Browsers need to improve how they help people make informed choices about the information they share online. The recent changes to Google Chrome make it harder for Chrome users to understand and give consent to how their browsing information is used.

Chrome is the dominant web browser on all platforms, with about 60% of the market share as of August 2018. It is built and maintained by Google, and you can log in to Chrome with your Google account.

If you don’t log in to Chrome, information like your browsing history, passwords, and cookies are stored only on your device. This is called ‘basic browsing mode’. If you do log into Chrome, data is stored on Google servers which allows you to sync information across all your devices. Until now, this was called ‘signed-in Chrome mode’.

In previous versions of Chrome, ‘basic browsing mode’ was the default. But a few weeks ago, Google introduced an update that automatically logs you in to Chrome when you log into another Google product while browsing. Importantly, this automatic log-in does not sync your information - you have to click a button to do that. In other words, the new update creates a kind of ‘in-between’ state.

There has been lots of feedback on these changes. Some people have called it a “dark pattern”, nudging users in the direction of syncing (and therefore sharing) their browsing information.

This screenshot shows your user menu as it looks when you are automatically logged in to Chrome.
If you were to click the blue button to sync (as displayed in the previous image), the above prompt pops up in your browser. The heading states that you have turned on sync, but the text at the bottom of the prompt indicates that you have a few more choices to make before sync is turned on. Clicking ‘undo’ allows you to exit without syncing.

Others pointed out that at the time of making the changes, Google had not updated it’s privacy policy to reflect this “shadow login state”. The latest version of the privacy policy, updated on September 24th, now refers to ‘signed-in Chrome mode’ as ‘signed-in, synced Chrome mode’.

Google published a blog post providing more context. The changes were made to simplify the Chrome user interface, and make sign-in status clearer, especially for people who share a device. The goal is to “remind users which Google Account is signed in” so that people don’t “inadvertently [perform] searches or [navigate] to websites that could be saved to a different user’s synced account”. They also announced that in future versions of Chrome automatic login will be the default feature, although they will provide users the option to turn it off.

People are increasingly looking for ways to exercise more control over what information they share online. Privacy “by design and by default” is a key component of GDPR legislation. Defaults matter because informed consent is difficult to obtain in all cases. Some browsers (like Safari and Firefox) are betting that differentiation based on stronger privacy defaults will be key to increasing their market share in the future - supported by external research in the present.

However, as the Chrome example shows, strong privacy defaults can exist in tension with building a smooth, clear user experience. How should designers and engineers navigate this tension?

Companies should put in place clear principles that prioritise people’s rights and empower teams to focus on data ethics. This ensures that privacy concerns are built in to every step of the design process. More time should be spent building new design patterns for sharing information, allowing companies to explore how good design can exist alongside strong privacy controls.

People who use digital services should be able to understand how data about them is being used and provide informed consent throughout using the service. New design patterns and data ethics principles are a good starting point. These need to be adopted and applied by organisations building digital services to ensure that our digital rights are respected.