If you do use a shared device, you should be using your own user profile on that device. Or, at least, your own browser profile.
You really shouldn't be logging into your sensitive accounts from a public device or computer anyway. Unchecking "remember me" will not make that secure, and to suggest otherwise is a bit misleading.
I feel like you're imagining scenarios you experience in a developed country. This is not representative of most people Google users in the world
Plenty of people use shared computer, especially in environments with low financial resources (ie people in developing economies, low income families in developed countries, etc). This accounts for hundreds of millions of not billions of people in the world
It's unrealistic to expect all these people to have a non-shared computer to use, and unrealistic to imagine the shared computer to be set up by someone tech savvy enough to create separate profiles for people.
If I were to pick a random library or local school in South America or Asia for example, I would bet they have a shared computer where you just sit down at a logged in windows profile
> unrealistic to imagine the shared computer to be set up by someone tech savvy enough to create separate profiles for people.
I don’t really buy this. The tech kid in the village will explain that if abla doesn’t want nene to see her mail every time then abla should use the “new private window” button when she turns on the computer.
There’s no “basic human instinct” to be able to log into mail which this change goes against. Everyone had to be taught how to open the browser in the first place. The instructions have simply changed.
I don't understand how this even helps... if the attacker (nene?) is the person who owns the computer, there is no way that "new private window" is somehow going to protect you.
If the attacker controls the computer, logging out won't help you either. First thing I'd do as an attacker is install a key logger to get the password. I assume that people who use shared computers don't have 2FA enabled.
Or even if you're just not wealthy. You could use computers at the library/school. You could only have one computer in your household (like so many of us were familiar with in the 90's). It is a bit absurd to think that everyone lives like us tech geeks where we all know more, dedicate more time and money to tech, and are going to just have more tech in our households. I think a common issue we face is not realizing that others live in worlds that we do not experience, even from the periphery (covid was a good example of this. Groups aren't homogeneous and many don't actually know someone who died of covid and someone else knows several. Reality isn't what we see happening because we have limited views).
If you are using a shared machine, then using a temporary session isn't enough anyway. You should be using a private window.
Temporary session are a weak, half-arsed solution. The author of the post is complaining because they're what he's used to, not because they're actually useful.
> You really shouldn't be logging into your sensitive accounts from a public device anyway.
This kind of functionality is required, for at least one reason: public access to computers in public libraries. So long as some government services can only be accessed online, you will need access to private email accounts from publicly available computers.
Logout after session end is quite useful in that situation, even if only as a backup to manually logging out.
Those computers typically wipe themselves with a fresh image after each user, and if they don’t you can assume they had some key logger malware that just stole your login anyway.
There is also browser ingonito mode that works perfect for this use.
1) Privacy: I have multiple accounts. I don't always want these linked to each other either. This is not only multiple Google accounts (personal and work) but also this leaks data since Google knows more about what accounts I have.
2) Security: Just because it is my computer doesn't mean it is always safe. I don't want someone to be able to login to other services just because I'm logged into one. This is akin to being logged into your password manager but with less control since you can't login to a site you need and logout of your manager. Security is often about creating barriers.
3) Centralization: power/influence grows faster than linear with respect to control. Or we may refer to this as momentum. We don't want Google, or anyone, to have control over something so important like the internet. The distribution is essential. While centralization can be good, too much can stifle innovation. That's the whole problem with monopolies (which don't need to have absolute control, but just significant).
4) Personal control: It is my computer, my data, and my accounts. Your services should be making things easier but also expand the amount of control that we have. Creating walled gardens goes back to 3. Potentially this can even create fissures. Having personal control also helps innovation. Being able to play around lets people find new ways to do new things.
I don't know that all that really makes sense to me.
1) Most people do not have multiple accounts, or at least do not care about those accounts being linked. And if you are in that situation, then you are (hopefully!) already being methodical about signing out and clearing cookies (or using a separate browser profile, private browsing, whatever). And if you aren't being methodical about this, eventually you are going to screw up anyway, no matter what the login flow or session timeout is.
2) Again, if you are worried about this attack vector (and, also again, most people probably are not), then you should be methodical about immediately signing out and clearing cookies when you are finished doing whatever you are doing. Also again, if you are not doing this, eventually you are going to forget, and succumb to an attacker.
3) Absolutely agree, but I don't see what this has to do with the persistent login issue.
