On Sat, Jun 12, 2021 at 12:10 PM K. Scott Helms <kscott.helms@gmail.com> wrote:
Scott, Google's computer is able to compose an html document which contains my passwords in plain text. Whatever dance they do to either side of that point in their process, at that point they possess my passwords in plain text. Why is this concept a mystery to anyone?
Because it's wrong, they don't have your passwords you do (more accurately your device does). They don't combine the decryption keys with the encrypted data, your device does.
Look buddy, I'm not lying. Google's server at passwords.google.com composed an html web page containing my plaintext passwords and sent it to me. Not decrypted by my browser after combining it with a locally stored key. Decrypted on and by Google's server. It's not wrong. It's not false. It happened just like that.
You did authorize, you just didn't read the fine print.
I always read the fine print. I'm that guy. I don't always go searching the menus for bad defaults but I always read everything they bother to tell me I'm agreeing to. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/