Forum Discussion
Sign in with a Google account - Discussion
Hey, everyone! Thanks so much for this discussion, we've learned a lot from your comments. We'd like to first make it clear that we do not plan to integrate Google services into Microsoft Edge by default. We are considering including an opt-in experience for users to attach their Google account to Microsoft Edge but are not ready to make a decision on it just yet.
I'd like to take this time to reiterate what Elliot posted back in November: One option available to you today to use a single user identifier across the various services you use is to create a new Microsoft Account using a @gmail address.
As you know, you can currently import your data from Chrome by going to edge://settings/importData. You can also sign into Google websites and remember your password in Microsoft Edge to reduce the number of times you need to sign in. Accessing your Microsoft Edge data on-the-go is easily done by signing into Microsoft Edge with a Microsoft account and syncing with Microsoft Edge across other devices and mobile.
As always, we will update here once we have more information. Please continue to provide your feedback and suggestions around this feature; the team will continue to review feedback even if we have moved something to Not Planned.
Justmy20cents
Dennis5mile
Dennis5mile "How long do you think it would take Google to figure out how to use the door you just opened to get in and start getting everyone's info giving that they have proven over and over and over that they are NOT trustable?"
It seems to me that the answer to that question , which I do not purport to know, is almost entirely dependent on the level of security deployed by Microsoft in protecting individual user information stored in the Microsoft ecosystem, and the effectiveness of Microsoft's security measures.
As background, I think that we need to come to a common understanding of what "opt-in", in the sense that I'm talking about it, means and how it would work. Edge is by default "unGoogled", with no material links or ties to Google services. Unless and until a user elected to "opt-in", the user would remain in default configuration, with no material links or ties to Google services. If a user elects to "opt-in", then code would be added to that user's Edge configuration (through an extension or directly in the browser in much the same way that code is added to Windows 10 when a user elects to activate Hyper-V) to support browser-level integration into Google services selected by the user. The code added by a user electing to "opt-in" would not be added to the Edge configuration of any user who did not "opt-in".
Assuming that is our common understanding of how "opt-in" would work, it seems to me that:
(1) Microsoft-stored information of a user who did not "opt-in" would not be at more risk than the information would otherwise be at risk. Without a link into Google services, Google would have no direct way to track the user's information, so the only point of compromise would be through a hack of Microsoft's servers on which the user's information is stored.
(2) Microsoft-stored information of a user who did "opt-in" would be at more risk than the information would otherwise be at risk, indirectly, it seems to me, because "opt-in" opens the user's browser to direct tracking by Google, and that makes it more likely that Google would be able to collect information about that user's activities, including browser-based activities within the Microsoft ecosystem. The information stored on Microsoft servers would be (assuming that Microsoft protects that information with a reasonable level of security) at no more risk of a hack than otherwise, but the user's browser-based activities could be collected by Google, with the effective result that Google would be able to gather some or all of the user's information stored on Microsoft servers, even though information stored on Microsoft servers would not have been directly compromised.
A question I have (and don't know the answer to) is whether "opt-in" (which is not currently supported) adds risk over and above allowing users to sign into Google services (gMail, gMaps and so on) through Edge without "opt-in" (which is currently supported). As we both know, ties into Google services are persistent and pervasive. I think that we have to assume that signing into Google services increases risk, whether or not a user "opts-in", and Edge -- to be blunt -- lacks basic security measures (containers, for example, which allow a user to isolate Google websites from the rest of the browser) to mitigate the risk that Google tracking extends beyond the Google ecosystem if a user signs into a Google account. As I said, I don't know, but I don't see the risks of "opt-in" are higher than the risks of "sign-in" without "opt-in".
I don't know what to say beyond that. Obviously any information stored online (in the Microsoft ecosystem, the Google ecosystem, with Amazon and other retailers, with Facebook, Twitter and other social media, and with other online sites that use cookies to collect and/or store user information) should be considered at risk. Security is never perfect and often not adequate. I trust that Microsoft's security is tight, but I operate on the assumption that Microsoft's security will be breached sooner or later and that some or all of the information that Microsoft collects and stores with respect to my MSA and/or online activities within the Microsoft ecosystem will be exposed.
The bottom line, though, is this: I don't think that allowing some Edge users to "opt-in" to Google services changes the risk equation for Edge users who do not "opt-in", assuming that the "opt-in" option is properly configured so that "opt-in" code is added to the browser upon demand rather than embedded.
