Hacker News new | comments | ask | show | jobs | submit login
Never connect to ProtonMail using Chrome (reddit.com)
461 points by dredmorbius 88 days ago | hide | past | web | favorite | 275 comments

I would make the advice more general: avoid dealing with Google.

Recently I had to install Hangouts app on the Android phone (it was easier than using it on desktop because I don't have the latest Chrome). One has to register a Google Account in order to use it, and I had to answer a lot of questions as if I was applying for a visa, including a phone number (of course I used a fake number) and date of birth. Then the app displayed a terms of service page with boring legal text. But I noticed that there was a small button to show more details, and when I clicked it, the page expanded and I saw checkboxes (lot of them), most checked by default, like "share my location with Google" or "record web & app activity". Of course, I turned all of them off and thought that I am smarter than a typical user that would not even see these checkboxes.

It turned out, I have been tricked too.

First, the Hangouts app somehow added this newly created account into all other Google Apps, so Google Play (which I have never used before) has started itself up and said that I need to update several apps (no, I don't) and then Mail App said that I got an email (this boring kind of email they put into your inbox upon registration). Also, Hangouts app added this new Google Account into the phone settings. And enabled sync for everything - including contacts.

Luckily, I mostly use phone as a dictionary and it didn't have any personal information - but if it had, it would be irreversibly copied into the Google Cloud.

These settings are not easy to find. For example, to learn about sync, you have to go to Settings -> Accounts -> click word "Google". Only then you will see that your data are being uploaded to Google. Google doesn't even give a warning, let alone asks you whether you really need it. To disable location tracking you need to notice a tiny button at terms of service page or find it at the settings. I am sure that most of users don't even realise that they've agreed to be under constant surveillance by Google.

I must admit, Google is good at sucking data out from people and deceiving them. After all, it employs smartest people on the planet.

This looks like a good reminder that Google isn't just a loose bunch of tools, they have developed a full integrated ecosystem.

If it's not what you want then it is overly intrusive and exceptionally hard to manage so you control just the functionality and personal security you want.

Most end users, I think, just want something to work and are happy for all the magic to just happen. When you embrace it a lot of what it does is very clever and very useful. Most people I know who have embraced it just find the integration fantastically useful and don't have most of the concerns the more technically aware people do.

While your right that most end users just want it to “work” you have to wonder about informed consent.

But people that has embraced it but later finds themselves in a different situation in life, needing to hide from a previous spouse realises a bit late how much information is out there now. Just because you are paranoid doesn't mean someone isn't out to get you.

I find I can replace just about everything Google makes except for Google Docs & Google Sheets. I wish I could find self-hosted, open-source versions of those, which I would install on my own server. I can just use desktop apps and sync the files through my server with git or rsync when I'm the only user (but using multiple clients), but as you're saying about the general public, for sharing with friends and family, Google's solution works so much better....

Maybe LibreOffice online would fill the role? It is still pretty new, but showing great potential. https://www.libreoffice.org/download/libreoffice-online/

Sorry I'm late getting back to this, but thanks for the suggestion. I hadn't heard of an online version of LibreOffice, so I'll definitely check it out. I really hope there will be a way to have the benefits of server-based word processors and spreadsheets without handing our private data to people whose business is profiling us.

I just went to create a google account to see for myself because this sounds egregiously bad. I think you are exaggerating quite a bit:

* Phone number is clearly marked as optional and it says they use it for security. (Of course, Facebook said the same thing, and look how that turned out...) * The only information requests that I think are unnecessary are date of birth (they say because some services are age restricted), and gender (which "rather not say" is an option for). * The page you are referring to is not really boring legal text, it's pretty plain English that is easy to understand, and there's not a lot of it. I think average people can read it easily in 1-2 minutes. * The "location history" option is off by default. * It is true that the options are in a "more options" folded thing at the bottom of ~2 pages of text. This sucks, but looking at the whole page in context, it's not nearly as bad as you made it sound.

> And enabled sync for everything - including contacts.

I think this only applies to new contacts created within your google account, and not local phone contacts. I learned this the hard way when my contacts did not sync from my old phone when I wanted them to.

> To disable location tracking you need to notice a tiny button at terms of service page or find it at the settings. I am sure that most of users don't even realise that they've agreed to be under constant surveillance by Google.

This was off by default for me.

> Phone number is clearly marked as optional This is not always the case, Google may arbitrarily decide to make it obligatory for you (if they find some "suspicious" pattern).

> date of birth required

US law has some requirements on accounts created by minors which essentially means you must check the age for people creating new accounts, and you must not allow accounts for people < X years (but are not allowed to tell them up front).

I don't entirely understand where exactly this applies, i.e. why you can create accounts on some sites without giving your age. It might only apply in some telecommunication accounts cases, or maybe (possibly more likely), Google is one of the few companies subject to scrutiny here, so everyone else just flies under the radar.

> I don't entirely understand where exactly this applies, i.e. why you can create accounts on some sites without giving your age.

That law is called COPPA ("Children Online Privacy Protection Act"). It applies to sites dedicated to children (as per https://www.ftc.gov/tips-advice/business-center/guidance/com...). As Google uses one and the same account for all its services including YouTube, all Google accounts are potentially "dedicated to children" (YouTube IIRC has even a special section for videos suitable even for toddlers).

You need to be at least 13 to use Google or YouTube, so they don't have to respect the intricacies of COPPA.

The very action of enforcing the "need to be at least 13" is respecting what COPPA demands.

Interesting. There are many children who watch youtube that are younger than this. At the pediatric dentist they even had it playing on overhead TVs while they worked.

Are they really making a product that caters to very young children while claiming for legal purposes no children can use it?

No,children can use YouTube. However, the TOS prohibits them from making an account. A parent can set up an account, or they can use it without logging in.

But if the user is over 18 then you need only the year without month and day.

If the user is 17.8 years old you need the month. If the user is 17.95 years old, you need the day.

You don't need anything, just the user's affirmative confirmation in response to the prompt, "Are you 18 or older?"

and what happens after 6 months, or a year? you keep nagging the user if it's 18 or not?

People don't age backwards, so the question doesn't need to be asked again.

UPDATE: Location sharing is off by default.

> Phone number is clearly marked as optional

That is because your IP has a good reputation. For me registering a Gmail Account from Firefox looks like this [1]. Note that the text is misleading (this is not for my security, this is to prevent bulk registration).

> date of birth (they say because some services are age restricted)

If the user is over 18 you don't really need the day and month, year is enough.

> The "location history" option is off by default.

Ok, I deleted Google Account from phone (with two scary warnings that some of my data will be deleted from the phone), deleted Hangout's cache, forced stop it and tried to repeat the registration again. I made screenshots for every screen. If anyone needs, I can upload all of them.

It is weird, but this time Google didn't require me to confirm a phone number while it requires a number if I use a desktop browser and it required a number previous time. The phone is connected to Internet via desktop, so it has the same external IP. This is suspicious and might mean that Google has recognised my phone.

Here's what I observed:

- Google warns that it can exchange my device info (IMEI?) with a phone company [2] if I enter my phone number. Do phone companies sell data to Google?

- Terms of usage are written in a plain language, but they are three screens long and important options are hidden behind a spoiler [3]. Note that the button is named "More options" instead of "Choose what I share" or "No, I don't want to share" or something like this. Google doesn't really want you to click it.

- By default, "Save web & app activity" is enabled [4], and it includes "searches and associated information, such as location and activity from sites, apps and devices .... like Chrome history, for instance...". I don't understand whether this really means that they collect my browsing history and location or they meant something else (like stats calculated from those data).

- Saving Youtube search and watch history is enabled by default [5]

- You are right, location and voice history are off by default

- Backup to Google Drive is enabled by default [6][7][8]. I don't understand what it does, and what Google means by "data". Does it include all files in /sdcard? That would be scary and I definitely don't want it. Also, I don't remember if I saw this previous time. I had to retry registration several times late at night, I was tired and I could accidentally forget to disable it which would explain why contacts sync was enabled. Maybe it was my fault. But I am not sure.

- Note that the description of "Backup to Google Drive" is hidden behind a spoiler

- I checked whether sync is enabled and couldn't really understand anything. One screen says "Sync is OFF" [9], but another says "Last synced on xxx.xxx" [10]

- In detailed Google Account settings I found out that Google will save "contact info of people I interact with in Google Products" [11]

So you were right about location history - it is disabled by default. But there are so many settings and it is so easy to forget to disable anything. I wish I could update original comment for clarity.

