Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Chrome Privacy IT Technology

Chrome Deploys Deep-Linking Tech in Latest Browser Build Despite Privacy Concerns (theregister.co.uk) 40

Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers. From a report: Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it's active, despite privacy issues that have been raised. "Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a 'don't break the web,' never-cross redline," he wrote. "This spec does that." The debate over the feature percolated last year on mailing lists and in GitHub issues posts and picked up in October when the team working on Chrome's Blink engine declared their intent to implement the specification. The feature rollout serves to illustrate that the consensus-based web standards process doesn't do much to constrain the technology Google deploys.
This discussion has been archived. No new comments can be posted.

Chrome Deploys Deep-Linking Tech in Latest Browser Build Despite Privacy Concerns

Comments Filter:
  • During the dot-com boom, I attended a one-evening presentation given by Douglas Engelbart, held at the University of Maryland. At the end, someone asked him what the "next big thing" after the web would be. Engelbart's response was deep-linking to specific text on a page.
  • Privacy Concerns (Score:4, Insightful)

    by DarkRookie2 ( 5551422 ) on Friday February 21, 2020 @11:52AM (#59751024)
    Chrome is just 1 big Privacy Concern. How is adding this change anything.
    • by Sebby ( 238625 )

      Chrome is just 1 big Privacy Concern. How is adding this change anything.

      That's why I avoid Chrome, or even Chromium-based browsers at all costs.

      Yes, I know Chromium is the 'basic' browser without all Privacy Rapists 2.0's [slashdot.org] crap, but I consider it "tainted" - for example, Brave knows about this new deep linking and can remove it, but would other Chromium-based browsers (MS Edge, etc.) notice/know to remove it too?

  • more info, pls (Score:5, Interesting)

    by jm007 ( 746228 ) on Friday February 21, 2020 @12:04PM (#59751048)
    read the article, still not clear to me how this is a privacy thing; the one lame example given seemed stretched pretty thin

    it's a way to specify in a URL/link which part of the text in a site you'd like to locate; this is different than the site author putting in an anchor tag with the '#' parameter

    how is locating text that is already being sent to the browser a privacy thing? if it shouldn't be read, don't send/include it on the site

    legit question, what am I missing?
    • Re:more info, pls (Score:4, Informative)

      by MagicM ( 85041 ) on Friday February 21, 2020 @12:16PM (#59751088)

      Imagine I run a website that serves ads. I know the ad company is shady and knows everything about my visitors. I also know the ad company will serve Trump ads to Republican visitors and Bloomberg ads to Democratic visitors.

      Now I can give visitors a URL that scrolls to "Trump" in one of my pages. I can also detect whether that scrolling happened via javascript (e.g. timers) or other ways (e.g. delayed-loading images or iframes). That means now I can tell whether my visitor is a Republican or a Democrat.

      Maybe this exact example wouldn't work this way, but it's the general idea.

      • What? That makes zero sense. You can make a website "scroll" to whatever you want using an anchor tag.

        • by augo ( 6575028 )
          Anchor is not sent to the server. But I guess it can be retrieved via Javascript and then sent to the server via Javascript.
          • The deep linking standard IS an anchor. It's not forwarded, but yes it's available through JS just like all anchor queries.
        • What? That makes zero sense. You can make a website "scroll" to whatever you want using an anchor tag.

          This "feature" allows scrolling (technically, direct navigation) to any arbitrary word/phrase regardless of whether there's an anchor at that location. So, navigation based on content, not markup.

          I'm still uncertain about the privacy affects of using this, but I believe it can be disabled in Chrome using the flag

          Enable Text Fragment Anchor.
          Enables scrolling to text specified in URL's fragment. – Mac, Windows, Linux, Chrome OS, Android
          #enable-text-fragment-anchor

      • by MagicM ( 85041 )

        Clarification: Imagine I run a news website that embeds ads from a shady third-party ad company.

        The result is that I, as the news-site-owner, get information about my visitors that otherwise only the ad-company has.

      • by Sloppy ( 14984 )

        Before this "feature" you could just have a Trump id/anchor, and give out links to #Trump. Wouldn't that be the same thing?

      • by vbdasc ( 146051 )

        So, you just robbed the ad company of their hard-earned data about your visitors. I fail to see the privacy concern here. At worst, you profited from a privacy breach someone else has already exploited.

    • Re:more info, pls (Score:5, Informative)

      by Ghostworks ( 991012 ) on Friday February 21, 2020 @12:32PM (#59751180)

      The goal of the feature is basically similar to "go to this page, then cntl+f for this text". One of the Google docs linked in the article suggests that for Chrome, that might even be the literal the implementation. The privacy concern is that the linked website would be able to detect the act of this automated scrolling, then infer roughly what text snippet was linked.

      (The Google doc mentions timing-based detection as a possibility, as well as scroll-event-based detection.)

      This sort of search is only worth doing if the snippet being searched for is relatively unique on the page, and thus has high information content. Because the user clicked on such a link rather than looking at a page from a web search, or even a link to the site at a high-level, the text is presumably very relevant to the link-follower. For example, you won't create a link with the text "from the" because it will misfire more often than not, but you mightfor something like "from the office of the Surgeon General".

      This also assumes that the attack is conducted by the linked site. That means this is a website you want to go to, but which you don't necessarily trust. That's actually a pretty safe assumption for any site in the age when everything is used to fingerprint the user for advertising purposes, and that information is then sold of. But the example of someone who you want to control the flow of information towards -- an insurance company, a customer, an employer, a competitor, a lawyer -- is also a solid one.

      An alternative attack is to use the linked page to infer something about the reader. An example is "if the page contains a string like "User Type: Admin", then the person who followed the link is a system admin that can be targeted for attack.

      An alternative attack is a cross-site search attack. The success/failure in finding the linked text leaks information. This can give you a yes/no on some questions like "did they receive an email from "hiring@snap.com"? (The trick is searching for link text "No messages matched your search" to indicate they did NOT receive such a message.)

      So far, they've figured out a few cases that demonstrate this can leak 1 bit (yes or no) of information, which is a privacy concern by not a security concern. More information could be leaked if a user action were not required to follow the link, which is not the case so far (but sounds like something easy to forget about over time).

      • by jm007 ( 746228 )
        thanks for the reply

        not to discount humanity's innovations of new ways to exploit/advance something nefarious, but those 'data leaks' seems fairly minor compared to many other issues of real privacy concern

        white hat uses seem fine for me, helpful even, for this; accepting a bit of risk or downside is usually how (my) life works; also, if it does become a concern, it would be trivial for a plugin or the like to strip such things from the URLs/sites your browser visits

        there's a part of me that thin
      • Re:more info, pls (Score:4, Insightful)

        by swillden ( 191260 ) <shawn-ds@willden.org> on Friday February 21, 2020 @05:30PM (#59752352) Journal

        This also assumes that the attack is conducted by the linked site.

        In which case the linked site could also have conducted the "attack" by providing an anchor to link to. Maybe I'm missing something here, but I'm really not seeing how this leaks even a single bit that couldn't be "leaked" in other ways with existing tech.

  • What it breaks (Score:5, Insightful)

    by fibonacci8 ( 260615 ) on Friday February 21, 2020 @12:13PM (#59751082)
    The illusion that client side security/filtering/privacy is good enough by itself. This is roughly as much of a privacy risk as people discovering they can get around badly crafted paywalls by using the print preview function of the browser.
  • This will cost you some privacy. On the other hand this will make us a little money.

    When you put it that way, it's clear what each party in this would prefer, but only one party gets to make the decision.

  • Let's fork the web? (Score:3, Interesting)

    by peppepz ( 1311345 ) on Friday February 21, 2020 @01:09PM (#59751348)
    Let's create a new stack to replace HTTP / HTML / JS. Those standards have become so complex and laden with unnecessary backward compatibility that they're effectively a barrier to entry to both software developers who would implement them, and to hardware / software platforms who would want to access the web.

    In addition, they are controlled by for-profit monopolist amoral companies who direct their development not towards maximizing the freedom of the users of the web, but rather in the direction of increasing their own profits and ensuring that their position of power remains unchallengeable.

    In the 90s Linux proved to the world that software developed for passion can smash the prospects of domination of even the most entrenched monopolist. Protocols are meant for achieving interoperability, not to limit citizenship. People don't need the same web that Google and Microsoft want, so why don't we just design our own? The IP protocol still gives us that freedom.

    (My first proposal is to restore the <BLINK> tag.)

  • How is "ScrollToTextFragment" more of a security leak than <a href="https://site.tld/page">(do a find on "target text fragment")</a>?

    So it does it automagically for you, rather than requiring you to cut, paste, and hit return. So what? Anybody can point you to the text at the "deep spot" and show you how to get there using the built-in text searching tools of existing browsers.

    When someone publishes a page he publishes the whole page, including its source code. There's nothing "secret" about a string buried in a tl;dr wall of text. So there's no "security leak" when someone linking to it points out the particular snippet he's linking to.

    • The contrived example given is sometime who can snoop on your DNS queries can infer where in the page you just clicked to from a search engine with these deep links containing your search query by the order of the DNS queries your browser makes, assuming it loads 3rd party content in the scrolled to view port first.

      Assuming they control your DNS server
      Assuming they know the exact content of the page your loading
      Assuming your computer hasn't already cached the DNS queries
      Assuming you're not blocking the 3rd

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...