On Fri, Jun 11, 2021 at 9:38 AM Jan Schaumann via NANOG <nanog@nanog.org> wrote:
William Herrin <bill@herrin.us> wrote:
It turns out that every password I allowed Chrome on Android to remember, it uploaded to Google. In plain text!!
Chrome does not store your passwords in plain text. It encrypts them locally, on e.g. macOS using, I think, a secret stored in the keychain under "Chrome Safe Storage", on Windows using a similar API and secret probably unlocked via your login credentials.
Hi Jan, I'm fine with Chrome encrypting them locally. That's what I want it to do. I'm not at all fine with it uploading them to my Google account. I don't want any trace of my non-google passwords present in my google account. I'm very very not fine that it happened behind my back without my express consent. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/