Firefox SECRETLY storing your login credentials?

On 12/10/2018 11:50 AM, Frank Slootweg wrote:

if you're not logged in you can use Chrome without any problems. And
if you're logged in and you don't want that, you can log out

I just stay logged in to Chrome when I want to be me, and use Firefox
when I want to be incognito (with javascript on-off button, StopAllAds,
and cookie/history delete button extensions). And for good measure I
have Firefox delete everything on exit.

In article , default
wrote:


Just because the phone appears to be turned off, doesn't mean it is.

yes it does.

Anyone can download an app that can turn it into a surveillance
device.

they could, but they'd have to launch it for it to take effect.

I figure that the alphabet agencies can do the same thing
remotely without having physical possession of the phone.

no they can't.

On 2018-12-10, Frank Slootweg wrote:
lew wrote:
On 2018-12-09, Ken Blake wrote:
On Sun, 9 Dec 2018 20:18:10 -0000 (UTC), lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?

Not true. I don't like and don't use Chrome, although it's still
installed here from when I tried it.

So to test what you said, I just started Chrome, *without* logging
into a Google account. No problems at all.

Do you have Chrome installed on win10?

For several years, after Chrome was installed, when I start Chrome
there is a prompt to login to Google BEFORE Chrome would work.
On top of that, it was difficult to uninstall as Google did a lock
on being able to be deleted; had to do the "take ownership" bit
to delete it. However the latest ver that was hiddenly auto installed
by an app was easily deleted 'naturally'.

Chrome did not require me to login on my tablets as the tablets
are already signed on to Google.

You could delete Chrome/Google, download Chrome & install to
see if you need to signon before use.

No need for all that. As Ken said, if you're not logged in you can use
Chrome without any problems. And if you're logged in and you don't want
that, you can log out:

Click your name-icon ('(F)' in my case) in the upper-right - 'Syncing
to your account email addres -

You're now on chrome://settings/people which says:

"your icon your name [Turn off]
Syncing to your mail address"

- 'Turn off' - 'Turn off sync and sign out?' - 'Turn off'. Done.

Thanks for the info.

Just downloaded & installed the "latest" Chrome. Now the name icon
only prompts for sync which I didn't do.

Chrome still need something for the user to use a "blank" page as
the home page. Also the clearing of data for the session should have
something for the user to exit instead of backing into the settings
page/display.

On Mon, 10 Dec 2018 19:52:11 -0500, nospam
wrote:

In article , default
wrote:

Just because the phone appears to be turned off, doesn't mean it is.

yes it does.

Anyone can download an app that can turn it into a surveillance
device.

they could, but they'd have to launch it for it to take effect.

Once it is on the phone the phone can be remotely monitored it doesn't
require that the app be launched.

yes it does.

You don't understand how microprocessors work.

The android operating system (any/every OS) is programmed into a chip.
It is not carved in silicon, it is in a "protected" area of memory,
but it can be accessed and modified.

The processor chip has to (it is a requirement) to allow for something
called interrupts where it is told to break the routine it is running
and go off and do something else. That is done on a "machine level"
(totally ones and zeros in registers - memory locations- that makes
little sense to humans)

It would be child's play for someone (with the knowledge) to integrate
a few snippets of code that runs in the background and never alerts
the operator (malicious code does it all the time - the processor
doesn't know the difference)

The phone doesn't have an on-off switch, it has a pushbutton that
sends a request to the processor to send it into a hibernate state.
(that is what "off" is to you) The battery is still connected and
still feeding a trickle of power to the processor. The uP can wake
itself periodically to check some variable (like sound, light,
movement, etc.) It can go to sleep and wake up for a few microseconds
every second or less with minimal change in battery drain.

As long as the battery is connected and charged, the phone is not off,
it is just hibernating and waiting for a button push.

The company you bought your phone from, programs them wirelessly using
wireless capability already built into wireless phones. They don't
open them up and tinker with the guts - they are sales people and
wouldn't know how, but they do know how to access your phone and
activate it even if they don't know what activation entails.

I program controllers that use all the same things a cell phone does.
I needed a device to behave differently (refuse to come on when it was
dark out). I just had it wake itself every 15 minutes and check the
light and when it sensed enough light it would allow the operator to
turn it on and become active. The operator didn't know what the
processor was doing only that it didn't do anything when it was dark.

That could just as easily been a sound and I could program it to check
for noise every second and it would still get plenty of sleep time and
not drain the battery...

A cell phone can do the same things and you would never have to know
about it. It could, for instance, record every conversation nearby
and store it digitally in a compressed format, time stamp it, stamp
the GPS coordinates, etc.. I could have it wait until it was by a
wifi, or cell phone tower, and dump the recorded conversations in one
fast burst transmission. Even if the phone was in a faraday shield it
could still be recording and only phone home when it was let out.
Minimal battery drain too....

I know you'd like to think that apps need permission and all, and IF
the people vetting the apps are doing their jobs that is true. But
you can't check the app yourself to see if it is doing what it claims.
That's where the spy apps you can buy operate. Most of them need
physical access to a cell phone to put the app on them, but once it is
on there, it can hide it's operation from the OS and the operator.

And when was the last time you read the boiler plate legal statements
laughingly referred to as "privacy statements?" You can often find
the legalese written in such a way as to allow, just what they seem to
be telling you they would never do. A team of Philadelphia lawyers
might understand privacy statements but they are often written to
obfuscate, not enlighten.

The feds can do pretty much the same things, without even having the
phone anywhere nearby; as long as it is communicating with cell towers
or wifi. They are using the same technology that the cell phone
company uses to program your phone.

Most folks get their phone and look at the pretty screen and think,
"how nice it has the weather." That weather app knows your GPS
location and it can just as easily tell someone where that phone is,
if it is part of it's program. Nearly all apps have the ability to
"update." Every time you turn the phone on, or periodically, it may
be checking for dozens of app updates and sending your location back
to someone else.

Data mining companies are big business, there's money in it.

You, my friend, are a guppy swimming in shark infested waters and are
blissfully unaware of it.

Anecdotal and Off Topic:

I consider myself pretty damn smart, but I've learned long ago that
there will always be someone smarter than me, and "If I can think of
it, someone else already has."

My wife was complaining about hard butter - as is my usual bent, I
started thinking of how I could have perfectly spreadable butter at
any room temperature. The obvious choice would be a butter dish with
a Peltier module heating or cooling it as necessary to maintain one
temperature. I started sketching then remembered "If I can think of
it, etc.." I went on-line and sure enough someone was selling Peltier
controlled heated/refrigerated butter dishes.

MOdify the statement: "If you can think of it, someone else already
has, AND THEY HAVE DONE IT."

Now those guys who have decoded the Neanderthal DNA, are just a stones
throw away from creating an actual Neanderthal person. Or are they
still a stones throw away? (and why create a living being just to
study them)

I laughed at my old man when he told me that TV sets would one day be
worn on the wrist just like the old comic strip "Dick Tracy" showed. I
knew TVs' were huge heavy things that could never fit on a wrist, yet
we have them today. Still don't have his anti-gravity scooter, but
some folks are building quad copters a person can pilot...

Technology changes faster than people adapt to it.

On Tue, 11 Dec 2018 14:26:01 +0000, "David B." "David
wrote:

On 11/12/2018 13:14, Mayayana wrote:
"David B." "David wrote

| Even if you/we THINK that a device is 'off' it COULD still be in
| communication with an outside entity.
|

I know my Tracphone is off when I turn it
off because the charge will last for months and
it can't get calls. It could certainly have some
kind of beacon in it, but that seems very unlikely.
It only cost $10.

I don't know about Android and iPhone, but I'm
guessing that people think off means the screen
is black because few people actually turn them
off. It should be simple enough to test, if you can
stand not to use your phone: Power it off. How
long does the battery last? Can it receive calls?
If it's actually off the battery should last and it
won't get calls. If it's active it has to ping the
network continually to receive calls.