[1] https://i.imgur.com/5lqfvWc.png

[2] https://i.imgur.com/4KOYlFW.png

[3] https://i.imgur.com/Wy9ZCp8.png

[4] https://i.imgur.com/xsaKJ3e.png

[5] https://i.imgur.com/5InPwMQ.png

[6] https://i.imgur.com/jpq0GBj.png

[7] https://i.imgur.com/7XjfCst.png

[8] https://i.imgur.com/LEynSlX.png

[9] https://i.imgur.com/LepQPnZ.png

[10] https://i.imgur.com/eHDuzY0.png

[11] https://i.imgur.com/qHNA2vP.png

> If the user is over 18 you don't really need the day and month, year is enough.

But if the user is 18, you need them. It would be a really weird UI if it changed this dynamically... I wouldn't expect anyone to implement that.

> I don't understand whether this really means that they collect my browsing history

That's what it means. You can look at the data google is storing at https://myactivity.google.com/myactivity

But I still hate that Google took my account from Hangouts and added it to all other Google Apps on the phone.

Because Google doesn't work that way. You don't have a Hangouts account, you have a Google account, which you added to your phone, not Hangouts.

If you have Google Play installed (doesn't matter if you ever use it) then you'll also have Play Framework or whatever they call it, and that probably has permission to just about everything.

If you have an Android phone and don't trust Google then what their apps ask for seems a bit irrelevant - you've almost certainly already given them whatever you don't want them to have.

I had Google Play, but I didn't have Google Account set up on the phone. And it is not like I have much choice - iPhones are overpriced (I don't think is is a good idea to spend over $600-900 for just a phone) and even less open and I trust Apple as much as Google.

> I trust Apple as much as Google

I trust Apple more when it comes to privacy, because there is hard proof they are more trustworthy. Note that I'm not saying they can be trusted 100%, but they are far, far better at protecting their users' privacy than Google. Of course, that's a given considering Google's entire existence is based on selling your information to advertisers, whereas Apple makes their money when you buy their hardware.

Honestly, there is no practical way to not end up in some company's database somewhere unless you eschew all 20th and 21st century tech, live in a cave, and forage for food. Even then you're bound to end up in a news story on the Internet if you're ever spotted, even if it's just Weekly World News talking about another Bigfoot sighting.

> I trust Apple as much as Google

This sounds like a religious view rather than one based in any evidence.

Cannot edit the post, so here is an update:

- I have rechecked and "Location sharing" is off by default, although "Share web & app activity" is on by default and it can include "searches and associated information, such as location and activity from sites, apps and devices .... like Chrome history, for instance..."

- I might accidentally forget to turn off "Backup to Google Cloud" when registering because I had to retry the registration several times and was tired. This would explain why sync was enabled. But I don't remember it clearly.

I recently talked with a peer about it and I was quite surprised. Googles move to log into chrome by default was just the tip of the iceberg what was already there. I never really noticed that google already is trying hard to merge/force all apps to run via a android login. While times have been fun and painless migrating to a new phone it is not what I asked for. It is even more worrying that google cripples their apps with this. I wonder if google one day turns unproductive when they have to untangle all that mess.

Agreed. Avoid Google services. Wrote a post about how to do it: https://righteousruminations.blogspot.com/2018/09/migration-...

Thanks for sharing this post!

I installed maps.me to give it a try... Very surprised that one of the settings is "Use Google Play services to determine your current location"

Because the location provider from Play Services is an alternative to having the GPS turned on and gives an approximate location. There are some replacements like this by Mapzen https://github.com/lostzen/LOST

Depending on where you live (like the US) your telco is happily selling of data. So unless you have your phone in airplane mode your location is out there.

Jesus that is such a god-awful dark pattern. It kinda breaks my heart to read this. I guess I'm locked into the iphone ecosystem for a while, despite their exorbitant prices. Sigh.

Too bad that Ubuntu phone died on the vine.

Purism is making a promising go at this right now though!

Also I have experimented a little and found something more. If I delete Google Account from the phone, force stop Hangouts, clear its cache and try to log in with that account again, Hangouts shows this screen [1] with "Back up to Google Drive" option enabled again.

I tried twice - and every time Google sets this option on by default even if I had disabled it previous time.

Of course, this might be not intentional - maybe the enable sync flag is not stored at Google server.

[1] https://i.imgur.com/7XjfCst.png

Not really a Google thing. They all want your data- the tech industry is rotten to the core. Every app is tracking you, copying your contacts .

If you care about privacy these days:

Remote self-destructible VM for browsing with Firefox in incognito mode (only sites you NEED to, that REQUIRE JS), through multiple VPNs over multiple proxies.

Everything else is command line HTML parsers (also on different, remote VMs), or API endpoints (HN API as an example?).

Need email service? Self-hosted, tiny email-server somewhere in eastern Europe. DDNS etc.

Local machine is always clean. Imagine you had to have iPad as your primary work machine? Very similar spiel.

Good thing is that most of it can get into a habit very quickly and most tedious parts can be automated :)

Keeping it up offline? Cash-only, prepaid phones (these give you internet access as well, 80$ no contracts, activate, use 20GiB until the end of the month, discard the phone, destroy and repeat), prepaid debit for "card required" purchases.

Easy-peasy! no idea what people are complaining about....

The sarcasm is spot on. These things are so easy to a tiny subset of experts who seem incapable of stepping into the shoes of normal people. It's always frustrating when I want to improve privacy or security and it's just an "easy" but not actually, mess.

Let's Encrypt is probably the great example of actually getting it right. But normal people won't really ever need it.

Didn't even realise this was sarcasm until about the end--this is actual advice you'd find on /g/.

> Everything else is command line HTML parsers (also on different, remote VMs), or API endpoints (HN API as an example?).

This is somewhat how Richard Stallman uses the internet:

> I am careful in how I use the Internet.

> I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/git/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).

> I occasionally also browse unrelated sites using IceCat via Tor. Except for rare cases, I do not identify myself to them. I think that is enough to prevent my browsing from being connected with me. IceCat blocks tracking tags and most fingerprinting methods.

> I never pay for anything on the Web. Anything on the net that requires payment, I don't do. (I made an exception for the fees for the stallman.org domain, since that is connected with me anyway.) I also avoid paying with credit cards. For freedom's sake, insist on paying cash. When a business pressures you to pay in an identified way, that means your help as a citizen is needed: say, "If you won't take my cash, no sale!"

Source: https://stallman.org/stallman-computing.html

> Remote self-destructible VM for browsing with Firefox in incognito mode (only sites you NEED to, that REQUIRE JS), through multiple VPNs over multiple proxies.

I hope you're just joking since layering up multiple VPNs doesn't provide any privacy by design. The best way is to use disposable Whonix VMs in Qubes OS.

I like Qubes but without Rutkowska at the helm, it’s future is uncertain

1. This is orthogonal to the topic at hand. If you only trust a project with Joanna Rutkowska at the helm, neither Qubes nor any "desktop" system out there offers what you want.

2. The Qubes team has been doing a great job so far, and Joanna has not been directly involved for about a year now. Marek and Andrew Wong are the ones I notice the most on the mailing list and on github, but there is a big team[1] that has gotten Qubes to where it is today.

[1] https://www.qubes-os.org/team/

Not the world-wide-web that was first dreamed of, eh?

That collaborative one.

That sharing one.

That innocent one.

But thank the universe we still have it.

I wonder these days how much of an illusion this was.

A free-to-use global computer network borne of a military projects programme with all communications in the clear by default, centralised in a country with a highly active global foreign policy. Hmmm. Looking at it like that it seems Google and Facebook are just picking up where the other guys left off.

But yeah still glad we have it though.

This doesn't prevent hotels you've stayed at, car dealers, utility companies, banks, ISPs and others from selling your data.

Also, in Russia (and many other countries as well) you cannot legally buy a SIM card without an ID. And Digital Ocean doesn't accept some virtual debit cards and suggests that I use a real credit card (so that they can charge me even if I don't have money).

