MacInTouch Amazon link...

web browser security

I've been using macOS 10.12.6 Sierra and the latest version of Safari it supports and every so often I get the following error message when I try to access Google:
Safari Can't Open the Page
Safari can't open the page "https://www.google.com" because Safari can't establish a secure connection to the server "www.google.com".
If I wait a while and try again later then it starts working again.

This also happens with the latest Firefox, except I see this:
Your connection is not secure
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
I'm not clicking on some skeezy link, but have typed in the website URL manually in the address bar.

I don't see this happening with Safari and Firefox on Mac OS X 10.6.8 Snow Leopard on the same network. Anyone have any ideas how to fix this? I'm assuming this is something stupid Apple is doing to protect me from myself.
 
Last edited by a moderator:


FWIW, I had this happen several times when I tried logging on to my bank's site. After a bit of digging, I found that it was caused by my AV program (Avast) blocking access. Once I whitelisted the site in Avast, the problem was gone. Hope this helps.
 


Thanks. The AV software I have running is ClamXAV. I don't believe it checks websites. I do have AdBlock Plus, Ghostery, and uBlock Origin running, but only in Safari, since I don't use Firefox that often except when a site won't work with Safari.
 
Last edited by a moderator:


Thanks. The AV software I have running is ClamXAV. I don't believe it checks websites. I do have AdBlock Plus, Ghostery, and uBlock Origin running, but only in Safari, since I don't use Firefox that often except when a site won't work with Safari.
I neglected to mention in my original response that my OS is 10.6.8, 'Snow Leopard.' Sorry for the oversight.
 


This also happens with the latest Firefox, except I see this:
Your connection is not secure
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
I've occasionally seen Firefox put up an alert box like this for a website -- a lesser-known or niche site, but not something obviously sleazy -- and I'm not running any real-time antivirus, so that can't explain it. (I am running uBlock Origin with a bunch of filter subscriptions, but I doubt if it puts up alerts like that; it just blocks things as far as I know.) The URL may be using https, so that can't be the explanation either.

When I see that warning, I don't know whether to proceed or not. I wish Firefox explained a little more. I have recently discovered that you can pre-check a URL by entering it into VirusTotal.com (in the past I only used it for uploading files to be checked), but I don't know how reliable that is either.
 


Ric Ford

MacInTouch
I have recently discovered that you can pre-check a URL by entering it into VirusTotal.com (in the past I only used it for uploading files to be checked), but I don't know how reliable that is either.
I use VirusTotal for this, too, but I don't count on it much, as it often fails to flag as a problem URLs that have been sent in spam. I get the feeling that it only flags really bad malware and that it takes a while for that to get into the databases it references.
 


When I see that warning, I don't know whether to proceed or not. I wish Firefox explained a little more.
I think you can click on an icon in the location bar to view the security status of the page you're viewing, which will include a link to view its certificate. You should be able to find sufficient information to know if it's because the certificate expired, if it appears to be counterfeit, if it is intended for a different web site or some other kind of failure.

Most of the time when I see this it's one of a few cases:
  • Certificate expired. The owner of the web site forgot to replace it with a new one. I usually ignore this situation and proceed normally
  • URL doesn't match the certificate, but it does match something related. For example, I visit foo.example.com but the certificate is for bar.example.com. This usually happens because the site reorganized the content and didn't (yet?) take the steps necessary to update all the required certificates. I may or may not ignore this depending additional information, including what the site is for and what I need to do there.
  • URL doesn't match the certificate and is completely unrelated. I usually only see this when I'm at a hotel and their Wi-Fi is trying to redirect me to a log-in screen. For some reason, redirection of HTTPS URLs usually fails - it is trying to load the log-in screen but with the certificate of the original site, so it fails. After I log in to the Wi-Fi (using an HTTP URL), it works fine. If I see this in other circumstances (which I never have) then it probably means that the site has been redirected to a malicious site has otherwise been corrupted. Do not ignore this problem.
  • The certificate is for the web site, but the chain-of-trust back to the root CA fails. In general, you should not trust the site, because it means the certificate could be forged. The only exception to this I've run across was a case where an employer (a big corporation) had his own intermediate CA certificate and was generating his own certs. I needed to add the corporate CA cert to my computer in order to get them to validate.
  • Self-signed certificate. The certificate is valid, but the root CA is unknown to your browser. It might or might not be safe, but you should assume it is not unless you have specific reason to assume otherwise.
 


I notice when entering credit card numbers during purchasing online, Google Chrome (not sure if Safari does this) will pop-up a request to save the credit card information. Is there a way to turn this feature off, and not have the browser logging this information... so directly?
Does not this process also lead to a whole 'nother layer of privacy/fraud vulnerability?
Is this key-stroke logging, for a want of a better term, getting archived by Google?
 


I notice when entering credit card numbers during purchasing online, Google Chrome (not sure if Safari does this) will pop-up a request to save the credit card information. Is there a way to turn this feature off, and not have the browser logging this information... so directly?
Does not this process also lead to a whole 'nother layer of privacy/fraud vulnerability?
Is this key-stroke logging, for a want of a better term, getting archived by Google?
I'm not positive about CC numbers, but I think it falls under the "Autofill" options. Go to Preferences (Settings):Advanced:Privacy and Security:Autofill Settings. You can turn it off there.

Also, you might want to turn off the option to save passwords. It is also under the Privacy and Security settings as "Manage Passwords". Select that section and turn the option off.

Certainly turning off both of these options should rid you of the annoying prompts.
 


Does not this process also lead to a whole 'nother layer of privacy/fraud vulnerability?
Not really. I suppose if you aren't paying attention and are on a phishing site, rather than the one you meant to give your credit card to, you might allow it to autofill, but if you did, then you would probably just go ahead and enter your card number anyway. The only thing autofill does is save time.
 


Not really. I suppose if you aren't paying attention and are on a phishing site, rather than the one you meant to give your credit card to, you might allow it to autofill, but if you did, then you would probably just go ahead and enter your card number anyway. The only thing autofill does is save time.
You should check carefully to see if the request to save information is coming from the browser or from the web site. Many web sites also ask to save your credit card number, and from my experience, I suspect some sites save it without asking.
 


On another subject, and sorry if this has already been discussed elsewhere: Is anyone else having an issue installing Chromium_OSX_67.0.3396.87 from SourceForge? Installation goes smoothly, but an attempt to launch the app fails with an "unidentified developer" warning. I assume this is a code-signing issue, and I know how to get around it, but I haven't had this issue with previous versions of Chromium. I'm sticking with the previous version (Chromium_OSX_67.0.3396.79) for now.
 


I have had my MacBook Pro 2012 Retina repaired (graphics chip …), so they replaced the logic board, the SSD was transferred and is the same, all the data still here. Now when I try to log in into one of the websites (also MacInTouch), it does not find the passwords anymore - which is very annoying now with the more secure passwords I have been using. Any clues why this might happen and how to cure it? I do not find them using keychain access in the login keychain (searching for the respective web site).
 


You should check carefully to see if the request to save information is coming from the browser or from the web site. Many web sites also ask to save your credit card number, and from my experience, I suspect some sites save it without asking.
In this case, the pop-ups have seemed to be a Google Pay (?)-type pop-up that appears in the upper right of the page - it seems to have had a Google icon.

I did not take a screen shot, but it is a different presentation than the web site asking to save a card for future activity. At some point, I will pay more attention and try to grab a screenshot, but it does suggest that some Google payment protocol is ready to save the number... thus, it has tracked or logged the number in its sights, so to speak.
 


On another subject, and sorry if this has already been discussed elsewhere: Is anyone else having an issue installing Chromium_OSX_67.0.3396.87 from SourceForge? Installation goes smoothly, but an attempt to launch the app fails with an "unidentified developer" warning. I assume this is a code-signing issue, and I know how to get around it, but I haven't had this issue with previous versions of Chromium. I'm sticking with the previous version (Chromium_OSX_67.0.3396.79) for now.
Not having that issue here. Chromium_OSX_67.0.3396.87 downloads and installs normally. Mid-2012 MacBook Pro running El Capitan 10.11.6 with all updates applied.
 


I'm not positive about CC numbers, but I think it falls under the "Autofill" options. Go to Preferences (Settings):Advanced:Privacy and Security:Autofill Settings. You can turn it off there. Also, you might want to turn off the option to save passwords. It is also under the Privacy and Security settings as "Manage Passwords". Select that section and turn the option off.
Not sure if it is still a 'feature' in Chrome, but turning them off makes Chrome not show anything on the deeper "manage passwords"/"saved addresses/cards" options (or delete doesn't work right - I forget the exact failure mode). If you don't want Chrome to store stuff it already has, then remove first and then turn "save stuff for me" options off.

All of the major browsers essentially have password managers built-in at this point. On a new install or major upgrade, it is prudent to go back and see if these are still off, if you don't want to use them.
 


I'm not positive about CC numbers, but I think it falls under the "Autofill" options. Go to Preferences (Settings):Advanced:Privacy and Security:Autofill Settings. You can turn it off there. Also, you might want to turn off the option to save passwords. It is also under the Privacy and Security settings as "Manage Passwords". Select that section and turn the option off. Certainly turning off both of these options should rid you of the annoying prompts.
Just to confirm and clarify:
The issue at hand turns out to not have configurable settings as far as I can see - not related to Autofill, password save, or content/pop-up settings.

My example entails Google Chrome in which a G-Pay popup appears, offering to save the recently entered credit card info to one's Google Account.

What this means is, for example, when you enter your new credit card payment info to Netflix, or New Yorker Magazine, or the Washington Post, or wherever, that you do not have an exclusive i.e. secure connection, to your venue of choice's server!

Thus a second server has, and holds, presumably, vital privte data and is, essentially, vulnerable to whomever's hack'pertise-du-jour.

It also does not appear to have anything to do, specifically, with extensions, for, in my case,
the only extensions in operation are the Chrome apps: Doc, Sheets, and Slides.
 


A client uses government and non-profit websites with Flash for their business. Sites like these often don't have the money to upgrade to current web technologies. Once Chrome 69 is out users will have to constantly allow Flash. I think it's draconian to punish end users who need to access legitimate websites using Flash.
Ars Technica said:
Chrome 69 will take the next step to killing Flash, roll out new design
Chrome started deprecating Flash in 2016, defaulting to HTML5 features and requiring Flash to be enabled on a per-site basis. Currently, that setting is sticky: if Flash is enabled for a site, it will continue to be enabled across sessions and restarts of the browser.

That changes in Chrome 69—Flash will have to be enabled for a site every time the browser is started. This means that Flash content will always need positive, explicit user permission to run, making the use of the plugin much more visible—and much more annoying.
 


A client uses government and non-profit websites with Flash for their business. Sites like these often don't have the money to upgrade to current web technologies.
I find that hard to believe. The technology to switch to HTML5 is very inexpensive and it's been available for ten years now. Adobe admitted long ago that Flash is too vulnerable for them to continue supporting it and all browsers and OS's have been progressively moving to limit and eventually eliminate it over time.

If anybody is punishing end users, it's those websites that are too cheap or lazy to do what's best for their customers. I'd guess that a majority of those users have been hit with either an attack because of an unmatched Flash bug or tricked into using a malware installing fake Flash Player updater at least once in their lifetimes.
 


I find that hard to believe. ...
But sadly it's true. A few years ago I contacted a government agency whose site worked with only Internet Explorer in Windows XP. They knew how dysfunctional the site was, but they had zero funding to update the site. Being a bureaucracy meant that a simple site update required its own bureaucracy, which would cost an order of magnitude more than the web developer who does the actual work. Since you can't fight city hall, I setup one user's Mac with VMware running XP just for that one web site.
 


A client uses government and non-profit websites with Flash for their business. Sites like these often don't have the money to upgrade to current web technologies. Once Chrome 69 is out users will have to constantly allow Flash. I think it's draconian to punish end users who need to access legitimate websites using Flash.
It isn't really draconian at all. You clipped out the core salient issue.
This effort will come to an end in 2020, as that's when Adobe is going to stop developing the Flash plugin entirely.
Those sites have a problem. Right now it is just easy/convenient to ignore.

At that point, those other websites will be actively deploying unsupported code (no security fixes , etc.). Folks right now are kicking the can down the road. This "one extra' click is really not all that painful/punitive (if you start the browser in the morning and run it all day, it is just once a day). For sites that will only make fixes when there is a crisis, then generating demand/attention to the 'fire' becomes necessary. When fixes are almost completely number-of-complaints-driven, then this is part of the process.

Virtual machines with an old OS/browser combo is one way. However, there are unsupported ways of running two Chrome installs. Wrap an old version of Chrome with a script named "Unsecure Govt Website" and let folks just invoke that when they want to. It is a bad practice long-term to mix the old and very unsecure with the new and kept up to date. The users should be actively, consciously engaged with the unsecure options. They shouldn't be normalized.
 


A client uses government and non-profit websites with Flash for their business. Sites like these often don't have the money to upgrade to current web technologies. Once Chrome 69 is out users will have to constantly allow Flash. I think it's draconian to punish end users who need to access legitimate websites using Flash.
I've been using Adobe Captivate for several years to produce narrated training slideshows, and have yet to achieve the vector-based scalability provided by Flash with any HTML5-based tools. Even the very latest CC edition of Captivate renders each slide as a PNG image if HTML5 is the chosen publication medium. All text in each originally-PowerPoint slide is rendered in that bitmapped image, in all of its unnecessarily-rasterized, anti-aliased "glory". The rasterization actually really is necessary, because the big A have seen fit not to replace the truly-scalable, vector-based output of Flash with anything really useful.

The text in the HTML5 output doesn't look terrible, except when you compare it to the text in the Flash-based output, which, because it persists as vector-based text, is scalable to any size, remaining sharp as a tack.

But Flash is essentially gone, so what's a poor narrator to do? I've experimented with various Web-based slideshow tools and methodologies, including some very simple ones (in and of themselves), but nothing has come close to the push-a-few-buttons-and-get-slightly-blurry-going-forward-output simplicity of Captivate.
 


... At that point, those other websites will be actively deploying unsupported code (no security fixes , etc.).
Agreed. The example I gave of the site supporting only Windows XP and Internet Explorer may be the worst case, but it is not unique. Although XP and IE were outdated and unsupported, the government agency did not, and said they could not, update their website. They told us to keep an old, insecure XP PC online just to access their site.

Ironically, some of these sites are subject to HIPAA and are clearly not in compliance. The agencies know that, but without funding they cannot fix it. Yes, it will come to a head someday. Judging by my experience with politicians and bureaucrats the fix will come after the data breaches and other IT disasters occur.
 


...If anybody is punishing end users, it's those websites that are too cheap or lazy to do what's best for their customers...
I recently decided to actually use Comcast/Xfinity's "Stream" at their website, to watch a show on my Mac. I was immediately told
To enjoy a full range of entertainment, enable your Flash Player. It's easy. Just click the button below then select "Allow" when the pop-up window appears.
Same message on any browser. I opted to not "Allow."

Interestingly, I can access all the same video with Xfinity's Stream app on my iPad Air2, so the non-Flash content is there for the getting, just not on an actual computer.
 


Interestingly, I can access all the same video with Xfinity's Stream app on my iPad Air2, so the non-Flash content is there for the getting, just not on an actual computer.
A possible solution: in Safari you can enable "Developer Menu" in the menu bar. Doing this you can select how Safari presents itself to servers. Selecting "User Agent/iOS/iPad" may allow you to view your Comcast Streams on your Mac.

Display the Develop Menu in Safari
  1. Launch Safari, located at /Applications/Safari.
  2. Open Safari's Preferences by selecting 'Safari, Preferences' from the menu.
  3. Click the 'Advanced' tab.
  4. Place a checkmark next to 'Show Develop menu in menu bar.'
 


A possible solution: in Safari you can enable "Developer Menu" in the menu bar. Doing this you can select how Safari presents itself to servers. Selecting "User Agent/iOS/iPad" may allow you to view your Comcast Streams on your Mac....
I've always had the Developer menu active and have used the User Agent option for other reasons. I am not really all that concerned about viewing Comcast content on the Mac but wondering why, considering all the negatives, they even still use Flash as the format for streaming content for "desktop" browsers while providing the alternative for iOS devices.

Comcast Internet makes a big promotional deal about offering their customers online security and AV software, but yet Flash persists on their streaming video platform.
 


Ric Ford

MacInTouch
I am not really all that concerned about viewing Comcast content on the Mac but wondering why, considering all the negatives, they even still use Flash as the format for streaming content for "desktop" browsers...
I'm no Flash expert, but it seems to be very, unfortunately, popular for a variety of content from online streaming media to documents created for customers by critical financial firms. Ugh. I think its ubiquity may stem from this "feature":
Adobe said:
Protecting online video distribution with Adobe Flash media technology
... Content protection solutions help create and preserve revenue streams, maintain copyright, and preserve content integrity or privacy. For instance, hackers may attempt to bypass payment in a pay-per-view model. Others may try to rip your content for redistribution. Worse, someone could try to make money from pirated content, or may introduce their own advertising or branding but skip paying content licenses or bandwidth fees by piggybacking on your distribution platform. In an enterprise situation, a disgruntled employee may be tempted to post valuable or private company information on public video sites.

Finding the right balance between user experience and content protection is critical. Adobe offers a number of solutions to help secure online video...
 


... I am not really all that concerned about viewing Comcast content on the Mac but wondering why, considering all the negatives, they even still use Flash as the format for streaming content for "desktop" browsers while providing the alternative for iOS devices.
One factor is probably that the number of Windows XP + Vista + Win7 users that are using the original browser their system came with (Internet Explorer) is probably at least as big (if not bigger than) the Mac group. The "desktop" folks are all in the same pile. The iOS solution is in the same pile as the Android folks (Flash generally not available and resolution/speed different).
Comcast Internet makes a big promotional deal about offering their customers online security and AV software, but yet Flash persists on their streaming video platform.
Another example of "if it ain't broke don't fix it", where 'broke' rigidly means still working. It still works for a trailing-edge set of their users. In terms of bulk usage, though, that group is probably relatively small (more streamers on iOS/Android than Mac/Win desktops and laptops at home).

The trailing edge folks are exactly who you want to give security and AV software to, because their OS is probably isn't kept up in security upgrades. (Won't cut off those AV solutions either, until they have an excuse from the vendor that they are not supported anymore - "It is not us, it is them" support mantra. )

When Comcast cuts off the trailing-edge folks, there will be a bunch of complaints. Right now, it is easier to kick the can down the road. If Internet Explorer were 'barking' at those trailing-edge edge folks, too, then it would be a higher priority. It won't, so Chrome is enlisting the folks on newer stuff, which will raise the priority from a different group.
 


I've been using Adobe Captivate for several years to produce narrated training slideshows, and have yet to achieve the vector-based scalability provided by Flash with any HTML5-based tools. Even the very latest CC edition of Captivate renders each slide as a PNG image if HTML5 is the chosen publication medium. All text in each originally-PowerPoint slide is rendered in that bitmapped image, in all of its unnecessarily-rasterized, anti-aliased "glory".
Aren't there options that don't start as a PowerPoint slide? The constraint here is far more in PowerPoint conversion than in lack of ability to do vector graphics in HTML5 + Javascript + web extensions. (For example, do Illustrator and/or InDesign --> Captivate have the same restrictions?)

Android browsers lagged on SVG support until 4.4.4 or so (and Chrome took over after that). Internet Explorer also slacked for a while ,but those (pre-9) IE browsers should be disappearing at a decent clip now (XP is more a liability these days than a desired target market).
 


Aren't there options that don't start as a PowerPoint slide? The constraint here is far more in PowerPoint conversion than in lack of ability to do vector graphics in HTML5 + Javascript + web extensions. (For example, do Illustrator and/or InDesign --> Captivate have the same restrictions?)

Android browsers lagged on SVG support until 4.4.4 or so (and Chrome took over after that). Internet Explorer also slacked for a while ,but those (pre-9) IE browsers should be disappearing at a decent clip now (XP is more a liability these days than a desired target market).
Thank you for the suggestions. I should have mentioned that these narrated slideshows all begin as PowerPoint presentations, which is not my choice but is not necessarily bad to begin with, for that matter.

Captivate very neatly gobbles the .pptx file and makes an infinite-resolution (just the text snd PowerPoint shapes, which is the bulk of the content, anyway) slideshow if the output is Flash, but an antialiased rasterized slideshow if the output is HTML5. Even if the source for the Captivate slideshow is SVG files (PowerPoint slide > EMF > Illustrator SVG), Captivate (the only easily supported outputter without getting into some creative meta-bureaucracy -- to which I'm not averse: I'm here asking, am I not? :-)) still rasterizes HTML5 output.

Although Captivate can't directly import Illustrator or InDesign files, it will import Illustrator's SVG output, and perhaps something similar InDesign-workflow-wise. The more convoluted the workflow becomes, though, the more discouraged I'm tempted to become. It shouldn't be this messy.

Again, I do very much appreciate the suggestions. I very much think that a solution is possible. I just want to make sure that it's easily reproducible from presentation to presentation, and with a minimum of multi-step mashups.
 


In the last two days two friends who use Firefox had their browsers hijacked. Both are running the latest version. Both got the typical situation where closing popups and dismissing dialogs simply resulted in more popups and dialogs.

I had the Mac user force-quit Firefox and relaunch it. Firefox saw that it didn't close cleanly and offered to restore the session. Of course, we didn't. He then cleared his history, and I haven't heard back.

