It’s annoying to type your personal details — name, address, phone numbers, all the rest of it — every time you need to fill out on online form.
Browser makers realized this years ago, which is why your browser spares you the tedium, helpfully filling in the blanks when you type the first letter of your name, or the first digit of your address.
But there’s always a dark side to any digital convenience, and it almost always involves a loss of privacy.
READ: Phishing scams continue to reel in new victims
Finnish developer Viljami Kuosmanen showed last week that browser autofill is no different.
Kuosmanen demonstrated that in many (not all) browsers, if you start to fill in basic information like your name and email address, all your other autofill information becomes invisibly available to the site. That can include your name, home address, credit card details and workplace, not just the limited amount of information you thought you were giving away.
If you’ve autofilled a form in a browser other than Firefox, you can give it a try on this site, Kuosmanen set up to demonstrate the problem. Global News successfully used Kuosmanen’s site on Chrome, extracting a reporter’s address after he had only put in his name and email.
Get daily National news
Firefox doesn’t have the problem, but other browsers such as Chrome, Opera and Safari do.
READ: How to avoid email phishing scams
Here’s what it looks like on the back end in Chrome:
Here’s how to turn off autofill:
- In Chrome: Settings/Show Advanced Settings/Passwords and Forms, and unclick Enable Autofill to fill out Web forms.
- In Opera: Settings/Privacy & Security/Autofill and uncheck the box.
- In Safari: Preferences/Autofill tab/ and uncheck the appropriate boxes.
- In Firefox (though this shouldn’t be as necessary): Options/Privacy. In the Firefox will: menu, uncheck Remember search and form history.
Phishing attacks, which the vulnerability opens the way to, can take several forms. Most commonly, the victim is tricked into downloading a virus by clicking on a link or email attachment. Most usually it is linked to a financial scam, but hackers possibly linked to the Russian government used a single phishing email to break into the Democratic National Committee’s email servers during the U.S. presidential election campaign.
WATCH: The warnings about them have been around for years, but people still fall victim to those bogus emails claiming your account has been compromised. And the scams have only become more clever. Anne Drewa has some advice on how to avoid phishing scams.
Comments