So, don't use Digital Ocean? They are far from the only fish in the sea[1]. Vultr stands out, they offer Bitcoin and WeChat Pay as alternative payment options to the usual Paypal and credit card methods, and they have an awesome ISO library that includes OpenBSD. They aren't the only provider with those options but they are my go-to.

[1] https://lowendbox.com/

vultr requires credit card verification before you can pay using bitcoins

Ahh, I wasn't aware of that as I haven't used BTC with them. Thanks!

I use local self-hosted email service. I do think public API endpoints would be good thing to have, and/or other protocols, that you will have command line programs to use. (That is one reason I invented remote virtual table protocol, although other existing protocols can also be used for many purposes; in some cases, HTTP is best anyways, too. And some protocols are too complicated! That is why to have a simpler one, such as httpdirlist instead of WebDAV.)

> I use local self-hosted email service.

What are you using? Do you have any advice for setting this up?

I've been using Protonmail for a couple of years, and while I'm generally fairly happy with it, I'd really like to self-host my email in my home. Aside from the technical experience, my understanding is that the US court system sees data stored on your own hardware in your own home very differently than data that you've entrusted to the care of a third party outside your home - the former is protected by the Fourth Amendment while the latter is not.

I use Exim and Heirloom-mailx (although you can use a different user program, since the server is only Exim).

On the Debian setup menu, I selected smarthost, to use the ISP's server for sending (required because of the way the internet service works; your own service is still used for receiving). And then, in order to reduce spam, modified the configuration so that only aliases can be used and not real usernames, and set up several aliases in the /etc/aliases file, so that a different one can be used for each service or correspondent. I then set up the router to allow incoming SMTP connections.

(If necessary, you may need to disable NAT with your internet service provider. If they won't let you to do this, or won't allow arbitrary port numbers, then it isn't a real internet service.)

why eastern Europe?

Heh, the Netherlands is enough. No one gets stuff from some of those vps providers.

Netherlands is part of the 14 Eyes...

Except the government and the police, just like every other country.

With heaps of oversight and red tape.

Both the government and the police oversee themselves, the secret service has access to whatever they want and the tax office is even allowed by the courts to demand whatever they want. It’s for security and if that doesn’t work it’s for the children.

GDPR rules? Less money for government oversight?

Through multiple VPNs over multiple proxies?

RTFA - the user discovered that chrome was sending all text from all webpages to the translate service.

The advice in the thread isn't "never connect to protonmail using Chrome." It's "don't use Chrome".

100% agree. Firefox is so good now, there's really no excuse.

Unfortunately, Firefox makes my MacBook Pro frying-pan hot whenever a web page is a serious, JavaScript-heavy web app (e.g., Google Docs, Twitter, prob any significant desktop app in web app form) or anything with a lot of moving images (video, D3, any sort of "visualization"). Chrome and Safari run cool and comfortable.

So, I would just use Safari, except that as a dev, I need the vastly superior dev tools, extensions, and customizability of Chrome and FF.

So now I have to juggle browsers, trying not to get burned by Google, burned in a whole different way by FF, and trying to get things done in Apple's "no preference settings for you, because Apple's preferences are all that matter" design ethos.

Firefox runs cool on my bottom of the range, pre-2018 Air, with a few exceptions: Slack, the new Gmail (not classic). The new Gmail interface pushed me back to the old days of native IMAP clients, and Slack runs hot on Chrome so I'm between a rock and a hard place there.

Furthermore, we're discussing a major con of using Chrome in this thread, so I'd be happy to take a minor trade-off or two to avoid that (especially if that trade-off is partly down to Google crippling their own service perf-wise in non-Google browsers).

What kind of sites are taxing Firefox other than the well-known offenders? Given you're on Pro and I've no issues with an Air, it's likely a GPU issue that could be remedied with some config tweaks.

> there's really no excuse.

I hate when people say this, of course there are valid reasons why not to use Firefox. For example Firefox can't play videos smoothly on my hardware (yes, this issue has been reported), that's a dealbreaker for me.

> the user discovered that chrome was sending all text from all webpages to the translate service

That's what they claimed, not what they discovered. What they discovered was that Chrome was sending emails created in a specific webmail client to a translation service. Language detection is done client-side; text is only sent to the translation service if the client decides it's in the wrong language.

For my use cases (websites, # of tabs, add-ons) Chrome is faster than Firefox without a doubt. I still use Firefox for most things because it is usually good enough.

Safari is not bad too, ITP 2 is even better.

And if you don't like Firefox Quantum for its own egregious privacy issues, you can use Waterfox. The next major Waterfox release will have all the speed enhancements of Firefox Quantum without the privacy issues.

What are Firefox Quantum's egregious privacy issues? All I'm aware of is the encrypted DNS experiment which is a huge, unqualified privacy win. I'm not aware of anything it does that's objectively worse than the privacy catastrophe which is the status quo.

Perhaps you are angry because it doesn't send your DNS requests in the clear to Google's service? Perhaps you are angry because you don't like encrypted communication protocols?

Perhaps you are making assumptions without merit?

Off the top of my head, forced telemetry (even if you turn it off in about:settings some stuff gets reported back to Mozilla); Pocket and Sponsored Tiles, the former sends Mozilla the URL and form data for every site you visit, the latter has complete access to your browsing history so it can show you "relevant info"; Adobe DRM and Encrypted Media Extensions (some people don't like any DRM in their browser, I don't have an issue if it's trustworthy but you're asking so I'm listing); and a minor, easily corrected nitpick but they went back to Google as their default search engine. My problem with that is every update (so far) ignores user settings and changes it back. This can lead to unexpected unwanted searches via Google.

Literally all of these are (debatably) controversial from a PR perspective, not from an actual privacy perspective. Most of them aren't even privacy issues, which suggests to me that you haven't even researched them.

More generally, if any of these things actually offend you, I'm sorry to tell you but you're not the audience for a web browser—after all, general web browsing is far, far worse. Every website you visit gets your IP address and your user agent string. Ooooh noooo.

This is making a lot of assumptions about GP's reasons. They should probably have explained in the first place, but give them the chance to before suggesting they're angry about something they never brought up, please.

The GP is being hysterical. A pile of whataboutism and false equivalence.

Would you mind elaborating on what those egregious privacy issues are for those of us who don't follow particularly closely?

Not the parent poster, but the two I can guess at would be the unblockable analytics on settings pages and the mr robot debacle.

Please see my reply to sjwright above.

I don't understand how this is related to ProtonMail. It reads more to me like "never use Chrome [if you care about all of your web content being sent to Google]". Sure, ProtonMail is likely to have personal, private stuff in it but so does a bunch of other things, eg. internet banking.

It's related because it's being reported by a user of ProtonMail into a ProtonMail forum. What you say about it being relevant to just about every page is definitely true.

Then the title should reflect this. At the moment the title seems to imply (wrongly) that this is something specific to ProtonMail. I took the comment to be about clarity.

That's a problem of HN site norms. Mods here specify that titles shouldn't be altered by the submitter.

IMO there should be an original title and an edited title (and users could optionally display only one title of they requested) ... but then there's lots I'd change ...

Right that would be nice but people usually submit the original subject and the admins usually enforce that they do. Often you can get away with light editing for clarity when submitting a link but it's just something to be aware of.

I would do something like "never connect to <ProtonMail> using Chrome", but yeah, policy is probably less important than content.

It's related because that translate feature was disabled for those languages, but Google Chrome decided to disregard that specifically on ProtonMail and send the whole thing to Google servers anyways.

Where does the post say anything about it being disabled for those languages or that Chrome "specifically" ignored this on ProtonMail?

It just says they had to turn off the suggest translations feature, which would apply to all sites/languages.

> translation had been disabled for both French and English websites


Chrome is fun, today I learned you cannot turn off auto-complete for a page in chrome. Possibly some really creative hacks can do it but those seem to be "fixed" every so often as well. Which is great when you're building a HIPAA compliant page and would prefer that people's medical information not get cached by chrome (and then uploaded to their cloud storage if you're logged in).

> Chrome is fun, today I learned you cannot turn off auto-complete for a page in chrome.

Because people were abusing it left-and-right to prevent password managers, and as e.g. banks (my own bank did this...) rarely listen to customers, Google instead decided to disable that opt-out for everyone instead.

I remember reading that the Chrome team made a point of forcing autocomplete for password fields (out of some opinions about built-in password managers). But I didn't know they were expanding that sentiment to all kinds of autocompletion.

