Changes in Chrome 69 to Login to Chrome Behavior

Google made a change in Chrome 69 to log a user out of Chrome when they log out of a Google service (e.g. Drive, Mail etc.) in the webpage. When a user logs of a Google service AND the user has actively enabled chrome Sync, then Chrome Sync is paused, and Sync is resumed when they log into a google service with the same google account. This change does not automatically enable Sync when logging in to a Google service if the user has not enabled Sync in the first place. The feature is called  “Identity consistency between browser and cookie jar”. This feature has been in place since 2015, but the default was set to OFF. Chrome 69 changed the default to on and like all Chrome Flags, It can be disable by entering chrome://flags/, in the browser omnibox and changing the setting.

Identity consistency between browser and cookie jar
When enabled, the browser manages signing in and out of Google accounts. – Mac, Windows, Linux, Chrome OS, Android
#account-consistency

But for most people who have multiple Google accounts, (or share a computer without bothering to create separate OS logins or Chrome user profiles),  this is a beneficial safeguard to avoid accidentally syncing data from one account to the wrong account.

 

There has been some confusion online about how this feature behaves and what notice is provide, so I decided to do a structured test on G Suite for education (it appears to behave the same in consumer GMail but I have not had the time to do a similar set of test)

Testing Methodology:

1.Install Virtualbox, Download Windows 10 developer, download Chrome 69, create a new user in G Suite for Education

2.Upon Initial Run Chrome offers the following Choice

 

3. If you choose get started it adds the checked items to your start page as links, if you choose No Thanks, it is takes you to the google homepage and offers a tour and recommends a privacy checkup

4.If you click sign in to gmail it takes you to the login

5. User inputs their password

 

6. User is prompted to save their password (this is always been Chromes default)

 

7. If this is a NEW G Suite account the user is presented with the G Suite TOS.

 

8. At this point the user is logged in to their Google account, AND logged into the chrome browser and but they are Not syncing

 

9. The status of Sync can be confirmed under settings. The button action is to start syncing IF the user clicks the button

 

10. You can confirm the sync status by going to chrome://sync-internals/, the user is not logged in to sync

 

Clicking the “types”  tab shows no elements syncing

 

11. If you click Sync as <user> you receive this prompt

12. If you click “OK I got it” Chrome syncs everything

13. If you click settings you can edit which items are synced.

14. Checking chrome://sync-internals/, confirms the user is logged in to sync and the sync is running (green table)

15. If you sign OUT of a goggle property the browser pauses syncing, presumably to avoid the user accidentally syncing activity from a different google account and gives them the option to re-sign in

 

16. If the user signs in to a google property , it resumes syncing

__________________________________________

NOTE: Secondary Profile Behavior

The biggest difference in using this with a secondary profile is the disclosure that is given when you click Sync As