instagram and browsing pictures, please don’t sell me a chef’s knife or a guitar.
I have no experience in marketing and advertisement. But from a user standpoint, I want to look through Yellow Pages and Vendor catalogs. Not bombarded with ads all the time. What are your thoughts?
"Push" advertising can work great as long as user is not bombarded with too many ads. Also, ad creative copy needs to be exceptional to make it work. In real work, a good example of "push" advertising model is billboard advertising or print advertising in magazines. Most people don't mind Apple ads on billboards (where they spend lot of $$) because they are done really well. Unfortunately, in push model on digital advertising is not always great due to poor quality of creatives or flashy/obstructive ads that distract users.
Instagram does advertising surprisingly well but that's may by my opinion since I have seen lot of bad stuff in ad-tech. My GF works in textiles/product design world but loves ads on Instagram since she follows certain type of accounts related to work and she gets very context driven ads, which she loves. Similar to ads that you get in high end fashion magazine. Believe it or not lot of people buy magazines like Vogue for their advertising too. You can always mute ads from accounts that you don't find relevant.
Some apps/companies are going towards providing ad free option (like Spotify) for users who don't want ads at all, I think that will get more and more traction in coming years..
Your example is still a "Push" ad. You're pushing your stuff without being asked. Looking for information on a topic is not a request for ads on that topic.
A pull ad would be an ad catalogue, or a website built purely for ads where people would go to explore for new things/services/whatever if, and only if, they wanted to.
Anyway, 90-95 % of users will probably just stick with the default value because they either don't know about the option or don't care enough to change it, hence from Google's perspective introducing it won't hurt their data collection efforts that much while they can at least say they did something to protect people's privacy. This is why I think "privacy by default" is so important, and it's sad to see that some of the largest players in the data collection space still ignore it.
Matthew Green's blogpost made it sound like Google had access to everybody's authentication cookies and cleartext passwords. Comments on both HN and cryptographyengineering.com show that this is what users actually believe now.
It certainly means that it's possible, but of course it was potentially possible before, and the code is, afaik, open source, so you're free to look and see if they really are.
As for non-tracking reasons why this change: it improves the us for users who use multiple accounts or share accounts on a single system.
Sometimes things are just because they want a more useful product.
Why? If this change doesn't impact privacy, why is having it opt out not privacy by default? How is a no-op from a privacy perspective privacy-anything?
Also, privacy by default means that no unnecessary data is created or shared between systems without asking the user first, regardless of what the purpose of this data sharing is. The Chrome browser and the Google web services are two different things, and most users will not expect that the two accounts are automatically tied together. The nice thing to do here would be to simply ask the user before syncing the logins. I suspect that the long-term goal here is to tie the browser history and search queries of more users to their Google accounts, because that information is very valuable (but also highly sensitive).
"Oh whoops we got caught. We'll give the few upset people an extra check box to revert to old behavior. But luckily no one else will ever know."
I've currently got 6 different gmail accounts pinned. So which Google account am I supposed to be signed into Chrome for?
Do you still want to play with your users, Google? It's your product and your choice. Good night and good luck
I still love the rationale for this decision:
> Over the years, we’ve received feedback from users on shared devices that they were confused about Chrome’s sign-in state.
Their solution: Let's add another state - the "sync" state - I'm sure this won't be confusing to users at all /s
Surprised to say that not much has changed with the move. I was able to find all my extensions in the firefox addons. Life continues
- Search
- Analytics
- Email
- Storage
- Android tracking
- Online video
- Chrome which is now becoming a portal to the GoogleWeb
I don't want any company to control this much of what I do online as a matter of principle.
At this point they're a victim of their own success.
Did users really need to explain this to Google? Perceptions of trustworthiness are based upon behavior, and this erodes that a bit. Not a massive amount, but enough to cast new features in a different light.
(The justification that 'most people will find this easier to understand' only goes so far and the fact it gets trotted out so often is itself concern. 'Being logged in everywhere makes your life easier!' Okay, ... and? Who else's life does it make easier and what are they gaining?)
Don't conflate Chrome sign in with any web page sign in - not even Google's own. Call that web page neutrality.
Also, I wonder if it will allow signing in with one account and syncing to another as it used to before the current mess. My use case: Keep myself signed in to G Suite Apps (Gmail, Drive, Docs, etc.) with my work address, but sync my bookmarks, extensions and settings to my personal address.
If not, the changes they announced don't help me.
