Google Chrome... updates without asking.

Last time I took apart the Google Chrome setup experience and came away disappointed that the Google Updater got left behind. This morning the Google Updater had another surprise. Well, it isn't so much a surprise as it is a departure from the norm and I'm curious what you all think about it.

The background.

The story actually starts a few days ago when there was a discussion on some mailing lists about the easiest way to crash Google Chrome. All you had to do was type ”:%” into the address bar and the whole thing would blow up. However, this morning someone noted that the crash no longer happened but was baffled since nothing had changed. It turned out that Google Chrome had been updated silently.

The details.

It turned out that ZDNet Australia had already run down the story that included a couple nice quotes from a Google representative:

Google knows best

Without a manual check, Chrome will update itself automatically, Google said. “Google Chrome will automatically checks for updates approximately every five hours. If an update is available, it will be downloaded and applied at the next browser restart,” Google said.

Google believes it’s best if Chrome applies security updates not only without a description of what’s changing, but also without an opportunity for users to decide whether to accept the patch.

”Users do not get a notification when they are updated … When there are security fixes, it’s crucial that we update our users as quickly as possible in order to keep them safe. Thus, it’s important for us to not require user intervention,” the company said in a statement.

My reflection.

Clearly fixing any security issues in the browser is paramount. But does the need for distributing security updates and bug fixes trump the user control over the software? The Google Chrome EULA grants Google the right to do just that. In fact, the update clause has its own top level number. Number 12:

12. Software updates

12.1 The Software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the Services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the Services.

But just because Google says, in an electronic document that most users never read, that they may push new software to your computer does that mean they should do so without informing the user?

I can tell you that no Microsoft legal representative I’ve talked with has ever allowed such a clause in a Microsoft product. By default, the user must always be notified that an update is available and/or required. The user must also accept the update before it can be applied. If the user chooses not to accept a required update then the product may choose not start but a silent update is never an option.

But I’ve argued (unsuccessfully) that updates should be automatic and silent by default. Of course, users should be provided the option to opt-out and require notification/approval of updates. And, of course, group policy should be respected so that businesses can manage their desktops.

Personally, I think that Google has gone a bit too far requiring silent and automatic updates. I think their current outlook will slow their adoption in enterprises (if that was even a goal for Google Chrome). Time will tell if anyone really complains about the updates. My prediction is there won’t be unless Google silently updates to a bad/broken behavior.

My question.

So, what do you think about this automatic and silent update behavior?