I don't see how having the sign-in sync turned on by default can be compatible with "privacy by design and default" as mandated e.g. by the GDPR. I wonder if they will have to offer a EU version of Chrome soon therefore.
Anyway, 90-95 % of users will probably just stick with the default value because they either don't know about the option or don't care enough to change it, hence from Google's perspective introducing it won't hurt their data collection efforts that much while they can at least say they did something to protect people's privacy. This is why I think "privacy by default" is so important, and it's sad to see that some of the largest players in the data collection space still ignore it.
Matthew Green's blogpost made it sound like Google had access to everybody's authentication cookies and cleartext passwords. Comments on both HN and cryptographyengineering.com show that this is what users actually believe now.
It's not about storage it's about tracking. If Chrome syncs your web-based login cookie with your Chrome authentication it means they will associate the data your browser generates with your user account. I don't know what they collect there but I assume it's something, as otherwise why bother to log someone in?
It certainly means that it's possible, but of course it was potentially possible before, and the code is, afaik, open source, so you're free to look and see if they really are.
As for non-tracking reasons why this change: it improves the us for users who use multiple accounts or share accounts on a single system.
Sometimes things are just because they want a more useful product.
Maybe, it doesn't change the fact that it's not privacy by default, because that would require having the user explicitly opt in to the syncing of the two sessions. That has nothing to do with wether they actually collect or transmit any data.
>Maybe, it doesn't change the fact that it's not privacy by default
Why? If this change doesn't impact privacy, why is having it opt out not privacy by default? How is a no-op from a privacy perspective privacy-anything?
Is it a no-op though? From my understanding of the privacy policy, Chrome will send e.g. search queries along with other metrics to Google even when the syncing is turned off. As these things are turned on by default it means they would get associated (or at least would be associable) to the logged in user. Is that not the case?
Also, privacy by default means that no unnecessary data is created or shared between systems without asking the user first, regardless of what the purpose of this data sharing is. The Chrome browser and the Google web services are two different things, and most users will not expect that the two accounts are automatically tied together. The nice thing to do here would be to simply ask the user before syncing the logins. I suspect that the long-term goal here is to tie the browser history and search queries of more users to their Google accounts, because that information is very valuable (but also highly sensitive).
Anyway, 90-95 % of users will probably just stick with the default value because they either don't know about the option or don't care enough to change it, hence from Google's perspective introducing it won't hurt their data collection efforts that much while they can at least say they did something to protect people's privacy. This is why I think "privacy by default" is so important, and it's sad to see that some of the largest players in the data collection space still ignore it.