Chrome to upload passwords. Orwellian world news.

Forum Forums General Software Chrome to upload passwords. Orwellian world news.

This topic contains 11 replies, has 7 voices, and was last updated by VW Sep 21-4:16 am.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #27028
    Member
    Avatar
    ModdIt

    A new feature: When the user tries to enter a compromised password, the Chrome Browser will warn him and offer to change the password. This is done by the browser which compares the entry with the existing public breaches.
    So anyone who thinks this is a great service to the user ?, for sure a great feature for all those special instances which hold the decryption key, developed the encryption or hashing algorithm, a hashed password is not intrinsicly secure if enough information is available.
    In any case the old password will be known in real time, the new one will be compared again.
    If chrome Telemetry includes the visited websites as is our guess the feast begins.

    #27030
    Moderator
    fatmac
    fatmac

    Doesn’t sound very good – you should be the only one to know your passwords….

    Linux (& BSD) since 1999

    #27037
    Avatar
    Anonymous

    I think it’s a great feature.

    What one used to do manually every week, it’s now done automatically on every login.

    No more need to visit:

    https://haveibeenpwned.com/Passwords

    https://sec.hpi.de/ilc/search?lang=en

    … every couple of days.

    If you’re using some online service with login, you’re PW obviously must always be known to that service, so why not compare it to the “leaked PW DB” at the same time?

    Don’t worry about visited websites — everybody knows that — unless you’re using your own VPN & DNS services server.

    Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.

    #27209
    Member
    Avatar
    ModdIt

    Anyone crazy enough to upload current passwords weekly and check internet lists certainly can not be helped.
    @NoClue
    You say
    If you’re using some online service with login, you’re PW obviously must always be known to that service, so why not compare it to the “leaked PW DB” at the same time?.

    Look at the history of data safety in the internet, the conclusion must be, stay as sparing as possible with any data of importance, that includes logins to anywhere.
    BTW Most people have URL shortening enabled–see chrome usage and can not even look to see they have the right web site. I have not seen you explaining the problem of fake sites. Nothing about unsafe Ciphers enabled. No info on Web RTC. That list could be far longer.
    If you suggested changing passwords regularly that would make some sense but not easy to memorise those of sufficient complexity and length.

    If the comprimised password Database was on a local computer kept in a solid safe and with NO internet connection ever, updates from a one use only stick it might be considered good enough for some usage cases.

    You State:
    Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.
    about Internet returns: Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.
    About Internet returns Invalid Url on my browsers. I do not wonder why.

    about:about shows a list of available options if anyone is interested.
    about:plugins does not show some hidden web extensions in firefox.

    Browsers are a gift from Internet giants. Gift aptly translates to Poison in German.

    Trolls are poison to Foren, you have some good ideas and good information, for those you earn credit.
    Unfortunately you jump on new users and post diffaming crap which is very unkind social behavior. On that if you wish there can be an open discussion on fear and loathing reactions to your behaviour. Plenty of input is available from other users on that subject. I do not fear you, just wish you would use your talents to the advantage of the community.

    #27210
    Avatar
    Anonymous

    You’re again trying to discuss something you couldn’t understand, don’t you?
    Take a deep breath and go and inform yourself on how does it work.
    “Anyone crazy enough to upload current passwords …”
    There’s no uploading passwords involved in it.
    You can also download complete DB locally.
    It’s just pretty darn huge+ …
    And … needs updating.

    “Trolls are poison to Foren …”
    Here we agree completely.
    Stop trolling.
    Please?

    #27211
    Member
    Avatar
    ModdIt

    Did I write this or the man from wonderland.

    What one used to do manually every week, it’s now done automatically on every login.

    No more need to visit:

    https://haveibeenpwned.com/Passwords

    https://sec.hpi.de/ilc/search?lang=en

    Chrome does not download the database. This is a forum for people mainly using old computers which do not have terabyte storage and wanting decent information. They certainly do not find that in most of your posts.

