Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Chrome security/privacy questions

  1. #1
    Join Date
    Jun 2008
    Location
    Across The Pond
    Beans
    913
    Distro
    Xubuntu 16.04 Xenial Xerus

    Chrome security/privacy questions

    This morning I read "Memo from 2008: Chrome stores passwords in plain text (*gasp*)" over at Ubuntucat. The title obviously caught my attention in light of what recently happened here at the Ubuntu Forums. Even with some question as to the authenticity of this claim, I nonetheless went to take a look at my Chrome settings. I looked at "manage saved passwords."

    Mostly those passwords are for Gmail and various Blogger blogs, and in fact, blogging at Google is about the only thing I use Chrome for anymore. Because of Google's tracking policies, I have Google Disconnect enabled on Firefox, but Disconnect causes Google Blogs to display improperly, so I leave Disconnect disabled on Chrome and use it for blog visiting only. If there's a workaround for this, I'd love to know and ditch Chrome altogether.

    Also, in Chrome settings, would it cause problems to uncheck "Continue running background apps when Google Chrome is closed" under system settings?

    Lastly, is Chromium more secure than Chrome in regards to how it handles passwords?
    "Everybody is ignorant, only on different subjects." Will Rogers

  2. #2
    Join Date
    Feb 2010
    Location
    Summerwind
    Beans
    12,355
    Distro
    Ubuntu Development Release

    Re: Chrome security/privacy questions

    I use Iron which has the same settings as Chromium and Chrome. Iron has to be updated manually because there is no tracking . Iron has the sign in option, but option is the key word . I have never saved passwords in any browser so I'm used to a little extra work.

    Also, in Chrome settings, would it cause problems to uncheck "Continue running background apps when Google Chrome is closed" under system settings?
    I have always disabled this option since discovering it without noticing any difference at all.
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Manual

  3. #3
    Join Date
    Jun 2008
    Location
    Across The Pond
    Beans
    913
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Chrome security/privacy questions

    Quote Originally Posted by Frogs Hair View Post
    I use Iron which has the same settings as Chromium and Chrome.
    Thanks Frogs Hair. I installed Iron and honestly can't tell much difference from Chrome

    Iron has to be updated manually because there is no tracking.
    How do I update it manually? Something like sudo apt-get update Iron && sudo apt-get upgrade Iron?

    I have always disabled this option since discovering it without noticing any difference at all.
    Again, thank you.
    "Everybody is ignorant, only on different subjects." Will Rogers

  4. #4
    Join Date
    Mar 2011
    Beans
    680

    Re: Chrome security/privacy questions

    sig

  5. #5
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Chrome security/privacy questions

    Quote Originally Posted by Hungry Man View Post
    Totally. Owned.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #6
    Join Date
    Mar 2011
    Beans
    680

    Re: Chrome security/privacy questions

    Also any browser that can autofill passwords stores them in the clear, even Firefox with a master password. The difference is that if you haven't entered in that MP yet they're encrypted - but once you do they aren't. There's further validation with MP but an attacker with physical access can dump the memory of any user they have access to so yeah, it'll keep your friends out, but that's all.

    I suggest using Chrome with LastPass.
    sig

  7. #7
    Join Date
    May 2011
    Location
    Alternate Universe
    Beans
    45
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Chrome security/privacy questions

    Quote Originally Posted by Buntu Bunny View Post
    The title obviously caught my attention in light of what recently happened here at the Ubuntu Forums.
    Well, the key here is that we should get used to take care of our sensitive stuff like passwords and other personal/private information always, as a healthy habit, not because of some forum being hacked.

    Quote Originally Posted by Frogs Hair View Post
    I have never saved passwords in any browser so I'm used to a little extra work.
    Same here. One of the first things I always do is to uncheck the "Save passwords" option on any browser, here in my own Xubuntu system and also in the several Windoze computers I use at my workplace. To me it's just common sense. Anyone is entitled to handle this stuff the way they want, just be aware that always there's extra work to be done; if you uncheck the save password option, you'll have to type them in again; and if you check the "save" option, you'll need to take an extra care.
    "Each choice we take creates a new reality. It's another path. The road not taken." Dr. Walter Bishop

  8. #8
    Join Date
    Dec 2007
    Beans
    11,753

    Re: Chrome security/privacy questions

    Quote Originally Posted by Hungry Man View Post
    +1.

    Iron has to be updated manually because there is no tracking.
    doesn't make sense to me. What about other software that doesn't need to be "updated manually"? All spyware?

    Anyway, using Iron doesn't eliminate the password issue that OP has.
    Users can easily damage their systems by using sudo su if they aren't experienced enough.

  9. #9
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Chrome security/privacy questions

    Quote Originally Posted by Hungry Man View Post
    Also any browser that can autofill passwords stores them in the clear, even Firefox with a master password. The difference is that if you haven't entered in that MP yet they're encrypted - but once you do they aren't. There's further validation with MP but an attacker with physical access can dump the memory of any user they have access to so yeah, it'll keep your friends out, but that's all.

    I suggest using Chrome with LastPass.
    Agreed. I use KeePass myself, but LastPass is good to.

    Quote Originally Posted by Mr.Dunham View Post
    Same here. One of the first things I always do is to uncheck the "Save passwords" option on any browser, here in my own Xubuntu system and also in the several Windoze computers I use at my workplace. To me it's just common sense. Anyone is entitled to handle this stuff the way they want, just be aware that always there's extra work to be done; if you uncheck the save password option, you'll have to type them in again; and if you check the "save" option, you'll need to take an extra care.
    I think I only use the save password thing for one site and it is because I use a certain browser only for that site due to some issues it has with FF and Chrome.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #10
    Join Date
    Mar 2011
    Beans
    680

    Re: Chrome security/privacy questions

    Keypass is very good. It has some significant advantages over LastPass, like the ability to use any amount of PBKDF2 rounds for your password hashing (LastPass limits you to a very adequate 256,000 rounds). I like LastPass for the syncing and two factor authentication, but both are really good programs.
    sig

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •