Security Issue - Sign Into Chrome in Public Places

[Josh Jensen]

Greetings,

I wanted to bring this up because I've noticed a bit of an issue. Many times when I am at the public library or any public place for that matter I sign into Chrome. One bit I've realized is if I fail to sign out many others don't realize that the browser is logged in and without thinking click to remember passwords. Inadvertently I have captured many email addresses with passwords. I'm not sure of a work around. One option maybe having a version of Chrome that doesn't offer to sign into the browser. There are many less savvy people that never notice that small button in the upper right.

Just a thought, thanks!

-Josh

[PhistucK]

Public places can (I am not so sure that they should, since it can sometimes be crucial to get the password to a website. Though maybe you can do that using the online Google account page?) set a policy that disables Chrome Sync and help their users not make those mistakes.

I think you can revoke permissions for Chrome Sync on other sessions using the Google account security settings. That will not completely mitigate the issue (they will still be able to access your old synchronized data, but not new data).

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+unsubscribe@chromium.org.

[Julian Pastarmov]

Hi,

In general using a browser or any other software that accepts input on a public computer is never safe because the data can be hijacked at so many levels. 

Chrome indeed has some mechanisms to make it easier for users and administrators of such machines to use the browser safer - starting with Incognito mode for users so that the data entered in the browser is not stored on disk. The administrator can adjust the links to chrome to always start in incognito mode for example. A few administrative policies like "Disable Sync" or "Force ephemeral profiles" can make the browser safer even with non-incognito profiles because the data is guaranteed to not leek outside of the started browsing session. Eventually since Chrome can not control the OS and the hardware this is only a soft guarantee anyways. 

Much better guarantees are provided with ChromeOS running in the special "Public session" mode where data is stored in a way that can not be extracted without tampering with the casing of the machine. Also those sessions have automatic expiration timers so that even absent-minded users that simply walk away without signing off can be sure that unless somebody is stalking them will have their data cleared after them.

I think you as a more tech savvy user can help to improve the situation by raising awareness of the issue to the organizations owning such machines and demanding a better solution than the current one.

Cheers,

Julian

☆PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.