Jump to content

Recommended Posts

Posted

Your browser’s built-in password manager could be exploited to share your email address with advertisers without your permission.

All the major browsers include a password manager that stores login data for future use. According to researchers from Princeton University, the trouble begins when you entered an email address in an online form and ask the browser to save it for future use, then visit another page containing a third-party tracking script. The script loads an invisible login form that your browser fills in automatically, then reads this data and sends it to the tracking company.

This time, it's personal

The email address itself isn’t necessarily what advertisers want – it’s the extra information connected to it. You use the same email address on multiple websites and devices, which means ad trackers can use it to join up pieces of information from across all your devices. This can build an alarmingly detailed profile including not only details like your location and birth date, but also sensitive information like your height, weight, health conditions and income.

Some companies don’t treat email addresses as personally identifying data if they’re hashed (turned into a random-looking series of numbers using a mathematical function) before being transmitted, but the Princeton researchers say that isn’t enough. The domain is often left unhashed, and the hash for the rest of the address can be broken in seconds using a multi-core virtual machine that can be rented for pennies.

Disable your browser's password manager

The researchers have called on Microsoft, Google and Mozilla to implement a solution quickly, but if you're worried, you can switch off your browser's password manager in the meantime.

Password manager in Google Chrome

Deactivating the password manager is straightforward in most browsers

To disable the password manager in Chrome, go to chrome://settings, scroll down the page and click Advanced. Scroll down to 'Passwords and forms', 'Autofill settings' and toggle the top switch to 'Off'.

In Firefox, enter about:preferences in the address bar, click 'Privacy & security' and uncheck 'Remember logins and passwords for websites'. You can also clear any saved form data here.

If you're using Microsoft Edge, click the menu button at the top right, select 'Settings' and scroll down to 'View advanced settings'. Toggle the 'Offer to save passwords' switch to 'Off' and click 'Manage my saved passwords' to remove any that are already stored.

Via the Independent

B0V8tLCOtG8
Posted

Use a third party tool if you need to manage passwords. Fond of Dashlane myself.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.