Google Chrome users who read my blog, have voiced concerns on a number of occasions recently about the AutoFill feature. Let’s take a look at this feature (which has been around for over a year now) and answer some of the privacy and security issues as well as show you how to turn off the AutoFill feature.
The first time you fill out a form, Google Chrome automatically saves the contact information that you enter, like your name, address, phone number, or email address, as an Autofill entry. You can store multiple addresses as separate entries including all important credit card information, which AutoFill will insert into a form, all in one click. What’s the big issue here? You’ve guessed right – storage of credit card data.
Here is a typical scenario – You fill out an online form and the autocomplete feature pops up with your name – you select your name and allow Chrome to fill out the form for you with your name, address (including post code) and email address. These are the three most common form field fillers. I know, you are thinking, what is wrong with that, most other websites offer this functionality and the AutoFill capability – right? Well, Chrome is slightly different to other browsers in that there are lots and lots of hidden fields hidden from your view as opposed to the displayed fields you can see.
TIP: NEVER store credit card data with AutoFill!
I’ve been asked by my regular readers who use Chrome, to show you how to turn off the Google Chrome Form AutoFill feature. It’s actually very easy. See below.
Turning off Form AutoFill (autocomplete):
- Click spanner icon (top right)
- Personal Stuff
- Uncheck “Enable AutoFill to fill out web forms in a single click”
If you are even more security conscious, then you might want to consider clearing your Chrome browser cache:
- Click the spanner icon
- Under the hood
- Clear browsing data
An interesting ‘Privacy and Security Concern’ statement from the Chromium website “Autofill should not enter information into a text field which a program could potentially read unless the user has implicitly given consent to upload that information such as by selecting an item from a drop-down menu or hitting the submit button. Otherwise, a sinister person could construct a website with hidden form fields which harvest personal data by getting autofilled.”
Some solutions for managing AutoFill could involve enabling top level Form AutoFill i.e. name, address and email address but with Credit Card AutoFill and Passwords, both could also be automatic (possibly including an expiration date for ‘Autocomplete’ which isn’t the same as AutoFill) but should ask your permission to store the card data and passwords. One major issue I’ve posted about in the past is websites using evercookies to store auto-complete data – believe me some websites do this and you probably didn’t know that did you! You’d need to delete cookies from your system to remove this security issue. Have hackers looked to exploit the AutoFill for credit card and address data? Probably, but Google wouldn’t want to publish this type of vulnerability would they!
I think the statement above says everything you need to know about how careful you should be when using the Google Chrome Auto-Fill feature.
Safe surfing folks!