Unfortunately, these news reports rarely tell
us facts. Just gossip. The NYT says 75 companies
are spying. Which companies? Which apps? They
had to find out for their article, but they won't tell
us because the NYT supports business and naming
names would rock the boat. So they just report
gossip that people will later forget.

Similarly, how does the FBI spy? The people who
talked to KTRE must know, but they've left out the
actual facts. The article author is mixing up facts.
I suspect the author actually didn't understand the
topic. "Even when it's off!" "Any recently manufactured
phone is a tracking device!" Yes. We knew that.
People use GPS. Years ago Apple was caught storing
plain text files on iPhones, documenting weeks of
location data. The news would be how the FBI is
getting the data. Malware? Stingray fake cell towers?
There may be enough Stingrays in use that everyone
is tracked by the the FBI, local police, Chinese hackers,
and Google research. Who knows? But the news media
are not telling us the actual facts. They probably
have no one on staff who can even understand
the facts.


Thank you for your comments.

There's no way for anyone here to KNOW the truth. shrug

The only way to be sure is to disconnect the battery.

I pulled apart a cell phone (someone had dropped it in the lake and it
was trash) There was a second battery in it but it looked like a
non-rechargeable one so it is probably similar to the bios battery in
a computer.

On Tue, 11 Dec 2018 09:41:23 -0500, nospam
wrote:

In article , Mayayana
wrote:

"David B." "David wrote
| Even if you/we THINK that a device is 'off' it COULD still be in
| communication with an outside entity.
|

I know my Tracphone is off when I turn it
off because the charge will last for months and
it can't get calls. It could certainly have some
kind of beacon in it, but that seems very unlikely.
It only cost $10.

exactly.

if your phone was transmitting to some outside entity, the battery
would be dead within hours.


That's only true if the phone is fully functioning. It could still
record audio with just a tiny smidgen of the power it takes to receive
and transmit. Compress the audio and transmit in a burst and you'd
never know it by the battery capacity.

you would definitely notice a dead battery when you turned it on, or
tried to.

if it received a call or text while 'off', you'd definitely know
something unusual was going on.

You wouldn't know if a background program was running. The uP is
always on. In a well designed secure system it is only supposed to be
checking the power button every few milliseconds. But off and
hibernate are not the same thing. The little controllers I like to
use have: sleep, nap, rest, and hibernate. They all save the battery
life, but there is no such thing as off. The different sleep states
are just there because some functions can be programmed to run while
the thing is sleeping...

It only shuts down when the battery drops below a certain level,
that's an automatic function designed to prolong battery life, but I
can tell it to ignore that feature and let it run until it hasn't got
enough energy to function. Not a good practice with rechargeable
batteries but acceptable for disposable batteries or super capacitors
- the chip only does what it was programmed to do.


and there's still the question how a phone that's off can be remotely
turned on by some magical signal that is received by a radio that's
off.

I don't know about Android and iPhone, but I'm
guessing that people think off means the screen
is black because few people actually turn them
off.

you guess wrong.

people are well aware of the difference between sleep versus fully off.

people don't turn off their phones because if they did, they would not
be able to receive calls, texts and push notifications. it would also
take a minute or two to boot if they wanted to use an app or call/text
someone.

It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.

they also might be listening to music, podcasts or internet radio with
the phone in their pocket, screen off.

The condition of the screen doesn't indicate what the phone is doing,
it is just there so the operator can tell what it wants you to know or
allow you to do.

On Tue, 11 Dec 2018 09:44:03 -0500, Wolf K
wrote:

On 2018-12-10 19:52, nospam wrote:
[...]
if it hasn't been launched, it's not running, so it's not tracking
anything, and if the phone is off, nothing is running and no tracking
can occur.
[...]

You're right if by "off" you power off.

However, AFAICT, most people just press the off button, which blanks the
screen and stops a few apps, but leaves the phone powered on, so that
they can receive calls/texts. After all, that's why they carry the phone.

I rarely power off my phone. A charge lasts about two days in simple off
mode. When I've activated Bluetooth, it lats about one day.

Best,

Not even off is off. The processor just sits there and periodically
wakes up and checks the condition of the push button to see if someone
is trying to turn it on.

