Firefox SECRETLY storing your login credentials?

On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?



Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

"lew" wrote

| All this about Firefox????
|
| And no one mentions that a person has to login to a google account
| in order to be able to use the Chrome browser?

It's all relative. The point is that Firefox can't be assumed
to be a safe, honest browser. Anyone who cares about
that is probably not using Chrome, anyway. I'm certainly
not. I don't have a Google account, have never used
gmail, rarely use Google search, block nearly all Google
owned URLs in HOSTS.... So your angle on it sounds to
me like someone saying, "Why are you concerned that
you were robbed? I know someone who was killed!
Count yourself lucky!"

Mayayana wrote:
Google's cookies would mean nothing if they
were stored in file cabinets. They'd only serve what they
were meant for: To carry forward data from one page
when you go to the next. Instead, with interconnected
databases, their cookies become part of a vast and
highly efficient spyware system.

Which makes this all frustrating for necessary but benign uses of
cookies. The confusion in the public among session, persistent, and
super cookies and their abuse make it difficult to design a website
where you need a specific cookie in order to properly function.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On 2018-12-09, Ken Blake wrote:
On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?



Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

Do you have Chrome installed on win10?

For several years, after Chrome was installed, when I start Chrome
there is a prompt to login to Google BEFORE Chrome would work.
On top of that, it was difficult to uninstall as Google did a lock
on being able to be deleted; had to do the "take ownership" bit
to delete it. However the latest ver that was hiddenly auto installed
by an app was easily deleted 'naturally'.

Chrome did not require me to login on my tablets as the tablets
are already signed on to Google.

You could delete Chrome/Google, download Chrome & install to
see if you need to signon before use.

On 2018-12-09, default wrote:
On Sun, 9 Dec 2018 13:20:34 -0500, "Mayayana"
wrote:

"default"

| We
| should also assume that doubleclick, the tracking site, now owned by
| google, also makes those connections.
|
| All web sites may use cookies, but they can't tie it to you unless
| you've logged in and they have your information.

It's much worse than that. Unless you block Google,
google analytics, fonts, etc in your HOSTS file then
google (and probably a 1/2 dozen other entities) is
following you everywhere you go. It's no problem
to get your ID from that data. That's what their whole
business model is: To collect as much as possible
and find out as much as possible from that.

Do you not remember the AOL leak some years
ago? I've forgotten the details, but a journalist
demonstrated how the "anonymous" data could easily
be used to identify specific people.

That's what computers are for. There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.

| Why would you care? Well there are some marketing web sites (many of
| the book a trip on-line ones do it) and they adjust the prices you see
| based on your browsing history, where you live, and/or how much money
| you have (hypothetically derived from your tastes and past purchases).
| That's assuming you aren't doing anything criminal or have some
| sexual, religious, political, or ideological bent that you might want
| to keep to yourself.

Again, you're understating the case. Most commercial
sites will customize if they know who you are. Even
things like duckduckgo. You'll see different search
results if you enable script and cookies. That's part of
the Facebook scandal: They customize each person's
"news" in order to titillate and get people to stay on
the site longer. Google also customizes news. I stopped
looking at their news years ago because of that.

Every time I think I'm getting too paranoid I'll see something that
suggests I'm no where close to paranoid, it is actually much worse
than I thought.

News-wise its better to hit Reuters, AP, BBC than let Google or
youtube tell you what they think you want to hear. I probably spend
more time vetting the sources of the news than I do reading it.

"studies show... etc." What studies, who did the study, what was
their stated agenda, how biased is the source, what questions were
asked, what was the socio-economic status of the questioned, how were
they selected, how large is the study, what part(s) of the
country/countries were polled, etc.?

Another interesting thing I found with using google search engine was
that if I put the boolean operators in the search string manually I
got different results than when Google does it. (using Google
"advanced search")

"Studies" & their claims are based on a bell curve. The problem is
that the broadness of the coverage is not disclosed & the results
at beyond the coverage area are considered non-existent. If a
person falls in the "non-existent" area, that person is considered
lying when claiming differently than the results.

