Furthermore, I see all this anger about this technical decision affecting peoples privacy, but have not yet seen someone provide a good engineering solution to the problem it was trying to solve.
Example Use Case: I was contacted by my poor old mother recently who said that she was logged into "The Google" but was seeing the wrong emails! She was horribly confused.
What had happened was that my sister had checked her email on my mothers computer and forgot to log out. My mother was logged into Chrome (as it correctly said on the top right of the browser) but didn't understand that logging in/out of Gmail was a different thing.
To blame non technical users for being confused here is unfair at the least. And I'm sure there are millions of them with the same problem.
A technical user who cares about privacy can:
- not log into Google and use an external email client for Gmail
- use Gmail in incognito
- disable Chrome auto log in via the preferences (although I haven't tried this myself some people say it works, although I've seen conflicting info about if this works in future versions of Chrome).
- use Firefox (but if you are still using Gmail I'm rolling my eyes here)
I personally don't think it is too evil that Google cares more about people like my mother than advanced privacy conscious technical users.
Also I can't see how auto syncing ones account with Chrome really damages privacy any more than what is there now? If you are logged into Gmail they have your cookies while you browse the web anyway. If you privacy conscious enough that you log out of Gmail every time you are done, fair enough, but I would suggest not using Gmail at all in that case.
But most importantly I'd like to hear a better engineering solution for people like my mother?
I'm not generally a fan of the privacy hysteria around Google/FB, etc. But I think the solution here is pretty clear: Don't build a login system for your browser. It's inherently confusing.
What's confusing is having a zillion usernames and passwords for every site on the internet, and "doing it right" (which only a tiny percentage do) requires installing password manager extensions in your browser. In practice billions of users use the same insecure password everywhere including their banks.
You may or may not like the implications of centralizing authentication to a few players, but it is a massive improvement in security and usability over what we have now.
I am quite happy with this change, and hope to see "log into chrome" as the equivalent of "log into all websites that use google auth". It will simplify not only my own life, but all of my customers' lives (my B2B SaaS service uses Google auth).
Logging into your browser is not the same as logging into all the sites you use. And you certainly don't need browser login to enable it - just use OAuth. This is a solved problem.
I suggest you try spending a few hours in my support channels.
The problem is that users are confused by the fact that "logging into your browser is not the same as logging into all the sites you use". You can literally sign into chrome with one google account and then sign into google with a totally different google account. Futhermore chrome has different "people" (browsing profiles) which confuses them even more; there's three different things that look vaguely like identity here.
You think this is just fine, Mr. Oauth, but I guarantee you it's a giant mess for the 99.9% of humans who have no idea what oauth is.
Chrome usability would be significantly improved by collapsing "logged into chrome" and "logged into google" into a single thing.
It seems to me like you provided no arguments how is login-into-browser feature clarifying things. You even mentioned people being _confused_ about it.
People don't need to understand oauth to use it.
(and before you pull that one again - I am supporting technically-illiterate people quite often)
It would be a world of simplicity if I logged into the browser with my google account, a little picture of myself showed in the top right corner of the browser chrome (instead of in various places in different apps), and that identity is what was used for per-app Google auth.
I should also mention, there's another place it gets used - in Chrome extensions. That should use the same identity.
Google login then becomes one reasonable choice for "log into the internet". Right now it's too fractured to be a coherent identity.
> I should also mention, there's another place it gets used - in Chrome extensions. That should use the same identity.
That's actually good use case for the browser login feature. (when one is using some google-acc-connected extension)
But for ordinary users I don't think this solution would work flawlessly, because it is different than ones before (and users learn new things slowly).
However if that would be the actual implementation (force logging everywhere into the same acc) I agree it would be simpler for end-users. But it is not, therefore original point (browser login is confusing people) still stands. And therefore teaching users to rely on it does not seem like a good idea.
I realized that Chrome now (M69) forces the forced-logging-in solution (not sure, cannot test atm). Then my post is mostly moot (can't edit already), and for simple-users is this change probably good.
People don't need to know what OAuth is to use it. I've built and provided support for a site used by thousands of adults and even children! They rarely had problems understanding OAuth. So, maybe make a better argument than "you just don't have experience with support".
> What's confusing is having a zillion usernames and passwords for every site on the internet, and "doing it right" (which only a tiny percentage do) requires installing password manager extensions in your browser. In practice billions of users use the same insecure password everywhere including their banks.
That should be OS level. The fact that the OS does not provide good, lightweight ways for mortal users to whip up additional user-accounts for guests and family-members without breaking a lot of things should not mean that Google makes their own into the browser and adds yet-another-layer-of-login.
I log into things from my apple laptop, my android phone, and occasionally from a chromebook I have lying around. Credentials shouldn't be tied to one OS or one OS maker. I'm happier with authentication baked into Chrome, which straddles all three.
> But most importantly I'd like to hear a better engineering solution for people like my mother?
Sounds like not having to be logged into your web browser would be a good start, then you'r mother wouldn't have been confused between being logged into chrome and logged into gmail. This is a problem google created in the first place and now you're giving them credit for fixing it.
> I personally don't think it is too evil that Google cares more about people like my mother than advanced privacy conscious technical users.
They care about her so they can harvest her data and manipulate her.
Example Use Case: I was contacted by my poor old mother recently who said that she was logged into "The Google" but was seeing the wrong emails! She was horribly confused.
What had happened was that my sister had checked her email on my mothers computer and forgot to log out. My mother was logged into Chrome (as it correctly said on the top right of the browser) but didn't understand that logging in/out of Gmail was a different thing.
To blame non technical users for being confused here is unfair at the least. And I'm sure there are millions of them with the same problem.
A technical user who cares about privacy can:
- not log into Google and use an external email client for Gmail
- use Gmail in incognito
- disable Chrome auto log in via the preferences (although I haven't tried this myself some people say it works, although I've seen conflicting info about if this works in future versions of Chrome).
- use Firefox (but if you are still using Gmail I'm rolling my eyes here)
I personally don't think it is too evil that Google cares more about people like my mother than advanced privacy conscious technical users.
Also I can't see how auto syncing ones account with Chrome really damages privacy any more than what is there now? If you are logged into Gmail they have your cookies while you browse the web anyway. If you privacy conscious enough that you log out of Gmail every time you are done, fair enough, but I would suggest not using Gmail at all in that case.
But most importantly I'd like to hear a better engineering solution for people like my mother?