Not that this would surprise me with Chrome's general attitude...

I agree with Chrome's decision here. The data remains the property of the user, they are free to cache it on their machine or upload it to Google if they so desire. Pages that disable autocomplete (or break it with hacks) should die.

This has worked for me for a few years without needing changing (for spelling test, so definitely don't want autocomplete :)

    <form name="form" onsubmit="checkspelling()" autocomplete="off" spellcheck="false" >Enter spelling: <input id="textfield" name="textfield" size="20" type="text" style="font-size:32pt;" autocomplete="off" > <input value="OK" onclick="checkspelling()" type="button" " style="font-size:32pt;">
I don't remember which bits were added for which browsers...

URLs should not contain PII data. That is a very bad design.

[Edit] I've got the wrong end of the stick it seems.

Where did I say URL? I'm talking a POST based form.

Put a value into it a text field and Chrome will helpfully save it for future auto-completion. Then it'll upload it to your account on their cloud if you're logged into an account. How do you think it's able to fill out your name, address, etc. on all those web forms?

I'm sorry. I'm out of date it seems. I thought autocomplete="false" worked for non authentication/non common fields. I'll have to check this out in the office later.

It looks as though Google have gradually eliminated support for this because "reasons" https://stackoverflow.com/questions/30053167/autocomplete-of...

It also won't listen when you say "this is not a login field", super fun.

So why are you still using Chrome?

He is talking about supporting chrome as a client browser, not using it personally.

Ah, right, I misread the original comment. Thank you for the correction.

If you care about privacy, you really shouldn’t be using a browser that was created by a company that makes its money by learning everything about you and reselling it to the highest bidder.

> and reselling it to the highest bidder.

This isn't a thing that Google does

It sorta is, via ad targeting.

No it isn't. It's the difference between "Here's some money, please show this to young Democrats" and "Here's some money, please give me a list of young Democrats." That's a pretty damn big difference.

> That's a pretty damn big difference.

There's certainly a difference. I'm not sure it's a very big one though.

The latter is an extra problem in a few specific areas:

1. your foremost fear is a bad actor getting your private details (e.g. identity fraud / doxing). These are legitimate fears, but certainly not a primary likelihood in the majority of cases.

2. discrimination based on background checks (jobs/loans/etc.). Also completely legitimate, though background checks tend to be plenty invasive in isolation these days anyway, so I'm not sure how much of a negative impact Google's data would potentially add here.

Other than these specific threats, the two seem exactly equivalent for most reasons people are concerned about privacy.

Can you name some of those reasons? Because they seem very non-equivalent for almost any reason I can think of.

This is an odd question. If you can think of reasons where they're non-equivalent, why not state those reasons in your comment?

You're asking me to give counter-examples to examples/explanations you haven't given.

Well, that's pretty much my problem. The only reasons I can think of would pretty much be the two you've already listed (and explicitly said it's not equivalent for those purposes).

This isn't some gotcha thing, I'm trying to understand these concerns better, because I really don't. I'm not asking for "counter-examples" to anything, I'm just asking for examples. It's not an odd question.

Ah, ok, apologies; I didn't realise those two items I listed were your only reasons.

The main reasons people are concerned for privacy, I would say, are around influence and personal autonomy. There are plenty of people (many of them on HN, I've read many comments here to this effect), who want to cede decision-making about their own consumption to service-providers. There is an attractive convenience to this. Privacy advocates are typically not these people, and are concerned not just for their own individual autonomy, but also often motivated by broader societal concerns like those discussed by Pariser (obviously a hot topic right now w.r.t. Trump and Putin), as well as less-political aspects of selective exposure theory around societal trends.

I'm concerned about privacy insofar as the information collected can be used to used to hurt or oppress me or others. Using it to target advertising doesn't rise to that level. To the extent that advertising itself is acceptable (and there's a legitimate debate there), targeted advertising seems to be a benign use of personal data.

The main problem I see is that corporations cannot be trusted to limit their use of personal data to benign purposes, nor can they be trusted to keep that data safe from people who will abuse it. But there's certainly a significant difference between potentially leaking or abusing data and actively selling it.

>targeted advertising seems to be a benign use of personal data.

How you define benign? let me give you a real example,

A woman got pregnant, she probably did some web searches related to the situation. Then something bad happened, the pregnancy was lost but the woman continued to get ads related to the baby for months(or even more).

There is no button somewhere where you click and all ad networks can clear your history, your data is stored forever and sold or traded.

The line blurs a bit when it's "Here's some money, please show this specific link with a bunch of tracking methods to young Democrats in a 50 mile radius of <city> who recently bought a car and have a credit card balance >$10k".


Right. Google does the first, Facebook did the second

If you're referring to Cambridge Analytica with your Facebook example, Google have provided APIs for 3rd-parties to access private user data for many of it's services, just as Facebook did with Cambridge Analytica. For example, the G Suite Marketplace lets many companies read all of your emails.

Both require an auth consent screen with permissions listed, where it may or may not be clear to the user what's being shared.

Only a few thousand people clicked through consent pages to share data specifically with the Cambridge professor who shared data with Cambridge Analytica. Facebook's APIs allowed that professor to then get data about those users' friends, who never made an agreement with that professor. Facebook has since shut down that API. https://techcrunch.com/2015/04/28/facebook-api-shut-down/

What stops Google from selling this list if the deal is good and nobody knows about it?

The deal could not be good enough, because the liability for breaking their own privacy policy would probably be much larger, not to mention the loss of user trust. Even Facebook does not sell the list.

Hopefully, the fear of internal whistleblowers?

If you target an ad to young Democrats, and they click on it and buy the advertised product, then you know that they are young Democrats, and you'll have their personal information.

That's how Google leaks information.

How about “here’s a subpoena, give me a list of young Democrats.”

It’s not the highest bidder but it’s still a problematic consequence of concentrating so much data in one place.

But you do get a sample of that list when your ads convert.

No, they monetize it right there in house. Doesn’t change a thing.

It changes the fact that only Google (and three-letter agencies) know what you do. It's in their best interest to keep the data to themselves.

When I visit a website in a foreign language I've never translated before, Chrome asks my permission to translate the site, it doesn't do so automatically. You could argue they could give you more details on what it will do when you click the 'Translate' button, but to argue they shouldn't offer the feature as a permission-requested option at all seems pretty extreme.

I read a lot of foreign websites, and the built-in translate feature (which you can request in the right-click menu, or from the Toolbar) is a life saving feature, like, literally, I've been traveling, and Chrome built-in ability to translate helped in a medical emergency.

Question is, how does it know to ask?

If it is based on analysis done by the local machine, no problem. However, if it is based on analysis done by google servers, big problem!

As mentioned in the reddit thread, it is done clientside by this library:


> Question is, how does it know to ask?

The html tag has a "lang" attribute, and the server itself can send a Content-Language HTTP header. Most CMSes these days set one or both once multi-lingual is enabled.

Additionally the browser can utilize the OS or it's own spellcheck word database: check every word in every dictionary and the dictionary with the most matches is likely to be the relevant one.

> Additionally the browser can utilize the OS or it's own spellcheck word database: check every word in every dictionary and the dictionary with the most matches is likely to be the relevant one.

Every word seems excessive, especially if a page has an excessive amount of text on it.

I have noticed that 'certain' sites that obfuscate titles by homoglyphs are recognized as vietnamese by chrome. That seems like something based on the actual content of the page.

It asks permission to show you the translated version.

But does it send the page's content to some Google server only if you agree? The point here is that it seems that the content is sent over to Google no matter what.

Two downvotes for pointing out that it asks for permission to translate, and that the feature is pretty important if you're traveling in a foreign country and don't speak the language?

I just don't understand how so many people in the HN community, who are so vocal about privacy, turn around and use Chrome.

Don't feed the beast.

I have been using Firefox since version 1.0. I don't understand the desire to use google's browser. However, why would even trying view secure data in your web-browser... Not even just Chrome. Things may get cached ect... Although, Mozilla has been doing things that I find annoying at times. Like adding pocket ect...