When doing Google searches or other search apps, the results are
a bit different and/or in a different order if the search words
are just changed around as in changing the sequence of a
couple of the search words.

lew wrote:
On 2018-12-09, Ken Blake wrote:
On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?


Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

Do you have Chrome installed on win10?

For several years, after Chrome was installed, when I start Chrome
there is a prompt to login to Google BEFORE Chrome would work.
On top of that, it was difficult to uninstall as Google did a lock
on being able to be deleted; had to do the "take ownership" bit
to delete it. However the latest ver that was hiddenly auto installed
by an app was easily deleted 'naturally'.

Chrome did not require me to login on my tablets as the tablets
are already signed on to Google.

You could delete Chrome/Google, download Chrome & install to
see if you need to signon before use.

There should be an uninstall available with where it installed.

These are my notes on what to do.

*******

Look for the "chrome.7z" file. Next to it, should be a setup.exe.
In a command prompt window, you "cd" to the place holding
chrome.7z (approx 150MB) and setup.exe (approx 1MB).

cd /d C:\path\to\these\files

if a chromium installation:

setup.exe --uninstall

if a chrome installation:

setup.exe --uninstall --multi-install --chrome --system-level

*******

HTH,
Paul

On Mon, 10 Dec 2018 02:14:34 -0000 (UTC), lew
wrote:

On 2018-12-09, default wrote:
On Sun, 9 Dec 2018 13:20:34 -0500, "Mayayana"
wrote:

"default"

| We
| should also assume that doubleclick, the tracking site, now owned by
| google, also makes those connections.
|
| All web sites may use cookies, but they can't tie it to you unless
| you've logged in and they have your information.

It's much worse than that. Unless you block Google,
google analytics, fonts, etc in your HOSTS file then
google (and probably a 1/2 dozen other entities) is
following you everywhere you go. It's no problem
to get your ID from that data. That's what their whole
business model is: To collect as much as possible
and find out as much as possible from that.

Do you not remember the AOL leak some years
ago? I've forgotten the details, but a journalist
demonstrated how the "anonymous" data could easily
be used to identify specific people.

That's what computers are for. There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.

| Why would you care? Well there are some marketing web sites (many of
| the book a trip on-line ones do it) and they adjust the prices you see
| based on your browsing history, where you live, and/or how much money
| you have (hypothetically derived from your tastes and past purchases).
| That's assuming you aren't doing anything criminal or have some
| sexual, religious, political, or ideological bent that you might want
| to keep to yourself.

Again, you're understating the case. Most commercial
sites will customize if they know who you are. Even
things like duckduckgo. You'll see different search
results if you enable script and cookies. That's part of
the Facebook scandal: They customize each person's
"news" in order to titillate and get people to stay on
the site longer. Google also customizes news. I stopped
looking at their news years ago because of that.

Every time I think I'm getting too paranoid I'll see something that
suggests I'm no where close to paranoid, it is actually much worse
than I thought.

News-wise its better to hit Reuters, AP, BBC than let Google or
youtube tell you what they think you want to hear. I probably spend
more time vetting the sources of the news than I do reading it.

"studies show... etc." What studies, who did the study, what was
their stated agenda, how biased is the source, what questions were
asked, what was the socio-economic status of the questioned, how were
they selected, how large is the study, what part(s) of the
country/countries were polled, etc.?

Another interesting thing I found with using google search engine was
that if I put the boolean operators in the search string manually I
got different results than when Google does it. (using Google
"advanced search")

"Studies" & their claims are based on a bell curve. The problem is
that the broadness of the coverage is not disclosed & the results
at beyond the coverage area are considered non-existent. If a
person falls in the "non-existent" area, that person is considered
lying when claiming differently than the results.

