User Controls

Is autofill a security risk?

  1. #1
    SBTlauien African Astronaut
    Sometimes my browser will automatically fill out forms that have my name, username, password, address, dog, ssn, and other info as well.

    Some forms appear to only have fields for my name and username. I let it fill them in because it looks like I'm not disclosing much personal information.

    Couldn't these sites have hidden feilds(maybe covered by an image or something) and collect info that I don't want to submit?
    The following users say it would be alright if the author of this post didn't die in a fire!
  2. #2
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    Originally posted by SBTlauien Sometimes my browser will automatically fill out forms that have my name, username, password, address, dog, ssn, and other info as well.

    What kinds of forms are you filling out???

  3. #3
    SBTlauien African Astronaut
    Originally posted by gadzooks What kinds of forms are you filling out???


    Registration forms.
  4. #4
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    Originally posted by SBTlauien Couldn't these sites have hidden feilds(maybe covered by an image or something) and collect info that I don't want to submit?

    Hidden form fields don't even need to be "covered by anything" to be hidden. Hidden form input fields are actually a pretty common thing.

    Misusing them, though, I haven't heard of it being done in the way you're talking about (e.g.: via autofill), but it would all depend on how autofill works, and I actually haven't put much thought into it until this thread, tbh.
  5. #5
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    You might actually be on to something here.

    I might actually be more cautious about which sites I use autofill on from now on.
  6. #6
    SBTlauien African Astronaut
    Originally posted by gadzooks Hidden form fields don't even need to be "covered by anything" to be hidden. Hidden form input fields are actually a pretty common thing.

    Misusing them, though, I haven't heard of it being done in the way you're talking about (e.g.: via autofill), but it would all depend on how autofill works, and I actually haven't put much thought into it until this thread, tbh.

    I say hidden behind an image because the browser may not fill them out if they are set to be hidden...maybe as a security precaution.
  7. #7
    whoami Tuskegee Airman
    nigger
  8. #8
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    Originally posted by SBTlauien I say hidden behind an image because the browser may not fill them out if they are set to be hidden…maybe as a security precaution.

    Technically, either type can be manipulated...

    Whether set to be truly hidden elements, or just visually impossible/difficult to locate.
  9. #9
    Sophie Pedophile Tech Support
    Auto-filling forms could be considered a security risk. I personally don't do it. For one the data is stored in your browser, if your browser is compromised, so is this data. Secondly you're basically fucked anyway if an adversary has access to your physical computer, but say you have a friend over, and he wants to use your computer to do whatever, well, if you always auto-fill forms he can now stumble into things you'd maybe wanted to have kept private. Your friend is not your adversary per se. But if privacy is important to you these are some of the things you may want to consider.
Jump to Top