Google, security and privacy

Forums › IT Pro and developers › Google, security and privacy

Rikkitic

Awrrr
18657 posts

Uber Geek

Lifetime subscriber

#279681 1-Nov-2020 10:31

I received a Google security warning about my logins and passwords. I was surprised at how much Google seems to know about my accounts. I have many logins that are not important and I often use the same password on these. Google seems to know all of them, accounts and passwords. It also knows the passwords on some other accounts that are important, like my main email account and Geekzone. I do not have 2FA as I do not have a phone (my choice).

I rarely use Google for anything and most of the time I have it switched off in my browser. I have a Gmail account, but I only use that as occasional backup. I mostly use other search engines, though occasionally I use Google. My browser is not Chrome, but it is Chrome-based (Comodo Dragon). My OS of choice is Windows.

I can't recall for certain if I have used the same browsers to access all the web sites that Google seems to know my logins for. There are some in the list that I don't even recognise, others that I haven't visited for years. I know Google and privacy do not belong in the same sentence, but I am alarmed at just how much Google seems to know. If they have all this information, how much is accessible to others?

Admittedly, I tend to be somewhat lax about security, though not completely oblivious. I don't want to be blasted for this, but I would like to have more insight into just how Google obtains all this data. A long time ago, in the days of MS DOS, I used to be something of a hacker, and I am not completely ignorant of these things, but what knowledge I do have is very out of date. I am now elderly and my computer usage is pretty simple, just email, some news and streaming sites, and Geekzone. I don't wander the web much and I avoid shady sites. I like to keep things as simple as possible and I don't want to have to navigate all kinds of security questions or captchas or whatever every time I click on something.

So how does Google know all this, and should I be concerned that it does? As far as I can determine, it seems to know every account and password I have. I am not just talking about passwords that have been obtained from compromised databases, but also ones that haven't. Even my Geekzone password it knows, and that, with a few others, is something I have been very careful with. I would appreciate any insights anyone can offer on this.

Edit: On reflection, the above may not be clear enough. I do use the Chrome password manager to save some passwords, but I am seeing a lot on the Google account that I have never saved, and that I probably didn't access with the Google account turned on. I am wondering where that information comes from.

Plesse igmore amd axxept applogies in adbance fir anu typos

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2595858 1-Nov-2020 11:33

Google, like many other companies use https://haveibeenpwned.com as well as pwned passwords to notify the user of an insecure, breached password. In today's day and age you should be using a password manager like Lastpass, random passwords across everything, a secure master password as well as 2FA.

Check your email addresses + passwords on that site (it is secure) and do not use those passwords ever again as they're not secure and on a list.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

BlinkyBill

1443 posts

Uber Geek
Inactive user

#2595906 1-Nov-2020 16:05

Why do you think Comodo browser is any more secure than straight-out Chrome? It might be just me, but I couldn’t get their link to their Privacy policy to work - based on that alone it seems pretty Mickey Mouse, plus it’s a bit opaque on their website just what security features they actually have in the browsers. There are reports of bad behaviour on the part of Comodo the company and some advisories against using their browsers, but I only had a quick look.

Personally I wouldn’t use Comodo browsers.

I can’t answer your actual question though, but I don’t trust Google one little bit.

Jogre

182 posts

Master Geek

#2601911 11-Nov-2020 15:50

BlinkyBill:

I can’t answer your actual question though, but I don’t trust Google one little bit.

^THIS! I used to think they were pretty cool particularly when Apple was being so snobby and evil. I'm so glad that CEdge is good as it's allowing me to disentangle with Google a lot better.

The Social Dilemma is a good watch without even requiring a tin-foil hat.

MikeB4

18435 posts

Uber Geek

ID Verified

Trusted

#2601918 11-Nov-2020 16:00

Over the last couple of months I have been moving away from Google services and MSFT. I am now mostly Apple and Linux. It is interesting that since starting this I seem to be less plagued with advertising, popups and sundry other annoying things. Now this may of course be a plaecebo but it does seem to be this way. However the only real way to stay out of view on the internet is to stay off the internet something which is impossible today and undesirable. I guess cogs in a wheel we all shall be for ever and ever amen.

concordnz

472 posts

Ultimate Geek

Trusted

EMT (R)

#2601943 11-Nov-2020 16:35

Alarm bells are ringing for me.

When you say 'you received a Google Warning' what do you mean exactly - An Email? Or a prompt within Gmail?

When you say - it knows logins and passwords - how is it showing these to you? - in a warning email? Or via a link you clicked through on?

I'd be interested in knowing more, of how/where these are allegedly stored, before we can offer solid advice.

Oblivian

7296 posts

Uber Geek

ID Verified

#2601957 11-Nov-2020 16:53

concordnz: Alarm bells are ringing for me.

When you say 'you received a Google Warning' what do you mean exactly - An Email? Or a prompt within Gmail?

When you say - it knows logins and passwords - how is it showing these to you? - in a warning email? Or via a link you clicked through on?

I'd be interested in knowing more, of how/where these are allegedly stored, before we can offer solid advice.

It's totally legitimate. Addon to the latest Chrome update.

'Do you wish to save this password?' - YES

Saved in PW list (can be unhashed with windows PW)

It is now trolling that for passwords, comparing to the pwned lists and popping up. It doesn't say which password. Or what it is. But the hash matches. So tells you the associated website/acct that are all the same and advises you should login and change them.

http://security.googleblog.com/2020/10/new-password-protections-and-more-in.html

To check whether you have any compromised passwords, Chrome sends a copy of your usernames and passwords to Google using a special form of encryption. This lets Google check them against lists of credentials known to be compromised, but Google cannot derive your username or password from this encrypted copy.

We notify you when you have compromised passwords on websites, but it can be time-consuming to go find the relevant form to change your password. To help, we’re adding support for ".well-known/change-password" URLs that let Chrome take users directly to the right “change password” form after they’ve been alerted that their password has been compromised.