The latest Google Chrome update is under consideration to identify potential privacy concerns.
Chrome 80 implements a new browser feature called ScrollToTextFragment, which allows direct links to web documents. ScrollToTextFragment allows Google to link a single word of text and its position on the page.
You might be thinking, “Google doesn’t already do that?”
Yes, but this feature has always been dependent on an anchor created by the site owner. ScrollToTextFragment does not require an anchor, which means that anyone can link to a specific part of the text within a document.
Google provides the following example:
“For example, the URL:
[https://en.wikipedia.org/wiki/Cat#:~:text=On islands, birds can contribute as much as 60% of a cat’s diet]
This loads the page for Cat, highlights the specified text and scrolls directly to it. “
Google says this is useful, as it “will allow the link creator to specify which part of the page is interesting, without relying on the author’s annotations.”
What is the concern?
While it is true that ScrollToTextFragment can be useful, privacy experts claim that it can also be exploited.
Peter Snyder, a Brave Browser privacy researcher, says in a statement in Forbes:
“Consider a situation where I can view DNS traffic (e.g. Corporate network) and send a link to the corporate integrity portal with [the anchor] #: ~: Text = cancer. On some page layouts, I may be able [to] tell if the employee has cancer by looking for the resources on the lowest required page. “
Snyder doubles on this topic in a tweet where he says ScrollToTextFragment crosses a line that should never be crossed:
Imposing privacy and security losses on existing sites (many of which will never be updated) REALLY should be a “don’t break the web”, never cross, redline. This specification does it.
– pes (@ pes10k) February 18, 2020
Prior to the release of Chrome 80, privacy concerns had been raised, but it was still shipped anyway. In a comment on Github before publication, Mozilla’s David Baron said:
“My high-level opinion here is that it is a really valuable function, but it could also be one where all possible solutions present important problems / problems. So I think the question we should think about is how the problems of the solution choice here they deal with the problems of other options and how they compare with the value of functionality. “
In the same Github thread, Chromium engineer David Bokan says that security concerns were discussed but it was decided that ScrollToTextFragment would be shipped without an opt-in. An option for renunciation can be introduced in the future:
“. We discussed this and other issues with our security team and, to summarize, understand the problem but disagree on the severity, so we are continuing to allow this without requesting membership (although we are still working on adding a opt in / out). “
Currently, ScrollToTextFragment is supported only by the Chrome browser.