24 comments

[ 3.1 ms ] story [ 61.6 ms ] thread
(comment deleted)
I find this outrageous. It also applies to the text of all of my employer' emails (at least those managed in the mentioned web browser), according to a prompt (with no option to reject, IIRC) I read the other day.

Edit: sorry I should have captured that prompt! I am not able to remember what it said, it might have been from the company rather than the browser.

> It also applies to the text of all of my employer' emails

Yeah I'm going to need a source on that one, as far as I know spellcheck only sends individual words not entire emails.

Thanks for improving my knowledge on how spellcheck works. Still, should I assume that a list of words cannot be kept? It sound to me like a naive assumption in the current landscape.
That’s the Standard spell checker. The Extended spell checker — optional and tells you it sends text to Google/Microsoft — is the one mentioned here.

You can just switch to the normal spell checker which is entirely offline and works off a word list.

This is why I argue that TikTok is meaningfully no worse than Facebook, Google or Microsoft. They’re all collecting basically everything you put into them, keyloggers and all.

You can’t just single out one because it’s from China, imo.

But tiktok does much more than that. They collect the name of every document on your phone and every app that you have installed.
Wow that is crazy. Do you have a source for that for me to share by the way?
Go to their Privacy Policy page:

https://www.tiktok.com/legal/privacy-policy-us?lang=en

Click on "What information do we collect?"

Scroll down to the section "Information we collect automatically " and the sub-section "Device Information".

This is what it says:

    Device Information

    We collect certain information about the device you use to access the Platform, such as your IP address, user agent, mobile carrier, time zone settings, identifiers for advertising purposes, model of your device, the device system, network type, device IDs, your screen resolution and operating system, app and file names and types, keystroke patterns or rhythms,  battery state, audio settings and connected audio devices. Where you log-in from multiple devices, we will be able to use your profile information to identify your activity across devices. We may also associate you with information collected from devices other than those you use to log-in to the Platform.
One of the listed items is "app and file names".
They must be using exploits for that, then, since iPhone lets me know and control all my sensitive information like pictures, contacts, camera, etc!
Windows 10 does this more or less if you use it long enough without changing the recommend settings. FAANG is spyware.
It's wild how much various forces are trying to get me to hate China now. FUD on anything China.
Chinese people are cool but the Chinese government is objectively draconian and fascist. By trading with them we are showing our tolerance for such regimes.

Remember, it won't be long before Xinpang is getting the Putin treatment over Taiwan. Except you might be surprised how much we let slide in the end.

> "Chinese people are cool but the Chinese government is objectively draconian and fascist."

These days all but a very few of the so-called "developed" nations governments are "objectively draconian and fascist" to some degree and growing more-so daily…

The problem with tiktok isn’t the tech. It’s the content. They have pointed a fire hose of absolute garbage content at the population. And induced some kind of mass mental illness on people, especially kids.
From the article:

>The 'spellcheck' HTML attribute when left out from form text input fields is usually assumed by web browsers be true by default.

Text inputs. So what about inputs of password type?

MDN says this:

>If [the spellcheck attribute] is not set, its default value is element-type and browser-defined. This default value may also be inherited, which means that the element content will be checked for spelling errors only if its nearest ancestor has a spellcheck state of true.

https://developer.mozilla.org/en-US/docs/Web/HTML/Global_att...

So do browsers apply spellcheck="true" by implicit default to inputs with type of password?

'This attribute is merely a hint for the browser.' Browser can do what it wants with your inputs.
Well, sure. A browser obviously can do whatever with the inputs you give it. But what do they actually do?
Is this also true for Grammarly?
All of the companies I've personally worked at ban Grammarly for that reason. Some enforce it better (managed policies) than others (a wiki page no one bothers to check)
can we assume that the problem only happens when actually typing and not if you pasted sensitive text in the fields?
Worthless clickbait - both of these processes that send to external servers are opt in and very clear that it is doing what it’s doing. Also, no big company would intentionally try to store and use your passwords against you. They have no incentive to do this. This is security theater.
This is also sending your credit card information btw