Button: http://prntscr.com/kyrhrf
Email Opened: http://prntscr.com/kyri1i
Side point - the comment "email the senior product managers in charge of Chrome!" feels aggressive. It could be an email to a generic address where they sift feedback. That's hardly an unused option on the web. Is my comment here unfair?
While 100% you are correct in the point, I feel polite discourse on HN is the aspiration.
Hopefully there was also an update to the privacy policy reflecting the new meaning of being signed into chrome?
Spent hours trying to figure out how to disable automatic updates on a Mac. Everything is so deliberately hidden it's disgusting. Find com.google.Keystone.xxx, LaunchAgents, plists, edit this XML, and edit that UpdateDefault field, policies, etc. [1]
Then, being fed up with Chrome, lets see Chromium website, maybe those guys without any bad motives can provide a developer friendly way to disable updates.. It should be somewhere in about:about right? Nop, clicking on how to turn off updates guide[2] redirects to a a Google page irrelevant to auto updates..
This reminds me of the time that Chrome didnt have any password (keychain) protection and they were claiming it was a Feature!
[1] https://support.google.com/chrome/a/answer/7591084?hl=en
[2] https://www.chromium.org/administrators/turning-off-auto-upd...
Emphasis mine:
> "While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome."
Frankly, is this just more subterfuge because this is opt-out and not opt-in? Most people wouldn't really understand whatever help text you put out there. If you word it in a way that makes saying yes look like the better option, people will do so (people generally say "yes" or "ok" to any dialog because they want to get rid of them and get to work). These are dark patterns that nobody should use, least of all a company that claimed long ago "do no evil".
If signing in to Chrome is completely without any data exchange, collection, aggregation, or reporting, then please say so.
https://www.google.com/chrome/privacy/
They have two main modes:
"Basic browser mode" - for not signed-in, or for signed-in but sync disabled
"Signed-in, Synced Chrome mode" - for when sync is enabled
And the basic browser mode doesn't send anything particularly interesting to Google.
Still, it would be nice to get an official statement about that.
Sounds like a sleazy corporatespeak after covering some missteps.
It seems unnecessary however to auto-log in a person to the chrome browser when there is no such login in the first place to solve this though. It would make more sense to just display a warning when the state is inconsistent rather than start auto-logging people in (regardless of sync state).
I'm still leaving, maybe even more-so because of the false heartfelt "ok let's do it your way". I will not be patronized, we're not on the same team anymore.
"It is not from the benevolence (kindness) of the butcher, the brewer, or the baker that we expect our dinner, but from their regard to their own interest."
Regardless of motivation (which is ultimately unknowable), is the tangible response from Google adequate?
Furthermore, this is not one mistake. This is the loudest and most obvious mistake in a trail of increasingly adversarial moves.
Maybe Google's bottom line will go up, but it won't be with me, or with anyone I know if I can help it.
Anyone who accepts this as "listening the users", and addressing the issues will likely get burned again in the future.
Google is a advertising company. Their customers are not their users, and therefore I think things are unlikely to change.
Cannot be overstated. The incentive structure is clear and the subsequent evolution is happening.
Interesting concept. Care to expound? Would be interested in hearing more.
It's obvious really, and Google never denied it.
This is PR. It's damage limitation.
They will be deleting all cookies by default, how is that now privacy friendly?
The core feature itself, setting it off by default defeats the whole point of the feature, because it's for the 99.99% of users that are not power-users. It's also not a privacy issue because, again, sync is off by default.
There's the nub of the thing, and it's not just Google. Like the old song goes, everybody wants to rule the world. That is, if you have a popular service, you buy up other stuff, add on stuff you can do. Pretty soon your users have multiple accounts all over the place. You gotta go to some kind of single sign-on, right?
It's not that it's a bad idea, it's that it's the kind of idea that shouldn't apply to the universe. It's fine when it's your corporate site. Who wants to log into three dozen corporate systems? But when you get FB tracking you everywhere, Google integrating what you thought was a browsing app with it's universe of offerings....it doesn't work.
Yes, users probably wanted it, just like some of them want you to turn the damned thing off. But the key problem here is that single companies shouldn't be in the business of controlling all the information flow. Any architectural decision they make has social/political implications. For this chrome thing, they're trying to position google as the internet, not a place you go on the internet. Everybody wants to do that. And they all claim it's to help the users. But I don't want a company being the same thing as the internet, no matter what Aunt Sarah wants. It's not good for the rest of us. Add to that the way this was done, and then the engineering team being clueless?