Little Rant Although, I have looked at some of the other forks. What I find more depressing is how few up to date browser engines exist. It's a sign that web standards are getting too complicated. We already going to have a 3rd version HTTP as well... Both HTTP/2 and potential HTTP/3 are based off of work from google. Those protocols are a lot more complicated than HTTP. So it's much harder for a small group to implement them. That's just the protocol layer. Let alone JS, HTML, CSS, and all the other little things. It's like big companies keep bloating the standards. The result is the browser is probably one more complicated pieces of software regularly use.

What ever happened to "KISS".

Maybe over-complicating things is a way of eliminating competition from Google. If it wasn't so complicated, someone could easily offer a competing, privacy-oriented browser; which Google would not like-- so make it so hideously complex no one can do it without $50 mil? There would be more innovation if things were simple, because anyone with a good idea could contribute.

This sort of happened when the WHATWG effectively wrested control of HTML away from the W3C (although Google was not a founding member, they are one of the Steering Members now). https://thehistoryoftheweb.com/when-standards-divide/

The membership of the W3C supported XHTML, to improve interoperability among other reasons. Apple, Mozilla and Opera had a different vision and broke away and formed the WHATWG which Google and Microsoft later joined. Those companies (minus Opera) now have near total control over HTML and the W3C just rubber stamps whatever they decide.

(Note: I don't believe the participants in WHATWG were doing what they did for anti-competitive purposes, but in hindsight it had that effect.)

XHTML actually decreased interoperability with seldom anyone able to produce conformant strict XHTML. XHTML was a huge mistake, the W3C obsoleted itself with this one.

Precisely that has been observed across many markets. Teachers unions being an example where adding on requirements to entry enshrine current members.

Google also has additional power by simply not implementing things introduced by WHATWG participants. Case in point: the menu/menuitem elements which would have provided scriptless interaction in a limited way (removed from W3C HTML 5.2). Any small attempt to make the web more declarative by extending HTML is doomed since not essential because it can be implemented using JS.

WHATWG's specification process, putting the world's main communication medium into the hands of browser vendors with an interest to eliminate competition and define entirely new Turing runtimes (WASM), and advertisers who turn around and create competing mechanisms (AMP), then not actually ever delivering a standard (the "living standard" nonsense) is broken, and has been for a long time.

I've seen a number of comments about http/2 and http/3 being driven by Google. The ideas originated there (SPDY and QUIC respectively) but in both cases many different entities backed the ideas and formulated specifications in IETF settings. I'm not sure I buy that somehow Google managed to hoodwink the people that toiled on these specifications in a non-Google environment and managed to influence them in such a way that the output was beneficial to their nefarious goals.

There are already quite a number of http/3 implementations from non-Google companies and projects [0]. Cloudflare seem to be big backers of http/3 [1]. There were some other articles today that are generally positive on the http/3 approach. One was from Tim Bray at AWS [2] and the other from @ErrataRob [3].

0. https://github.com/quicwg/base-drafts/wiki/Implementations

1. https://cloudflare-quic.com/

2. https://www.tbray.org/ongoing/When/201x/2018/11/18/Post-REST...

3. https://blog.erratasec.com/2018/11/some-notes-about-http3.ht...

It's just an example of how much weight Google is able to throw around. That's a just one part of what would be needed for a browser. The more parts you add the harder it becomes to build a browser.

Also I have read about QUIC there are some things that are interesting about it. However, there are things that I don't like.

Moreover, this was something I read from IETF mail archive: "That QUIC isn't yet proven. That's true, but the name won't be formalised or used on the wire until the RFC is published, so we have a good amount of time to back away. Even then, if it fails in the market, we can always skip to HTTP/4 one day, if we need to."[1]

I find that pretty concerning. If it does not pan out we can just skip over. That's still something someone has to implement even it's not used much. I would only be considering things that people in general are eager to use not just a few big companies.

[1] https://mailarchive.ietf.org/arch/msg/quic/RLRs4nB1lwFCZ_7k0...

That's still something someone has to implement even it's not used much.

Not true. This is why alpn and the upgrade header exist. You do not need to implement any of the new protocols, and you can certainly skip a version if you don't think it's worth the effort.

Cloudflare seem to be big backers of http/3 [1].

Having the second-largest traffic analyzer on board would seem like more of a cautionary negative than a positive to me.

Tinfoil hat off for a second it makes more sense Cloudflare and Google are backing these protocols because they're more efficient which means lower infrastructure costs. They both terminate traffic already so can already see everything regardless of the protocol used.

I am not the person you responded to. However, I would only be considering things that people in general are eager to use not just a few big companies. Most users of HTTP have never been too concerned with it's overhead. Except maybe the way cookies have been design. It definitely has problems, but most peoples problems are not googles or cloud flares.

So we should be against something that makes all sites faster... because big companies care more about their sites being fast? That just seems like spite to me.

If anything, smaller sites have more to gain from HTTP/2 and HTTP/3 than the likes of Google. For example:

- Both HTTP/2 and HTTP/3 seek to reduce the number of round trips, mitigating latency between the user and the server. Now, from Google's perspective, the "server" is the nearest load balancer in a globally distributed network, which is probably geographically close to wherever the user is. Thus, users with good Internet connections typically have low enough latency for the improvements not to matter much. But Google still cares about latency because of users with poor internet connections – such as anyone on a cell network in a spotty coverage area. Well, poor connections affect all sites equally. But small sites tend to not be fully distributed; they probably only have a single origin server for application logic, and perhaps a single server period, if they're not using a CDN. That means a fixed geographic location, which will have higher latency to users farther away even if they have a good connection – thus more benefit from latency mitigation.

- QUIC can send stream data in the first packet sent to the server, without having to go through a SYN/ACK handshake first. TCP Fast Open lets plain old TCP do the same thing – but only when connecting to a server you've seen in the recent past (and retrieved an authentication tag from). Thus, QUIC is faster when connecting to a server for the first time – which affects smaller sites a lot more than Google.

Most users of HTTP have never been too concerned with it's overhead

End users complain all the time about latency. And that includes the latency to your small website hosted on a single server hundreds of milliseconds from your visitor... certainly more than it includes google's websites.

What you really mean is that small website operators generally don't care that their visitors are irritated by how slow their website is... and just brush it off and ignore it because they have no solution to the problem.

Maybe you should consider h2 as being for the benefit of visitors across the internet, and a benefit for those who care about performance.

It says it all that even though h2 is not required, small website have adopted it across the globe... now at 1/3rd of all websites, and growing.

I don't think cloudfare really does traffic analysis. At least nowhere near the level that google does. It is not their core business.

Why then they offer free fully functional CDN-like service, free SSL ? Data is new oil, and CF has all data in plaintext - your logins/passwords included.


a. It's really cheap for us to offer that service

b. Lots of those free customers end up upgrading, paying for extras, etc.

Between a and b offering the free service makes sense. We make money from the customers who pay us for our service (https://www.cloudflare.com/plans/), not from doing something nefarious with data. We'd be shooting ourselves in the foot if we did because that data is our customers data. We need to be very careful with that or we'd lose trust and not be in business.

Also, free means anybody can try the service and kick the tires. Often those people turn out to me the CIO, CSO, CISO, CTO, ... of big corp.

The plaintext thing is just too sensitive, and your free service offer makes the reach too wide. Could you be compelled, by warrant, to provide all plaintext traffic from a single user IP?

> I don't understand the desire to use google's browser.

It was the only browser with a decent Javascript sandbox, at least until recently. Wikipedia claims Firefox got a sandbox this month, but I think I've seen earlier claims:

> Until November 2018, Firefox was the last widely used browser not to use a browser sandbox to isolate Web content in each tab from each other and from the rest of the system.[120][121]

Also it was the only browser where every tab ran in its own process so a crash would only take down that tab.

Microsoft's browsers got this functionality pretty early as well (I believe around the IE9/10 timeframe), though they of course had and still have numerous other issues that would make them undesirable for regular usage.

> It was the only browser with a decent Javascript sandbox

What about Safari? IMHO it has strong sandboxing. Another interesting thing I found, is sharing cookie access between private tabs, Safari does not, Chrome does.

Could be. I don't know much about the Apple ecosystem.

> Those protocols are a lot more complicated than HTTP. So it's much harder for a small group to implement them.