When doing Google searches or other search apps, the results are
a bit different and/or in a different order if the search words
are just changed around as in changing the sequence of a
couple of the search words.

Yes, and Google looks at the context too. Search on "silva" (saliva
misspelled) you get a rugby player. Search on spit+siliva, and you
get the correct spelling of saliva.

On Mon, 10 Dec 2018 12:04:02 +0000, mechanic
wrote:

On Sun, 09 Dec 2018 08:31:17 -0500, default wrote:

Another interesting thing I found with using google search engine was
that if I put the boolean operators in the search string manually I
got different results than when Google does it. (using Google
"advanced search")

Which were better (whatever 'better' means in this context)?

I think "different" was the right word. I would have had to do a lot
of searches before I could opine as to the usefulness of one or
another. But like someone already wrote, the order in which the words
are can also affect search results. Some words more frequently appear
in the company of others and Google seems to use this fact when
producing search results.

On Sun, 09 Dec 2018 08:31:17 -0500, default wrote:

Another interesting thing I found with using google search engine was
that if I put the boolean operators in the search string manually I
got different results than when Google does it. (using Google
"advanced search")

Which were better (whatever 'better' means in this context)?

On Mon, 10 Dec 2018 09:13:25 -0500, "Mayayana"
wrote:

"default" wrote

| Every time I think I'm getting too paranoid I'll see something that
| suggests I'm no where close to paranoid, it is actually much worse
| than I thought.
|
Speak of the devil...

https://www.nytimes.com/interactive/...vacy-apps.html

Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret

Frontpage in today's NYT. Much of it is not new,
but it does go into some detail that's interesting.

Samples: IBM bought the Weather Channel so they
could cash in on location spyware advertising. And
one ambulance-chaser company actually buys location
data (from one of about 75 companies stealing it
off of phones) to send ads to people sitting in
emergency rooms!

Smart phones may be the worst devices ever for leaking information.
Every app you might download seems to want to tap into your camera,
microphone, and GPS. I do have a phone for emergencies, but it stays
off, and lives in a metalized mylar bag. I've used it once in the
past year.

Unless you have an unlocked phone or are willing to spend some time
learning to hack it, you aren't allowed to just trash the apps you
don't want.

The only apps I've added to android are for my unlocked TV box, and
downloaded them without going through anyone's "play store."

Just because the phone appears to be turned off, doesn't mean it is.
Anyone can download an app that can turn it into a surveillance
device. I figure that the alphabet agencies can do the same thing
remotely without having physical possession of the phone.

On 12/9/2018 7:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?



what could they get?? Only your login name & password
for their site --- as do all sites set up by you

"default" wrote

| Every time I think I'm getting too paranoid I'll see something that
| suggests I'm no where close to paranoid, it is actually much worse
| than I thought.
|
Speak of the devil...

https://www.nytimes.com/interactive/...vacy-apps.html

Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret

Frontpage in today's NYT. Much of it is not new,
but it does go into some detail that's interesting.

Samples: IBM bought the Weather Channel so they
could cash in on location spyware advertising. And
one ambulance-chaser company actually buys location
data (from one of about 75 companies stealing it
off of phones) to send ads to people sitting in
emergency rooms!

On Mon, 10 Dec 2018 02:07:34 -0000 (UTC), lew
wrote:

On 2018-12-09, Ken Blake wrote:
On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?



Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

Do you have Chrome installed on win10?


Yes.


For several years, after Chrome was installed, when I start Chrome
there is a prompt to login to Google BEFORE Chrome would work.


As I said, not here. I can't remember when I installed it.

On Mon, 10 Dec 2018 16:44:08 -0500, nospam
wrote:

In article , default
wrote:


Just because the phone appears to be turned off, doesn't mean it is.

yes it does.

Anyone can download an app that can turn it into a surveillance
device.

they could, but they'd have to launch it for it to take effect.