4) It is indeed your computer and your data, but it is not "your" account. It is access to a remote computer system that someone else has granted you, and it is perfectly within their rights to decide how that access works. You may not like it, and that's fine: you are perfectly free to use a different service[0]. I think there are many reasons to claim that Google is a monopoly in some area or another, and that opting out of Google isn't feasible for some people, but "I don't like the login flow" is certainly not one of those reasons.
[0] Earlier this year I dropped GMail and moved my mail elsewhere, and I stopped using Google search several years ago. I've also stopped using Google's OAuth service to sign into other third-party websites, and have switched to regular email+password for any sites where I'd already signed up for an account using my Google Account. I'm working on weaning myself off of some of Google's other services, but I will admit this takes time and effort, and I'm not always up for the work involved. But that's on me, not on Google.
1) So why force it upon people? Moreso, best privacy policies means you should minimize the amount that the user needs to do. People make mistakes. You're supposed to make mistakes harder to make, not easier. The more methodical you have to be, the less privacy preserving your product is. I'm apologize, but this sounds like gymnastics to justify the outcome. Maybe you don't care about privacy? Maybe you think us privacy concerned people are nuts? But welcome to HN and welcome to the world where data privacy advocates are starting to make wins. But your argument comes off as "well sucks for you, you should have done better." A victim's actions may contribute to the danger they are in, but at the end of the day that's not the issue. The issue is that they are a victim and why this kind of discourse comes off as victim blaming.
2) Again, security practices should simplify not complexify. More complexity less security. Why force this on people? Why victim blame? Try to make fewer victims, not more.
3) Because Google (and others) are using this login method as a means of centralization and standardization. As you are breaking away from Google you're probably seeing that it isn't trivial and that there are a lot of things you lose because of it (despite HN users often saying roll your own email or saying that email is very decentralized). I would argue that Google has some blame for the difficulties to wean yourself off of them. They created a platform with the explicit intent to make it burdensome to leave. That's not ensuring competition is abundant within our communities. (3 is all big picture stuff but this does matter. I have examples if you care)
4) I get your point, but I think there's a middle ground. The bigger problem is that it is difficult to use other services. There are also websites that don't allow me to log in through any other means. (I only use the Google sign-on for a singular website which does this).
I do not feel it is okay to just dismiss these issues outright. I have the right to criticize the framework. You have the right to disagree. Google has the right to ignore my complaints/critiques. But you're not really disagreeing with my comments so much as dismissing them. Effective communication does require us to discuss in good faith with one another.
No freaking way. It is a UX component where the website asks for something every commercial site should ask users before tracking:consent. If you leave that unchecked you are telling the site you don't want it to track the device information with your account information once you sign out.
However, Google doesn't give a shit about your consent. Whether you like it or not your device information will be tracked along with your account information and they don't even need you to ever signin to begin with either.
This isn't about security, it's about liability on Google's end. But from a security perspective, many users have shares computers at their homes (and even at work) and that isn't a situation they can avoid. Even with different user profiles having the right permission means your browser profile can be accessed by someone else. Oh, and guess what? Even in america poor people use shared computers at libraries and schools and they sometimes forget to sign out of the OS account profile after closing the browser.
While I’m sure some libraries are still on very old setups, for the last 10 years or so the standard has been to throw away the entire user account between uses. If you forget to log out when you’re done, it happens when your timer runs out. This is how every library I’ve been to in recent memory has worked. Many libraries now also use thin-clients backed by VM’s, so the whole “computer” is thrown out after each use.
This was a lot more annoying before Google docs ate the world - the library computers would have large warnings that unless you saved to floppy or USB you were going to lose all your shit on logout. Many a school essay went to the great recycle bin in the sky that way.
Isn’t it overall good hygiene to have different accounts for different purposes ?
When switching Google accounts you’ll probably don’t want it to have permanent logging cookies, especially if you’re in a pinch and not in the appropriate context (e.g. looking at your family mail from your work computer to quickly get an important message)
Putting the data management responsibility on the user is kind of a dick move, at the same level as all the opt-out garbage we have to deal with.
This isn’t about security, it’s about privacy and tracking consent. Leaving “remember me” unchecked means the user only wants (the equivalent of) a session cookie, as opposed to a persistent cookie. The alternative is to have the browser delete persistent cookies on a per-site basis, or to always open a new “private mode” tab, but that is a lot less convenient to handle for the user.
If you do use a shared device, you should be using your own user profile on that device. Or, at least, your own browser profile.
You really shouldn't be logging into your sensitive accounts from a public device or computer anyway. Unchecking "remember me" will not make that secure, and to suggest otherwise is a bit misleading.