Why does a small group need to reimplement HTTP/2 and HTTP/3? It's important that we have more than 1 or 2 implementations, but we don't need more than a small handful, and we definitely don't need every independent group reimplementing them. We just need enough that anyone who needs it has access to an implementation that's usable for them, whether it's bundled with the OS (such as Apple's Foundation framework including a network stack that supports HTTP/2), or available as a library (such as Hyper for Rust, or I assume libcurl has HTTP/2 support).

Because then you get more parts of your stack that you don't really understand how they work and are unable to audit.

We are basically doing with TLS. Which went fine - until people realized that one of the major go-to implementations of TLS contained years old unfixed bugs that could be remotely exploited.

I am not sure TLS would have been better if instead everyone rolled their own TLS implementation.

Nor do I think that a more diverse world of TLS implementations would've led to better auditing of openSSL. We had barely enough eyeballs to audit openSSL, let alone to audit more stuff.

The issue with openSSL was that the protocol was sufficiently complicated and sufficiently critical that people just picked the available option. Perhaps those who did look into the code they were running concluded it was bad, but weren't willing to create a new library. Besides, any new library would have the stigma of 'they are using a non-standard and new crypto library'.

In that case, the solution would've been louder complains about the code quality of openSSL.

Better for everyone to be using a small handful of battle-tested implementations written by experts than for everyone to roll their own implementation. The latter may mean that people have a better understanding of the component, but it's also pretty much guaranteed to mean the various implementations are buggy. Even very simple protocols are easy to introduce bugs into.

For example, it's pretty easy to write an HTTP/1.0 implementation, but it's also easy to open yourself up to DoS attacks if you do so. If you're writing a server, did you remember to put a limit on how large a request body can be before you shut down the request? Great! Did you remember to do that for the headers too? Limiting request bodies is an obvious thing to do. Limiting the size of headers, not so much. But maybe you thought of that anyway. What about dealing with clients that open lots of connections and veeery sloowly feed chunks of a request? The sockets are still active, but the connections are so slow you can easily exhaust all your resources just tracking sockets (or even run out of file descriptors). And this is just plain HTTP, without even considering interacting with TLS.

"It's a sign that web standards are getting too complicated."

Is there precedent for standards significantly simplifying over time, or do they always tend to get more and more complex?

What frequently happens is that a simplified alternative appears.

HTML5 rather than XHTML, Markdown vs. HTML or LaTeX, HTML, originally, vs. SGML or Sun's ... proprietary hypertext system (Vue?).

Arguably, replacement of much office suite software with Web technologies.

Multics -> Unix.

This is true, but a web browser can't really make those choices without a breaking a lot existing stuff. The big problem is that we keep piling onto HTML, CSS, and JS. For instance if we wanted web apps it would have been better to make something separate. Instead we have taken HTML which was originally just a way of rich text formatting and have made into the beast that it is today.

This may be a nitpick, but hopefully it's also an interesting rabbit-hole:

HTML was originally contemplated as more than a method of rich text formatting. It was created as a way to describe and link arbitrary media and applications. I'd recommend reading the first published proposal for (what later became known as) the World Wide Web written by Tim Berners-Lee [1]. In my reading, I see it as being intended applications as powerful as the kind we build today - at least as far as could be contemplated and described in 1989, and given the degree of abstraction with which the document as written:

> "Hypertext" is a term coined in the 1950s by Ted Nelson [...], which has become popular for these systems, although it is used to embrace two different ideas. One idea[] is the concept: "Hypertext": Human-readable information linked together in an unconstrained way. The other idea [...], is of multimedia documents which include graphics, speech and video. I will not discuss this latter aspect further here, although I will use the word "Hypermedia" to indicate that one is not bound to text.

An example of anticipated usage:

> The data to which a link (or a hot spot) refers may be very static, or it may be temporary. In many cases at CERN information about the state of systems is changing all the time. Hypertext allows documents to be linked into "live" data so that every time the link is followed, the information is retrieved. If one sacrifices portability, it is possible so make following a link fire up a special application, so that diagnostic programs, for example, could be linked directly into the maintenance guide.

Another category of use-case was web crawling, link-based document search, and other data analysis.

These and other anticipated use-cases envision more than text formatting; the primary purposes of the proposal were, in my opinion, the inter-linking of information and the formal modeling of information, especially for the purpose of combining different programs or facilities into a single user experience.

[1] https://www.w3.org/History/1989/proposal.html

I wish Google Search would create an HTML5 subset for documents that would boost rankings if used.

A good majority of search results I am looking for should be simple single page HTML documents that don't use complex HTML5 features that are needed for web apps.

Change ranking, and you give websites the incentive to avoid JavaScript or CSS features that are against the reader's interests.

I'm 80% sure you're joking, but just in case, this is essentially what AMP does.

Last thing we need is google dictating more about the internet.

My understanding was that this was the original plan for XHTML. Keep HTML 4.x around as a "legacy standard" for old content, make new developments in a new language with an architecture more suited for modern use cases.

Of course this would have required browser vendors to support two languages at the same time for a sufficiently long transition period, which was apparently too much to demand.

But they did support both languages, and support them to this day.

It's the sites that didn't adopt XHTML. Everybody on the infrastructure side loved it.

..without a breaking a lot existing stuff...

That's specifically why and how new standards apear. They accomplish most (though not all) the earlier capbilities, with a masive reduction of complexity. It's a form of risk mitigation and debt reduction.

Compare browsers generally: Netscape -> MSIE -> Mozilla -> Firefox -> Chrome -> Firefox. Each predecessor reached a point of complexity at which, even with massive infusions of IPO, software monopoly, or advertising monopoly cash, they were unsustainable.

The old, dedicated dependencies (frames, ActiveX, RealPlayer, Flash, ...) broke. Simpler designs continued to function.

>For instance if we wanted web apps it would have been better to make something separate

But then we need to make another app + browser version? Which defeats the purpose...

Moreover, we have gone from Microsoft pushing complexities to Google.

Like the latest two HTTP protocols are both based of tech that google has already made. However, IETF is like that sounds good. It's got it's advantages, but there is very little push back saying well that makes things more complicated.

For instance with HTTP/2 it has support for pushing files to the client. Most back end web stacks are still trying to think of good ways to make that easy to use. Mainly since what files to send depend on what the page contains. So either you have to specify a custom list or the web-server now needs to understand HTML to get a list of required resources. This also gets more complicated since a push will be useless if the resource is already cached. This means your webserver has to have some kinda of awareness of how clients will cache data. Again this starts to mean your web server needs more client knowledge.

This is does not even take into account how the browser should handle these things.

Additionally, while cryptography is a good thing, the standard for HTTP/2 does not require it. However, pretty much all the browsers ignore that un-encrypted HTTP/2 is allowed. So if you wanted to run HTTP/2 without TLS the browsers act like site does not exist. This gets into the problem since there are so few browsers they can basically make defacto standards. So if you went through the effort and followed the standards what you encounter may not follow those standards at all.

The standard for h2 may not have required it, but practically it was required. There are middleboxes on the internet that assume any traffic over port 80 is http 1.1, and will destroy/interfere/break non-1.1 traffic. There are also servers that will respond with a 400 error if they see an unrecognized protocol in the upgrade header. This is why actual data shows h2 has a higher success rate when sent over tls.

IIRC MS/IE wanted to implement it, but they backed off because of these issues

Asking browsers to implement h2c is asking them to make their browsers flakier... their users would see a higher connection error rate... which the user WOULD attribute to their browser, especially if they open the same URL in another browser without h2c and it works.

Using the upgrade header instead of alpn is slower anyway.

> HTML5 rather than XHTML

Huh? Parsing HTML5 is much more complicated than XHTML, and everything else is about the same.

The issue with XHTML is not parsing, it's generating valid one. The internet got years to try, failed, time to switch to something else...

Because parsing invalid XHTML, which all browsers ended doing, is more complicated than parsing HTML5...

It's pretty easy to generate a valid XHTML doc. The issues come when someone is editing by hand and doesn't care.

> Because parsing invalid XHTML, which all browsers ended doing, is more complicated than parsing HTML5...

I don't understand what you mean. Isn't the non-strict parser for XHTML just the normal HTML parser? The complication levels should be equal.

> It's pretty easy to generate a valid XHTML doc.

In the face of arbitrary user-content, like comments? Are you checking they don't include a U+FFFF byte sequence in there? (Ten years ago almost none of the biggest XHTML advocates had websites that would keep outputting well-formed XML in the face of a malicious user, sometimes bringing their whole site down.)

