Google Chrome and Microsoft Edge both come with advanced spellcheck tools: But because they are advanced (they help you with more than just spellcheck), all the processing for the grammar and language suggestions happens on their servers. According to a study by Otto, these services are transferring basically anything you write, in plain text, to Google or Microsoft servers—including passwords revealed when you click the “Show Password” button, as this video demonstrates:
Sure, this is Google and Microsoft we are talking about. They’re big companies that take privacy seriously, and aren’t interested in hacking your Dropbox account. That said, this is still a glaring oversight, and a bad thing for user privacy. According to the same report by Otto, password managers like LastPass have already released a fix, but that doesn’t solve the browser’s problem.
Thankfully, these features aren’t enabled by default, so if you use your browser as it comes, you should be safe. However, if you are using Chrome’s Enhanced Spell Check feature, or the Microsoft Editor in Edge, you need to disable them right away.
In Chrome, enter the following text in the URL bar to end up at the right place: chrome://settings/?search=Enhanced+Spell+Check
Next, disable the “Enhanced Spell Check” feature.
On Microsoft Edge, the Microsoft Editor works as an extension. Click the Extensions icon from the toolbar, and go to the “Manage Extensions” section. Find the Microsoft Editor extension and tap “Remove.” From the popup, tap “Remove” again.
Until Microsoft and Google update their products with a basic level of text encryption technology, we suggest you stay away from these advanced spellcheck or grammar tools. If you really want help with your writing, we suggest you use the web editor from Grammarly or Hemmingway Editor.
[Otto via BleepingComputer]
Read the full article here