It's very easy to be careless when implementing code. I'm not surprised that this happened. Complex interacting systems where we pull in lots of projects, means that extra care needs to be taken.
---
RT @lifewiretech
The extended spell checkers in Google Chrome and Microsoft Edge can leak sensitive information, once again highlighting our dependence on online services and features. lifewire.com/the-spell-checker
twitter.com/lifewiretech/statu

The recent twitter whistleblower revelations showed just how many coders have access to live data and code at one time.techcrunch.com/2022/09/13/twit

So you have complex systems interacting with one another with no one engineer understanding how the systems work. It's possible that the engineers involved had no idea of the vulnerability when they wrote the code.
theintercept.com/2022/09/07/fa

So they may not have realized they should create a workaround to bypass the password textbox. Why did the spell checker need to communicate back to base in the first place? For spell checking, why weren't the dictionaries local?

How many of our systems are more online connecting back to log our data, including what we type? Consumers are very used to interacting with hosted services now.

We've ended up with the idea of the Networked Computer proposed by Larry Ellison in the 90s. With our data being stored in centralized silos.
tedium.co/2018/04/12/larry-ell

There's a danger of coders using common features with very little idea of the additional functionality that may then expose sensitive data. There's a need to investigate where the code that implements certain functionality that may be used elsewhere in applications.

We also need to consider how much of our social networks and cloud systems rely on a common set of tools. With very little support being feedback to the folks who create widely used code.
xkcd.com/2347/

Take for example the node.js controversy last year, where a developer unpublished his node module that was used by thousands of projects.

zdnet.com/article/disgruntled-

A lot of these companies use FOSS code, but their business practices and strategy are very private. So we have very little transparency on how those systems interact with our data. Especially when you consider that Google is an ad business.

In our marketplace where the right ads need to appear in front of potential impressions, there more information that can be sucked up the better.

we will see more incidents like this. The early cultures of companies like Google, Facebook, and Twitter meant that there were always going to be risks to the stability and reputation of these companies.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community