08/09 Update below. This post was originally published on August 7
The security of Gmail has historically been second to none, but now a bug with the email service is repeatedly pushing users to opt into a new feature with privacy compromises.
As reported by BleepingComputer, Gmail is notifying users to activate its ‘Enhanced Safe Browsing’ feature across the web, Android and iOS. On the face of it, the request doesn’t sound unreasonable: Enhanced Safe Browsing was released back in 2007 and warns users if they visit malware or phishing site.
The problems, however, are twofold. First, the notifications keep coming, even if you click the “No, thanks” option. Second, BleepingComputer wants that there’s a justifiable reason to reject it:
“While it may seem like Enhanced Safe Browsing is the better way to go, there is a slight trade-off in privacy, as Chrome and Gmail will share URLs with Google to check if they are malicious and temporarily associate this information with your signed-in Google account,” explains BleepingComputer.
Google does admit this in a 2020 Security Blog post, explaining:
“We do this so that when an attack is detected against your browser or account, Safe Browsing can tailor its protections to your situation. After a short period, Safe Browsing anonymizes this data so it is no longer connected to your account.”
On a technical level, the trade-off is understandable, but as BleepingComputer notes: “despite the promised benefits, not all users may be comfortable linking their Google account to Chrome or their browsing data to their Google account.” Moreover, Google needs to flag this information to users ahead of enabling the feature, especially given the repeated (and seemingly) broken prompts to do so.
If you have given in to Gmail’s repeated prompts and enabled Enhanced Safe Browsing but now want to reverse it, follow these steps: Go to your Google account > Security > Enhanced Safe Browsing > Manage Enhanced Safe Browsing.
I have asked Google about this problem and will update this article when/if they respond. Ultimately, Gmail users need to understand their options, not have one path repeatedly pushed upon them, regardless of their wishes.
08/09 Update: While Google has yet to respond about the Gmail notifications issue, a new report from BGR may suggest that this nagging behavior is intentional.
The site reveals that Google’s habit of showing pop-ups on every website which supports signing up via a Google account can no longer be disabled. Previously in Google accounts settings within the Security tab there was an option to disable ‘Google Account sign-in prompts’, but it has been quietly removed.
Why this was done can only be speculated upon, but it may be that Google is keen to increase sign-ups via your Google account in light of increased pressure from Facebook and Apple, which offer the same feature. But whatever the reason, just like the Gmail pressure to adopt Enhanced Safe Browsing, there needs to be greater communication around this.
BGR does suggest a workaround for the Google account popups, but it’s a drastic one: disable all popups. This can be done via Chrome: Settings > Privacy and Security > Site Settings > Pop-ups and redirects. The problem is some popups can be useful, and links in emails frequently use redirects. But at least you have the option… for now.
___
Follow Gordon on Facebook
More On Forbes
Read the full article here