Privacy Alert: Browser Spell Checker Sending Passwords
Is anything we do online truly safe any longer?
Hey Guys,
I write on this Newsletter in spurts and starts. Some weeks I’ll write four articles, others I might write only one.
Privacy rights online have really taken a fall over the last decade. Cybersecurity risks and even how corporations track our activities is at an all-time high. I recently wrote about worker surveillance in an era of working from home and remote work here:
I used to write about privacy activism a lot, but as the internet became a less safe and trustworthy place, even my interest in the coverage waned. Today we have crypto FOMO and the internet is even a more fraudulent place.
However this week’s privacy concern is about a known culprit and that’s Google and Microsoft browsers. Extended spell check features in Google and Microsoft web browser settings share personal data, including passwords.
This sort of thing was actually mentioned on Reddit 9 years ago and we felt way more “angry” about it then.
Recently, in a control group of 30 websites, including some of the largest websites in the world, the research team at cyber security firm otto-js, found that 96.7 percent of those websites sent data with Personally Identifiable Information (PII) back to Google and Microsoft when enhanced spell check features in Chrome and Edge were enabled.
We are talking passwords.
Still you have to wonder about keystrokes.
Other than the standard spell check, Chrome also offers “enhanced spell check.” When you want to enable it, Google notes that whatever you type in the browser will be sent to the company’s servers to run it through advanced grammar and style algorithms.
The Microsoft Editor on Microsoft Edge and the improved built-in spell checker in Google Chrome exchange your personal information with Google and Microsoft servers, according to the Otto-JS security research team.
Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords
The world and the internet is not what it was ten or even twenty years ago, Surveillance Capitalism has become the new normal and Google, Microsoft and Apple are even more powerful than ever before. Apple has a stronger case for caring about user privacy, at least in theory.
Even with Apple killing the Ad cookie, chrome's enhanced spellcheck & Edge's MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you're logging into from either of those browsers when the features are enabled.
I don’t know about you but that does not make me feel comfortable. When it came out that Duckduckgo was sharing data with Microsoft via trackers I lost faith in it as well. How much do I even have to pay to use a browser, search and mobile device that protects and nurtures my human rights online including a basic sense of security, privacy and non-surveillance?
Over 50% of mobile devices in the U.S. are now iOS devices and maybe I finally am beginning to understand why.
I do not trust the security of Microsoft Teams or how Windows 11 forces me to use certain products associated with Microsoft. I do not want to feel bullied, coerced or manipulated into a non-privacy corner. So much of our lives are now online, if only there were companies and corporations I could trust.
Websites can apply “spellcheck=false” HTML quality to the field and prevent the password from being treated as a standard message. But according to otto-js and Bleeping Computer, many websites lack this HTML, including big social media platforms like FB. I don’t even care that much, but the principle bothers me.
In the end I doubt I’ll be even using Google and Microsoft products, so what can they collect on me if I trust them less in the future? Android phones appeared on the market in 2008, a year after the iPhone debuted, and overtook the iOS-installed base in 2010, but in 2022 iOS has taken the top spot again. This bodes well for Apple’s privacy focused future and walled garden.
You can read the warning of Otto-Js here.
Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms.
How can I trust the internet owned by so few American monopoly companies? How can they even do this or have this much control? The iPhone has made Apple the largest company in the world, with a market capitalization of $2.5 trillion. That they value my privacy, is starting to become a big deal.
DuckDuckGo, the privacy-minded search company, says it will start blocking trackers from Microsoft in its mobile apps and browser extensions, and soon its desktop web browser, following revelations in May, 2022 that certain scripts from Bing and LinkedIn were getting a pass. But now I no longer trust them either.
Upon questioning, Google said that spell check happens only if opted, and users are warned that all the data typed in goes to servers. I certainly trust Google among the least in terms of being customer-centric providers of services. As of late Google search is a horrible Ad-driven experience, where the user is barely even thought of seriously.
YouTube Ads are not only irrelevant, often they are toxic. Microsoft keeps buying up companies and then turning them into profit machines and little else. LinkedIn is truly a case in point in recent years. A totally failed experience in terms of a feed that has any professional value.
When I recently asked LinkedIn for a CSV file of my Email list of my own readers of my AI Report Newsletter, I was told that wasn’t possible. I don’t even own my own data there. Over 200,000 followers but apparently not for me to know who they even are. If I had been able to get my Email list from Medium (when I left) and LinkedIn, I’d likely have over 300,000 in my list and be among the biggest Newsletter Creators on Substack.
Sorry for the rant, but things are getting a bit out of hand in trusting these Monopolies. With Amazon, Apple and TikTok getting more into advertising, things will get a lot worse even with the disruption of the Ad duopoly of Google and now degenerate Meta (formerly Facebook).
Thanks for reading!