From a design point of view, if the processor uses just a few micro
amps of current in the off state I'll let it decide when the button is
pressed. The battery capacity is on the order of thousands of
milliamp hours for the sake of argument say your cell phone is one
amp/hour, and you need 1 micro amp to monitor the condition of the
on-off switch it will take a million hours to discharge the battery.
Check my math, but that's about 114 years! The battery would self
discharge sooner, the cell phone would be obsolete sooner, and the
original owner would be pushing up daisies.

Up that to 25 micro amps while in a surveillance mode (not
unreasonable) and the battery life is cut to ~5 years.

Now, if you want Video, pictures, gps, and second by second real time
surveillance it should be noticeable to most people. But a lot has to
do with the way you do it and how current and complete the data you
are collecting has to be. A clever software designer will find ways
to maximize the battery life with various tricks in hardware and
software. If the person uses the phone or keeps it on for incoming
calls, you'd never notice the difference surveillance adds.

If your phone is a 3G tablet computer, your battery is probably going
to be in the 3,000 milliamp/hour range. The hand held phones are in
the 500-1000 range last time I checked.

Sadly, nospam, neither you - nor anyone else reading here - has ANY idea
what is or isn't actually installed during the manufacture of ANY
electronic device.

Even if you/we THINK that a device is 'off' it COULD still be in
communication with an outside entity.

Believe me! ;-)

--
Regards,
David B.

"David B." "David wrote

| Even if you/we THINK that a device is 'off' it COULD still be in
| communication with an outside entity.
|

I know my Tracphone is off when I turn it
off because the charge will last for months and
it can't get calls. It could certainly have some
kind of beacon in it, but that seems very unlikely.
It only cost $10.

I don't know about Android and iPhone, but I'm
guessing that people think off means the screen
is black because few people actually turn them
off. It should be simple enough to test, if you can
stand not to use your phone: Power it off. How
long does the battery last? Can it receive calls?
If it's actually off the battery should last and it
won't get calls. If it's active it has to ping the
network continually to receive calls.

Unfortunately, these news reports rarely tell
us facts. Just gossip. The NYT says 75 companies
are spying. Which companies? Which apps? They
had to find out for their article, but they won't tell
us because the NYT supports business and naming
names would rock the boat. So they just report
gossip that people will later forget.

Similarly, how does the FBI spy? The people who
talked to KTRE must know, but they've left out the
actual facts. The article author is mixing up facts.
I suspect the author actually didn't understand the
topic. "Even when it's off!" "Any recently manufactured
phone is a tracking device!" Yes. We knew that.
People use GPS. Years ago Apple was caught storing
plain text files on iPhones, documenting weeks of
location data. The news would be how the FBI is
getting the data. Malware? Stingray fake cell towers?
There may be enough Stingrays in use that everyone
is tracked by the the FBI, local police, Chinese hackers,
and Google research. Who knows? But the news media
are not telling us the actual facts. They probably
have no one on staff who can even understand
the facts.

On 11/12/2018 13:14, Mayayana wrote:
"David B." "David wrote

| Even if you/we THINK that a device is 'off' it COULD still be in
| communication with an outside entity.
|

I know my Tracphone is off when I turn it
off because the charge will last for months and
it can't get calls. It could certainly have some
kind of beacon in it, but that seems very unlikely.
It only cost $10.

I don't know about Android and iPhone, but I'm
guessing that people think off means the screen
is black because few people actually turn them
off. It should be simple enough to test, if you can
stand not to use your phone: Power it off. How
long does the battery last? Can it receive calls?
If it's actually off the battery should last and it
won't get calls. If it's active it has to ping the
network continually to receive calls.

Unfortunately, these news reports rarely tell
us facts. Just gossip. The NYT says 75 companies
are spying. Which companies? Which apps? They
had to find out for their article, but they won't tell
us because the NYT supports business and naming
names would rock the boat. So they just report
gossip that people will later forget.