    Just attempts to get everybody in a caucas race. In wonderland to your rules.
    Now I hope a few other users have the balls to chip in too, especially those afraid to post because of your shitty reactions. .

    Go and take a long long look in a mirror. Before you acuse anybody of trolling.

    #27216
    Member
    manyroads
    manyroads

    I am sad to say that it was probably too much to expect that “Keine Ahnung” (noclue) would be able to return to these Forums and act in a more civil manner. Rather than react to him, I recommend that you (your collective being) consider following, even if others will not or can not.

    I get a choice every time I have to open my mouth: that it can be with civility and dignity and grace – or not.
    Dana Perino

    Tragically there are too many people in this world for whom such a choice appears beyond their understanding.

    In my area of the US there are native Americans (Navajo) and I would like to share one of their ‘blessings’ with you in hopes of providing you tranquility and perspective.

    Walk In Beauty: Prayer From The Navajo People

    • This reply was modified 1 month ago by manyroads.

    Pax vobiscum,
    Mark Rabideau - http://many-roads.com
    bspwm MX-18.3 kernel: 5.2.15-antix.1-amd64-smp
    "For every complex problem there is an answer that is clear, simple, and wrong." H. L. Mencken
    MX- antiX- BL- ArchLabs

    #27220
    Avatar
    Anonymous

    @ModdIt

    You had a question:

    Chrome to upload passwords … So anyone who thinks this is a great service to the user?”

    … which I answered you with: “I think it’s a great feature.”

    There was no “jump on new users and post diffaming crap which is very unkind social behavior” in my answer, just my opinion that it’s a great feature, but there was more than just a bit of “Gift” (== Poison) in your reaction.

    So … what exactly is your problem? Too many Navajo roads or just incapable to understand how the things work (probably both)?

    The definition of “Troll” describes you perfectly.

    “Did I write … What one used to do manually every week, it’s now done automatically on every login. No more need to visit … or the man from wonderland”?

    One goes to the site, enters the email address and gets the notification if the PW was hacked –> These websites are checking if the PW´s were leaked.

    “Chrome does not download the database.”

    Chrome sends the UN/PW-field entries to Google (which is using the same DB as those 2 sites) and tells you instantly if the PW was hacked –> Google is checking if the PW´s were leaked.

    Every single bit of your internet traffic (and so your PW too) goes over some ‘third party’ and it gets intercepted (not necessary altered).

    It doesn’t bring much constructing the strongest PW’s and changing them regularly, if they later leak out from the used service DB’s.

    This leaks are happening on daily basis and every sane user want’s to know what has leaked already (and again).

    Thanks to the Google, the web (and not only web) is getting safer and more comfortable too.

    Google has one of the best (if not the best) security teams around.

    There is no OS that didn’t profit from Google.

    Incl. Linux Kernel.

    “Browsers are a gift from Internet giants.”

    Stop using them.

    P.S.
    I’m not sure if you did notice that all this is very much off-topic and doesn’t belong in here …

    #27234
    Forum Admin
    rokytnji
    rokytnji

    Read a bit of this thread. Was going to edit content. Opinions asked do not require cussing replies and personal insults and attacks.

    Keep it civil or I will step in. You won’t like it when I do. I won’t care what you like.

    So being the sgt of arms here. I am asking nice like first, to edit your posts to subject posted and leave personal insults/replies out of your posts.

    I have no opinion on this subject as I don’t get these notices. I guess my passwords are good enough lately.

    So boys and girls. Get along or I’ll start spanking.

    Sometimes I drive a crooked road to get my mind straight.
    Not all who Wander are Lost.
    Linux Registered User # 475019
    How to Search for AntiX solutions to your problems

    #27237
    Member
    Avatar
    seaken64

    Thank you rokytnji.

    I hope everyone will consider keeping silent rather than inflaming unneeded arguments.

    Seaken64

    #27333
    Avatar
    Anonymous
    #27337
    Member
    VW
    VW

    Thanks noClue and here is the url for Firefox Monitor.

    Whenever you find yourself on the side of the majority, it is time to pause and reflect.

    Mark Twain

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.