Once it is on the phone the phone can be remotely monitored it doesn't
require that the app be launched.

"Just send your spouse an image and ask him to open it. That is it."


I figure that the alphabet agencies can do the same thing
remotely without having physical possession of the phone.

no they can't

oh yes they can, unless you believe that secret FISA courts are
protecting your interests? I'm an electrical engineer, I know it can
be done just from knowing how cell phones work internally. But I
didn't know it had already been done and in 2006...

Here it is:

A recent court ruling in a case against the Genovese crime family
revealed that the FBI has the ability from a remote location to
activate a cell phone and turn its microphone into a listening device
that transmits to an FBI listening post, a method known as a "roving
bug." Experts say the only way to defeat it is to remove the cell
phone battery.

"The FBI can access cell phones and modify them remotely without ever
having to physically handle them," James Atkinson, a
counterintelligence security consultant, told ABC News. "Any recently
manufactured cell phone has a built-in tracking device, which can
allow eavesdroppers to pinpoint someone's location to within just a
few feet," he added.

http://www.ktre.com/story/5777429/co...to-spy-on-you/



Some general spyware apps that anyone can get:
https://celltrackingapps.com/how-to-...-to-the-phone/

One such app:

How To Spy on a Cell Phone Without Possession

PhoneSpector is a powerful utility app that allows you to spy on a
cell phone or any mobile device without having the device in your
possession. The app works by remotely accessing data from the target
phone (the phone you are monitoring) and displaying that data on your
cell phone, tablet or computer. PhoneSpector claims that it will
collect texts, calls, GPS, Facebook, Twitter and more from virtually
any phone.

We decided to put this sneaky little app to the test so, with the
consent of our co-worker, Tracy, we remotely connected to her phone
here in the office. You will be shocked at what we discovered!

The program was every bit invasive as you might think. PhoneSpector
gathered text messages, calls, GPS tracking information, social media
messages and pictures and just about everything else that transpired
on the phone. With the “Stealth Camera” feature we were able to
secretly take a picture using the telephones camera and have that
picture sent to the phone that we were spying from. Think of it this
way; Tracy, our consenting co-worker has her phone in her hands and I
am monitoring her phone from mine. I send a command to Tracy’s phone
telling it to take a picture. The program snaps a picture on her
phone, then automatically sends that picture to me. I can now view
that picture on my cell phone. A little creepy, but wait, it gets
worse…

With the “listen to surroundings” feature I was able to activate the
microphone on Tracy’s phone, allowing me to hear everything that was
going on around her phone. I listened to a conversation as if I were
standing there myself. There are many who will say that this is
overstepping the bounds of ethical cell phone monitoring and you might
be one who agrees, however this type of application is capable of
intrusive surveillance and it is available to the average consumer for
less than $70.

https://bestcellphonespyapps.com/can...-to-the-phone/

lew wrote:
On 2018-12-09, Ken Blake wrote:
On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?

Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

Do you have Chrome installed on win10?

For several years, after Chrome was installed, when I start Chrome
there is a prompt to login to Google BEFORE Chrome would work.
On top of that, it was difficult to uninstall as Google did a lock
on being able to be deleted; had to do the "take ownership" bit
to delete it. However the latest ver that was hiddenly auto installed
by an app was easily deleted 'naturally'.

Chrome did not require me to login on my tablets as the tablets
are already signed on to Google.

You could delete Chrome/Google, download Chrome & install to
see if you need to signon before use.

No need for all that. As Ken said, if you're not logged in you can use
Chrome without any problems. And if you're logged in and you don't want
that, you can log out:

Click your name-icon ('(F)' in my case) in the upper-right - 'Syncing
to your account email addres -

You're now on chrome://settings/people which says:

"your icon your name [Turn off]
Syncing to your mail address"

- 'Turn off' - 'Turn off sync and sign out?' - 'Turn off'. Done.