Google Chrome version 70 – a separation in roles with Google Accounts

When I first noticed that Google Chrome was asking me to sign in to my Google Account, I thought it was a good thing. I’m tired of always typing in passwords, and this all seems more complex than what we need.

Today, I read that Google Chrome version 70 will allow you to sign into Gmail, but it seperates the Gmail login from the persistent login for OTHER sites. I hope that I am reading this correctly. Here is a short quip from engadget:

Over the weekend professor and cryptographer Matthew Green noticed that in Chrome 69, signing into Google websites while using Chrome caused the browser to show him as signed in there as well. Concerned about the implications of tracking behavior across a browser session even though he had intentionally not signed into Chrome, he wrote about it. Google Chrome manager Adrienne Porter Felt explained that the change happened to remind users of who is signed in, and that it did not sync activity to the server under the Google profile unless additional steps were taken.

Now, in response to the feedback, Google has announced that in Chrome 70, users will be able to “turn off linking web-based sign-in with browser-based sign-in.” As Google Security Princess Parisa Tabriz writes, it will still default to on, but you can opt out of it and have an assurance that the browser is not syncing your data to the cloud in the background. It’s also changing a confusing blue button Green complained about, so that instead of just “Sync as (your name)” it clearly indicates that pressing it will turn syncing on or off.

Finally, one other change comes to the “clear cookies” function. Previously, it would leave Google authorization cookies behind so that the user would still be signed in, but now it will blow those away too.

Again, we appreciate the feedback. Here are some updates we have planned for Chrome 70: https://t.co/xpW8RyFiTn https://t.co/4HLCjeGfPY
— Parisa Tabriz (@laparisa) September 26, 2018

https://www.engadget.com/2018/09/25/google-chrome-70-sign-in-sync-privacy/

This is going to end up being a nice feature!  I enjoy having a lot of control over Authentication, I want 2-Factor everywhere.. But defining the roles for each browser and each login is necessary to say the least.

I had this hacker once, we was somehow logging into my Windows Server.  All he did was sign into Firefox, and when he signed nto Firefox, it synced passwords for Facebook, Google.  This guy had been a royal pain in my ass on several occasions he cost me dozens, if not hundreds of hours of work.

I love learning about pen-testing.  I just can’t stand it when the little hacker has to prove his strength – I just don’t get it.  99% of the hackers I’ve met tried to hack my computers, routers, wifi, etc.  I won’t stand for it.  The only respectful hacker that I know I can’t wait to see him again and fill him in on a few projects.

The thing that is really nice about the seperation of Gmail from the Google Login in Chrome, it’s nice because Google Logins are going to work in Active Directory soon. THAT is the coolest thing I have ever about. Being able to login to Active Directory (presumably only with Azure Active Directory) and use that login process to authenticate your shared resources like SharePoint, SQL Server, custom apps built with Asp.net.

To be honest, I have always hated Microsoft Logins.  A lot of times they do stuff, like disallowing the free webmail providers from being able to use the ‘Free PowerBI’.  I’m of the understanding that Microsoft allows PowerBi for ALL of their users (as long as they aren’t using Gmail, Hotmail, Outlook.com, etc.  I think that Microsoft withholding their software from CONSUMERS is a travesty.