It's absolutely possible to write a toolchain that ensures this, just essentially nobody does.

> Isn't the non-strict parser for XHTML just the normal HTML parser?

Yes. It's literally the same parser; browsers fork simply based on the Content-Type (text/html v. application/xhtml+xml), with no regard for the content.

The bigger problem with XML parsers is handling DOCTYPEs (and even if you don't handle external entities, you still have the internal ones), and DOCTYPEs really make XML parsers as complex as HTML ones. Sure, an XML parser without DOCTYPE support is simpler than an HTML parser, but then you aren't parsing XML.

The problem is that with the glut of document declaring strict conformance but failing to be, fallback mechanisms had to be implemented, making it like a two pass parser, where if strict fails, you reparse in non strict. In the end slightly more complex, and definitely slower.

Anything more would be paraphrasing http://www.webdevout.net/articles/beware-of-xhtml

In the particular case of web standards, my impression is that some companies that develop browsers (1) tie individual performance evaluations (e.g. bonuses) to whether the engineer has added stuff to standards and (2) _really_ like over-engineering things. The effect on web standards has not been good.

Firefox performs badly, especially on my 2-core macbook.

Quantum is still not fast enough with many pages I use, I bet most devs do not test on firefox anymore and I've found FF unusable unless you use a 4 core machine, otherwise you get many random pauses here and there.

So my choice is chrome or safari. Safari is not customizable enough for me so chrome it is.

I use Firefox as my daily driver and I am consistently amazed by how slow Chrome is whenever I load it up for a debug session or to access a work related site (it's the new IE, sites only support it).

Most Google sites are faster than Firefox (big surprise /s) but most everything else is the same or slower. I thought Chrome was supposed to be fast, it feels like a turd.

I have a Yoga 2 (4 years old) and my laptop fan revs up like a harrier jump jet whenever I load Chrome. Firefox only manages to make it purr loudly.

I recommend to my non-IT friends and family that they should use gmail and chrome because they use Windows and Google's security is fantastic. Sure there is a compromise. Google are using private information for advertising but (1) Google doesn't have a history of sharing PII with third parties and (2) Google are very good at keeping information and passwords secure. Many of my non-tech friends and family use Android phones so they need a gmail account (convenience), and they use Facebook (so their privacy is already compromised to third parties). I strongly recommend against IE and Edge because they are buggy and IE/Edge had 9 critical security flaws in October (implies lots and lots of zero days in the long tail still remain). Firefox is OK but it just isn't as fast, reliable, usable, or secure as Chrome IMHO.

I personally use Chrome because it is secure and fast (and the debugger works far better than Firefox's, Safari's or Edge's). I personally don't use Apple because I don't want to spend x% of my disposable income on iDevices per year, when I can spend 0.x% on Android devices per year. I distrust Microsoft (their security is suspect and their implementations suck: I use outlook for work and the UI is super buggy - I notice unique flaws regularly and have to live with some bugs every day. Like email notifications stopped working the other day - just unbelievable shit). I would love to not use Google, but for the compromises I need to make, it remains the best choice by far for me. Edit: fixed # flaws.

Have you given Firefox another shot during the past year? I agree that it used to be terrible, (as in bloated and buggy and slow) but the work they've been doing with servo and quantum has really, really paid off. It really is a whole new experience.

I don't do webdev, so I can't really comment about that. I agree wrt edge being terrible and not being willing to pay Apple prices.

I do some webdev (work with APIs & frontend stuff like react, vue). The firefox debugger is different. After an adjustment period I got used to them just fine and actually prefer some parts (like the network tab).

So I'm a Firefox user. Went back for reasons everyone here already knows; lots of privacy issues. I use a VPN too.

Anyway I switched to Firefox on my computers and mobile system. I use that VPN to try limit Google's tracking of me and I use duckduckgo for the same reason.

Long story short I just switched back to chrome on my Android, because Firefox has kinda stopped working. I used to be able to keep 100 tabs open, not I can't even keep 1 open in the background. When I go back it just forgets what it was and won't refresh. I click refresh and it shows it's refreshing, but then nothing happens.

Nothing I can do. I'm reading some or I see a great article and I open it right away in a FF tab for later. I go back it doesn't load. Then I can't reset/restart it, because it won't die and then it stops syncing, etc.

It's really really bad. Sadly this wasn't the case when I decided to switch about 8 months back, this is only in the last 60 days.

I'll keep using Firefox for now on my desktop, but honestly I really rely on profiles and sync across profiles, which is a pain to get around on FF as it is, but now it's a big burden I can't really see my way around.

Too bad, but honestly I need a reliable tool more than I need privacy at this stage.

I was seeing similar symptoms. Fixed by setting cookies and all other state except bookmarks, one or two others, to clear upon browser exit.

Interesting extreme user, would be interested to learn more about how you compute.

Happy to connect anytime and share. I'm on most platforms with this handle.

I've used Firefox 55-62 and I switched back to Chrome recently. Quantum was a great improvement, but it is still too buggy for me and it's gone downhill somewhere in the past few months

* Uses 30-40% CPU constantly on my Ubuntu laptop, causing the entire system to freeze.

* Slow on JS-heavy apps like JIRA, Gmail, Google docs.

* Firefox Android randomly decides to stop loading web pages, requiring a force quit and restart.

* Firefox Android bugged out while writing this comment, the text I typed would appear at a specific location, regardless of where I put the cursor. This and various other HTML input bugs require me to restart the browser again and again.

Heh,google's entire business model is sharing your data with third parties. Is it better because they filter out some details?

Also,Chrome might be more secure from a vulnerability point of view but browser exploits(exploit kits) are not a very common means of deploying malware these days. They tend to focus on IE and flash these days: https://blog.malwarebytes.com/threat-analysis/2018/03/exploi...

Can you point to some links on Google sharing data with third parties? AFAIK they don't share any data. You want to target a certain demographic they will target for you but they won't pass on the data. They keep the data internal.

If you install some 3rd party app and give that app permission to access your data they'll give that app the access you requested them to give but otherwise no sharing AFAIK.

If I target users based on a specific criteria and I know they came from google then that information about them is passed. Raw data isn't much use anyways,that's why google and fb aren't afraid to share with users what they collect. The analysis and targrting donewith that data is what users should be concerned about.

The same reason that so many of them continue working for companies that blatantly violate principles they claim are important to them (privacy, open-source, anti-advertising, etc.):

It's easy to be vocal about principles, but when it comes down to it, very few people are actually willing to impact their own comfort or convenience to truly follow them. It's simpler to just come up with a reasonable-seeming justification for why you're not really supporting things you claim to be opposed to.

> The same reason that so many of them continue working for companies that blatantly violate principles they claim are important to them (privacy, open-source, anti-advertising, etc.):

You're trying to paint people as hypocrites, where a more simple explanation is that maybe most of users even here on HN are not as concerned with the problem as you are. Vocal minority and all that.

> willing to impact their own comfort or convenience to truly follow them.

*method of survival.

You can "stand up for your principles", or you can not be an ideologue, survive, and live to fight another day making progress and positive change along the way. Full stop boycott stops nothing. Changing from within is the most effective. Instead of posting shame-inducing posts like this, labeling people and assuming the worst, try assuming the best, encourage them to take actions to increase privacy and increase security. I work in that field, and when my own principles are violated, I speak out. I guarantee that changes more than people shaming others on social media. Advertising and Data collection have about as much as a chance of stopping as world governments agreeing to stop producing bullets, so let's try to make it as ethical as we can.

You mean like we make visible progress in climate change because everyone suddenly decided to stop using meat, even though they get constantly bombarded with advertising telling them not to? Oh wait, we don't actually!

I just don't understand how so many people in the HN community, who are so vocal about privacy, turn around and use Chrome.

The amount of blind trust that people - including very technical people - gift to Google is rather shocking.

You might trust someone with one thing but not with the other thing. A question "do you trust them?" out of context is not specific enough.

Here is an alternative view from Theo De Raadt, OpenBSD founder: “[firefox catching up with chrome’s security] is lipstick on a pig”: https://marc.info/?l=openbsd-misc&m=152872551609819

One could say that it doesn't matter how many different privilege separation levels Chrome has if it so readily exfiltrates your data to Google's servers.

