This version of the site is now archived. See the next version at v5.chriskrycho.com.

Goodbye, Chrome

You're just too creepy now.

February 24, 2014Filed under techMarkdown source

Last week, Chrome crossed the line for me. I deleted it from my system to clean up its many hooks into my system—I searched out every trace of it I could find—and will put it back on my system only for testing websites. Why? Because it’s just too creepy now.

Here’s the story: two weekends ago, I was sitting at a coffee shop working on a friend’s website, when up popped a series of Google Now OS X desktop notifications from Chrome, informing me of the weather, a package having recently shipped, and so on.

There were just two problems with this:

  1. I never gave Chrome permission to do anything of the sort.
  2. I was not signed into Chrome or any Google service at the time.

Number 1 is bothersome. Number 2 is so far beyond bothersome that I took the nuclear option. Let’s walk through them.

Google apparently decided to start opting people into Google Now on the Chrome 33 Beta. Opting people into anything new is nearly always a bad idea in my view; opting someone into something that actively integrates with email, calendar, etc. without asking them is just creepy. Now, full disclosure: I had previously granted Google access to some of this data for Google Now on my Android phone (though I have since moved to an iPhone). However, as is usual for Google these days, the company took that permission in one context and treated it as global permission in all contexts.

No doubt the box I checked when I gave them access to that data in the first place legally allowed them to continue touching it. That did not particularly bother me. Rather, it was the assumption that I wanted the same kind of interactions from the service in a different context. This is typical of Google —typically un-human-friendly, that is. People do different things with their phones than with their browsers, and have different expectations of what each will do. More importantly, though, even if we might want our browsers to start supplying us the kinds of sometimes-valuable information that we get from Google Now (or Apple or Microsoft’s similar tools), we generally want the opportunity to make that decision. Increasingly, Google is making that decision for its users, leaving them to opt out and turn it off if they so desire. That is not a policy I particularly like. So: strike one. Or rather: strike several dozen, of the sort that had me moving away from Google’s services for quite some time— but it probably still wouldn’t have pushed me across the line to this kind of hard kill-it-with-fire mentality.

What did? That would be the part where Chrome started sending me desktop Google Now notifications. Without asking me. In a browser to which I was not logged in, nor logged into any Google services.

I will say that again to be clear: I was not signed into Chrome. I was not signed into any Google services in the browser. I had not allowed the browser to create desktop notifications. And it started sending me Google Now notifications for my main Google account. Worse: nothing I could do with the browser itself changed that behavior. (Unsurprising: there was no way Chrome should have been able to do that in the first place, logged out of all Google services as I was.)

Goodbye, Chrome. You’re just too creepy.

This was not the first time I have seen Chrome engage in behavior that does not respect its users. I have repeatedly run into cases where clearing the cache and deleting browsers… doesn’t. Cookies sometimes still stick around. Private browsing sessions inherit cookies from the main window (and sometimes vice versa). Closing a private session and launching a new one would sometimes still include cookies and cache from a previous session (bank accounts still logged in, etc.). Chrome had thus long been untrustworthy to me. But this was a bridge too far. This was not just slightly unnerving. It was creepy.

Call it a bug if you like. It is likely that it was, in fact, a bug. So, most likely, were the other cases I saw above. But these are the kinds of bugs that make a browser fundamentally untrustworthy, and they are the kinds of bugs that are that much creepier coming from a company whose profit comes almost entirely from selling advertising—that is, from selling user information to advertising companies. The deal was that we trusted Google not to abuse that information. Unfortunately, that deal just keeps getting worse all the time. (Pray they do not alter it further.)

I will have a copy of the browser on my system for testing purposes, but for nothing else. Goodbye, Chrome. And for that matter: goodbye, Google services. Over the course of the rest of this year, I will be moving myself completely off of all Google services (mail, calendar, etc.), with the sole exception of (non- logged-in) search. You’re just too creepy now.