It's not that they set out to do anything wrong. At some point, anything you do is wrong. You just have too much freaking power.
Google is at that point.
Trust and good will are finite resources Google. There will be no switching back. The horse has already left the barn.
Am I reading this correctly? When I sign out from one of the Gmail accounts I keep open, I will be signed out of Chrome? I hope this is a misunderstanding.
Anyway, I just spend 30 minutes searching for Firefox Add-ons replacements for my Chrome Add-ons and I am pleasantly surprised. A new era begins!
Okay sure... please provide opt-out or disable option for the "Account Chooser" you currently force on everyone for web login.
I don't want my credentials hanging around on the page after I click 'sign out'.
The function of remembering login details on web forms is better left up to my browser, where saved logins are remembered according to my settings and choice, per site. It's not Google's place to stomp all over the well-understood concept of "sign out", with this half-baked "sort of signed out" reinvention.
Privacy is Google’s Achilles heel. They have no other option than to collect and sell our data.
My guess is they know exactly which sites you visited so the fact you can't see the History sync feature means he's being disingenuous about it not being turned on.
And even if this isn't being used right now someone will eventually abuse that unwritten agreement between you and Google.
So that agreement is written down.
Huh? That's even more confusing. How can you easily tell whether you're actually signed in to Chrome?
(I use Chrome at work to test. I avoid it wherever possible because Google's interests do not align with mine.)
Hope you enjoy it!
Next up is "we recently made a change to simplify giving us all of your movements."
https://twitter.com/jonathanmayer/status/1044300922149588993
This is causing me to re-evaluate my personal technology stack.
“YOU told us you WANTED this.”
Gross.
Indeed they do. Personally I prefer this to having to pay a monthly fee, but others may disagree (and quality paid services do exist for them).
>Selling the data would mean losing their unique position.
That's right too. User data is their biggest asset versus their competitors.
>Btw, interesting article currently top voted at HN about ex-google employee ;)
Haven't caught it yet. If it's regarding their recent China play however, then that story concerns me too.
spin spin
google has lost it
>We deeply appreciate all of the passionate users who have engaged with us on this
If only we could believe this. The last few Chrome updates have clearly shown that Google will undermine the users' privacy in the blink of an eye whenever they see fit.
When there's enough backlash, they will apologize in a cringy way and make some minor changes to appease to the community.
I had my reservations against Chrome, but changed to it anyway, because Firefox was in a bad state at the time. Now that is no longer the case and Vivaldi seems to be quite good, too.
Goodbye, Chrome.
The pretext of this feature is supposedly that people who share computers are accidentally signed into someone else's account and this solves that, but why should this be done at the browser level?
I have a hard time believing that anyone who uses the family computer doesn't have their own account in the OS, where their Chrome profiles will be kept separate. I also have a hard time believing that this isn't just about making sure every session is authenticated to make cross-device tracking easier/possible. It's why every Google app on iOS seems to want you to log in. I think my suspicion is probably correct since they're making it opt-out rather than opt-in (knowing most won't).
What is that based on? I think it’s very unlikely on the contrary that the average “family computer” user (outside the tech bubble) would even know how to create a new Windows account, let alone bother to actually do it.
I use mostly Firefox, so what am I missing about Chrome?
I'm sick and tired of Google (as well as FireFox) and have increased the use of alternative browsers, thank you very much.
As Microsoft did with Windows 10 Google have done with Chrome they have moved the capture of telemetry and personal data from their network to the users platform.
In the case of Chrome the community have the choice to fork our platform and thank google for their contribution, but say no thanks to thier continued stuardship of it.
Sometimes I wonder if senior execs really understand how precarious open source based business models are - like politics we can vote and change the leaders if they stop acting for the common good.
Google employees. The community is... mostly users. Any fork of Chrome will likely fail, because there is no magical community of privacy minded developers that has the time and expertise to develop Chrome, which is a massive and highly complex piece of software.
If you really feel this way, just switch to Firefox. Mozilla actually has a team of developers who fix and improve it.
Note that a majority of Mozilla's funding comes from royalties paid by Google for ads clicked on SERPs inbound from the Google search box. So Google has the power to control Mozilla if they really needed to.
Google did the same with Gmail/youtube/etc ages ago, even creating a new profile if you did not have one for a particular service. No one bat an eye.