True. But security considerations add an important dimension to the conversation which is often missed.

Firefox has more than two process classes. I'm probably missing some still, but it separates at least into main process, content processes (tabs), NPAPI plugin process and extension processes (at the time of his writing, I believe this was one big extension process still).

There's also a process for Asynchronous Panning and Zooming (APZ), but that probably doesn't help much with security.

Chrome makes sure that no one get user data but Google.

I don't use Chrome but the vast majority DOES and I share a planet with them. Google is everywhere these days. So far it doesn't impact me too much since I've been blocking ads profusely.

Many tout their laziness as efficiency.

Chrome made a better walled garden out of the web than any other browser.

People want apps. Not browsers.

> I just don't understand how so many people in the HN community, who are so vocal about privacy, turn around and use Chrome.

1) Firefox is SLOW. I have ~400 tabs open on a Macbook right now in Chrome, Firefox snails around at 30-40 tabs.

2) Firefox dev tools sucked for a long time, compared to Chrome's. Same goes for Safari's dev tools - and don't get me started on the clusterf..k called Internet Explorer... that's why devs drove off to Chrome in the first place and stayed there.

My experience with these browsers (also on a Macbook) is almost exactly opposite. It's amazing how people can use the same things and have such wildly different experiences.

People simply don't believe in their own agency.

Specially ChromeOS.

It still has the tightest sandbox. So until Firefox has a new Js engine, it's a security-vs-privacy choice.

half the internet is optimized for chrome. we're lucky theres any alternatives at all. MS should buy FF just to fuck the future

Because it's faster. That's all there is to it. Yes, I know many people will come and tell me how wrong I am and how Firefox is so much faster in their experience. Maybe they will link to some synthetic benchmarks. I don't care. Chrome is faster.

Also the Developer Tools of Firefox are worthless... and not only because of how slow they are.

> the Developer Tools of Firefox are worthless

That's odd, because I think the Chrome dev tools are junk compared to Firefox. And I've never had an operation in Firefox dev tools that wasn't instantaneous. Perhaps our use cases are markedly different.

And I don't understand how so many people in the HN community can believe such conspiracy theories about Google and Chrome, what info they collect and how it's used and shared.

AFAICT Google doesn't share any info with 3rd parties unless you sign up with some 3rd party and ask them to share the info. I've never used my Google account to sign up with any 3rd parties.

As for Chrome collecting my history.(a) I want that since I want to be able to search my history across devices. For those rare cases where I don't I use an Incognito window. (b) you can opt out of having Google use your history for ad targeting. https://adssettings.google.com/authenticated

Note that ad targeting does not in any way suggest Google is sharing data. In fact it's in their best interest not to share data. If they share the data then other companies can use that data themselves. If they don't share data then other companies have to go through Google for targeted ads.

Google is the third party in this case.

It doesn't matter if they're not sharing it with third parties.

If the user in question did not give specific permission for Google to steal their ProtonMail email/s and send them back to Google servers, then that should be a crime. It should be a felony, just as it would be if a Google employee opened or obtained my physical mail without permission, scanned it in some manner, and took it back to their offices.

that is a fairly uncharitable interpretation of what happened. At worst Google tried to be helpful by offering a free translation service and the user clicked "yes, translate all pages in language X to Y". Chrome does not automatically translate pages out of the box. it asks

the language detection is done client side; many years ago I pulled the code out to use it in another project!

presumably she had "automatically translate" on...

The detection, maybe. The translation, on the other hand, is most likely done in a server.

^ yes the language detection is done within the browser. See https://www.google.com/chrome/privacy/whitepaper.html#transl...

what are the rules that cause a page in your own language to be translated?

Whenever I visit a non-English page I get a popup saying "do you want to translate this page". I assume the user in this case clicked the "Always translate" button.

This is a really awesome project: https://github.com/Eloston/ungoogled-chromium

I've really tried to use Firefox... Chrome just runs so much smoother, especially for media.

Vivaldi is a nice de-Googled project, a Chromium fork with all (?) Chrome plugins working on it.

Yeah Vivaldi is pretty nice, and is updated frequently. I use Firefox and Vivaldi as my main browsers now. I don't have the energy to completely de-Google myself (yet) but this is a start.

Mostly I believe it's just because I've been using Firefox for so long, but Chrome always felt a bit off. The developer tools was just a little worse, the GUI was a bit more annoying, the spell checker only works if can actually spell the words to begin with. Most people seem to prefer Chrome, and Chrome derived browsers though.

Obligatory Brave recommendation as well which is built on their own degooglified chromium. They list what they've removed here https://github.com/brave/brave-browser/wiki/Deviations-from-...

Isn't problem simply with the user (his wife)? She had enabled auto-translation and didn't notice.

Similar thing would happen to anyone with email account setup to forward all emails to a public mailing list or something of that nature.

if this shocks you or anyone then you dont't know G-world. Remember, it's their world and we just live in it. Anytime you connect to G-world via any of their services, they "own" everything you send over it.

i just dont understand why people go "no way" over this kind of things -- it's google for F sake.

1. If you WANT be public, upload videos to 'own' YouTube channel, post in 'own' blog on Blogspot — use Google.

2. If you WON'T be public — don't use Google! Keep uBlockOrigin & uMatrix in your web-browser always turned ON or use Links[0] as default browser!

As for me, I want manage 'own' YouTube channel (spoiler!), but I will newer use 'own' GMail or other Google's services for serious things non on home PC, non on Android mobile.

P.S.: How many of you has LinkedIn profile? ;-)

[0] https://news.ycombinator.com/item?id=16191843

Can't ProtonMail just solve this with a meta tag...?

<meta name="google" content="notranslate">

I don't think that's the point. The problem here is that we seem ro forget that by using Chrome, Google has direct access to absolutely everything we do on the internet.

Go to https://myactivity.google.com/myactivity and you will see all the things they track. It's bizarre.

The one that pisses me off the most is that they track the apps that I open by binary name and I own an iPhone and use Safari. I don't even know how the fuck they do that.

...uh huh.

I don't use Chrome, and don't use Google. I'm pretty intimately aware of the point. ProtonMail can still do their part. ;P

I'm heavily into Google and have 2 Macs and 4 iOS devices all signed in using Google apps. I don't see any iOS app activity in that link you posted except Chrome and Google Maps. Can you tell me where I can find other iOS app activity you mentioned?

They just appear there. In my bundle view I have logs like the following:

"Used com.shazam.Shazam"

"Used com.teamblind.blind"

It seems they log app usage for apps that have some sort of Google SDK installed or are serving Google AdSense. Definitely not all the installed apps, but several.

Actually a better way would be be:

if (navigator.userAgent.contains('chrome')){ window.location.replace('https://www.mozilla.org/firefox/') }

Seems you missed the point.

I wish I knew how to effectively communicate to people not to copy paste sensitive data into translate.google.com whenever they need a translation.

Even some dedicated translation apps that you install on your desktop actually upload everything to a 3rd party server for translation. I would love a list of local-only translation software that were close to as effective as the various online options... or even online but with a good data policy.

"But the conclusion is frightening : it means that the content of every webpage visited using Google Chrome is sent back to Google."

This is how it always worked and the number one reason I'm avoiding Google Chrome.

This neither is nor was true though. In this context pages are sent only if you are on a page which looks like it could be translated and you request the translation. That's a long way from "every page"

In another thread here the OP is quoted as saying Chrome sent the data even when translation is disabled.

Disabled for specific languages. That means either: the page was misclassified as a different language, or there's a bug affecting those preferences, or it was a user mistake and the translation was turned on.

I've been going through Google Analytica courses a bit recently, just because I'm interested. It is frightening how many techniques Google uses to gather meta-data and how much you can make out of it all. Thanks for sharing this, I use ProtonMail myself but avoid google all the time, one more reason to do it.

Google is an Ad company, 80% of its income is from serving Ads, mostly targeted Ads.

So any Google software is serving this goal - phishing as much user data as possible. That is Chrome, Android, GMail, iOS Google Maps, iOS Gmail, Google-Analytics scripts on websites, Google DNS, any software written by Google.


My opinion about Google has completely changed in last few years. More scary than Chrome's monopoly is Android. Android is basically a black box. It's very hard to find what apps have access to what on the device. We desperately need a third competitor in mobile space.


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact