Over the past couple months I’ve been held up on a regular basis by the fact that Chrome has been overriding my LastPass credential window with their own despite the fact that I’ve never given Chrome access to any of my sign in credentials, which means they’re just trying to be pushy and acquire those details.
This has been happening to me more often than I’d like, and it has really started to bug me. Why? A couple reasons. For one, I don’t want Google (as a company) perpetually scanning my form fields grabbing stuff I didn’t ask them to just because that’s their default status. And two, Google is prioritizing their Chrome credential services over others I willingly chose. This is simply a small demonstration of Google’s monopoly power that I would prefer not be in my life. So last week I decided it would be the last time.
My first step was to hit that little “Manage…” button Google has deprioritized at the bottom of their credential window to see where it took me. What I found out is that Google, as expected, has been keeping track of me very well. Upon arrival to the controls page, I found a list of “Saved Passwords” (duh) as well as a list of “Never Saved” passwords.
Hmm. Never Saved? At no point did I tell Google to create and store a list of websites I had logged into that they didn’t get access to but would like access to at some point in the future. Maybe in the Terms of Service/Privacy Policy I agreed to this, but who knows? Not the majority of us, and it’s just creepy.
After seeing this, I decided to dive deeper into my data console to see what else Google was storing about me that I might not have thought about. My next step was the “addresses” panel.
I thought this page would be interesting since I travel so much for work. Did it include only the address I gave Google in my Chrome settings? Was it only addresses I stayed at for X number of hours? Did it collect every place I’ve been? Was it collecting addresses I put into services across the web even though I didn’t tell Chrome to store this information? I was curious, especially after finding out about the “Not Saved” passwords database.
What I found was a long list of addresses, many of which were directly related to me and were addresses I’d clearly entered into the browser at one point or another, for various reasons. However, I also found several other pieces of information I did not expect and that actually were a bit creepy even to me, someone who spends his days trying to de-creepy the web.
For one, there’s my mom’s info. This was interesting. Maybe I entered this? Maybe it was in my contact information stored somewhere on my phone? Maybe it was scraped from an email or a purchase I made somewhere at some point? Who knows. I’m sure it wouldn’t be hard to link my mom and I to each other based on my internet activity. So while this was interesting, I wasn’t overly disturbed. I continued on.
Further down the list I found other, more unsettling revelations about what Google knows about me. It turns out Google has info connecting me to my grandma (on my dad’s side) who’s alive and well but has never had the internet, and my grandpa (on my mom’s side), who recently passed away in March 2019 and also never had the internet.
This was disturbing for several reasons, the biggest of which being that neither of them had ever logged onto the internet in their lives. Neither even had the internet in their homes their entire lives! Beyond that, Google knew their exact addresses and their middle initials. I couldn’t even have told you those things about my grandparents. Sure, I could drive you to their houses, but I couldn’t tell you their address off the top of my head. And lastly was the format of the data entry. The all-caps address on my grandpa’s account really threw me off because it made me feel as if the info was machine processed at one point or another, because I don’t enter information in all caps anywhere except in my handwriting, on paper. After seeing this, I began to investigate how Google might have 1) gained access to this info and 2) connected it to me.