Similarly, how does the FBI spy? The people who
talked to KTRE must know, but they've left out the
actual facts. The article author is mixing up facts.
I suspect the author actually didn't understand the
topic. "Even when it's off!" "Any recently manufactured
phone is a tracking device!" Yes. We knew that.
People use GPS. Years ago Apple was caught storing
plain text files on iPhones, documenting weeks of
location data. The news would be how the FBI is
getting the data. Malware? Stingray fake cell towers?
There may be enough Stingrays in use that everyone
is tracked by the the FBI, local police, Chinese hackers,
and Google research. Who knows? But the news media
are not telling us the actual facts. They probably
have no one on staff who can even understand
the facts.


Thank you for your comments.

There's no way for anyone here to KNOW the truth. shrug

--
Regards,
David B.

In article , David B.
wrote:

Sadly, nospam, neither you - nor anyone else reading here - has ANY idea
what is or isn't actually installed during the manufacture of ANY
electronic device.

false.

Even if you/we THINK that a device is 'off' it COULD still be in
communication with an outside entity.

nope. if it's off, it *cannot* be communicating with an outside entity.
period.

Believe me! ;-)

no.

In article , Mayayana
wrote:

"David B." "David wrote
| Even if you/we THINK that a device is 'off' it COULD still be in
| communication with an outside entity.
|

I know my Tracphone is off when I turn it
off because the charge will last for months and
it can't get calls. It could certainly have some
kind of beacon in it, but that seems very unlikely.
It only cost $10.

exactly.

if your phone was transmitting to some outside entity, the battery
would be dead within hours.

you would definitely notice a dead battery when you turned it on, or
tried to.

if it received a call or text while 'off', you'd definitely know
something unusual was going on.

and there's still the question how a phone that's off can be remotely
turned on by some magical signal that is received by a radio that's
off.

I don't know about Android and iPhone, but I'm
guessing that people think off means the screen
is black because few people actually turn them
off.

you guess wrong.

people are well aware of the difference between sleep versus fully off.

people don't turn off their phones because if they did, they would not
be able to receive calls, texts and push notifications. it would also
take a minute or two to boot if they wanted to use an app or call/text
someone.

they also might be listening to music, podcasts or internet radio with
the phone in their pocket, screen off.

In article , David B.
wrote:


There's no way for anyone here to KNOW the truth. shrug

yes there is, and it ain't from you.

"David B." "David wrote

| There's no way for anyone here to KNOW the truth. shrug
|

Speak for yourself. That's the first refuge of the lazy:

"They got ya comin' n' goin'."
"Who can keep up?"
"If you worry about [x] you'll never be able to [z]!"

On 11/12/2018 07:34, default wrote:
On Mon, 10 Dec 2018 19:52:11 -0500, nospam
wrote:

In article , default
wrote:

Just because the phone appears to be turned off, doesn't mean it is.

yes it does.

Anyone can download an app that can turn it into a surveillance
device.

they could, but they'd have to launch it for it to take effect.

Once it is on the phone the phone can be remotely monitored it doesn't
require that the app be launched.

yes it does.

You don't understand how microprocessors work.

The android operating system (any/every OS) is programmed into a chip.
It is not carved in silicon, it is in a "protected" area of memory,
but it can be accessed and modified.

The processor chip has to (it is a requirement) to allow for something
called interrupts where it is told to break the routine it is running
and go off and do something else. That is done on a "machine level"
(totally ones and zeros in registers - memory locations- that makes
little sense to humans)

It would be child's play for someone (with the knowledge) to integrate
a few snippets of code that runs in the background and never alerts
the operator (malicious code does it all the time - the processor
doesn't know the difference)

The phone doesn't have an on-off switch, it has a pushbutton that
sends a request to the processor to send it into a hibernate state.
(that is what "off" is to you) The battery is still connected and
still feeding a trickle of power to the processor. The uP can wake
itself periodically to check some variable (like sound, light,
movement, etc.) It can go to sleep and wake up for a few microseconds
every second or less with minimal change in battery drain.
[snipped for brevity only]

What a wonderful post! :-D

Thank you for educating 'nospam' (and many others too, I'm sure!)

--
Regards,
David B.

https://vxer.home.blog/2018/12/08/vxer-a-profile/