The Windows user couldn't get out of Firefox. After some manipulation, I got Windows restarted without the malware. Windows Defender found Trojan:Win32:Poweresee.h, but it kept finding and isolating it, because it was reinstalling itself. I installed and ran Malwarebytes. It found 38 threats; I quarantined them and removed them. After a restart I ran Malwarebytes and Windows Defender - neither found anything. So, for this case, the score was: Malwarebytes 38, Windows Defender 1.
 


Ric Ford

MacInTouch
I'm no Flash expert, but it seems to be very, unfortunately, popular for a variety of content from online streaming media to documents created for customers by critical financial firms. Ugh. I think its ubiquity may stem from this "feature"...
And here's a description of the modern alternative:
Mozilla said:
Update on Digital Rights Management and Firefox
A year ago, we announced the start of efforts to implement support for a component in Firefox that would allow content wrapped in Digital Rights Management (DRM) to be played within the HTML5 video tag. This was a hard decision because of our Mission and the closed nature of DRM. As we explained then, we are enabling DRM in order to provide our users with the features they require in a browser and allow them to continue accessing premium video content. We don’t believe DRM is a desirable market solution, but it’s currently the only way to watch a sought-after segment of content.

Today, Firefox includes an integration with the Adobe Content Decryption Module (CDM) to playback DRM-wrapped content. The CDM will be downloaded from Adobe shortly after you upgrade or install Firefox and will be activated when you first interact with a site that uses Adobe CDM. Premium video services, including Netflix, have started testing this solution in Firefox.

Because DRM is a ‘black-box’ technology that isn’t open source, we have designed a security sandbox that sits around the CDM. ...
 


I found this while reading an article that Google wants to eliminate URLs. The example is https://www.xn--80ak6aa92e.com (it's safe to visit this). Both Safari 11.1.2 and Google Chrome 69.0.3497.81 display the original URL. Firefox 62.0 displays www.apple.com (a fix is below, it works in 62.0).
Xudong Zheng said:
Phishing with Unicode Domains
Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. ...

From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn–pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0061). This is known as a homograph attack.

Firefox users can limit their exposure by going to about:config and setting network.IDN_show_punycode to true. This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains.
 




Is Safari more or less secure than Chrome, which I believe stores private data such as
website logins, and credit card data in their "cloud"?
 


Is Safari more or less secure than Chrome
I would have to say that Safari is more secure, based mostly on the differing philosophies and business focuses of Apple and Google, but that's probably debatable. Every year at Hackathon the participants find flaws in both but seem to focus on trying to pwn Safari, based apparently on its reputation.

There are options which do allow passwords and credit card data to be stored in Apple's iCloud, but they are strongly encrypted, and Apple has stated many times that they are unwilling and unable to harvest any private data.
 


There are options which do allow passwords and credit card data to be stored in Apple's iCloud, but they are strongly encrypted
Google offers an option to store and sync passwords without Google holding the encryption key. This seems more secure than using a Gmail login, though less convenient. It does mean that if your Google account is hacked, the hack won't yield your passwords. I'm not sure how that compares with how the iCloud Keychain works.
Google said:
Keep your info private
With a passphrase, you can use Google's cloud to store and sync your Chrome data without letting Google read it. Your payment methods and addresses from Google Pay aren't encrypted by a passphrase.
As to comparative browser security, I vote for Firefox, if for no other reason than the relatively new Firefox Multi-Account Containers.
Mozilla said:
Firefox Multi-Account Containers
Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.
and
Mozilla said:
Facebook Container
Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.
I've also been using Mozilla's Firefox Send, which, while it is a Firefox service, seems browser-agnostic and allows registration-free sharing of files up to 1 GB, and with a Firefox Account, up to 2.5 GB.
Firefox said:
Firefox Send
Simple, private file sharing - Firefox Send lets you share files with end-to-end encryption and a link that automatically expires. So you can keep what you share private, and make sure your stuff doesn't stay online forever.
 



Why does Firefox always set Google cookies, no matter how I set privacy or use a cookie blocker? Are these cookies worrisome?
Need more specifics to answer the question with certainty.

If you're using Google's services, Google will set cookies. You may be able to block them on Firefox using "Private Browsing" or in Firefox > Preferences > Cookies and Site Data > Manage Permissions.

In the Manage Permissions entry field, you'll need to be pretty exact. For example, blocking
http://accounts.google.com​

may not have the same effect as blocking
https://accounts.google.com​
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts