r/privacy • u/opticaldesigner • Feb 19 '24
software Google Privacy Violation: Chrome capturing entire desktop without permission
I was reporting a webpage issue to Google when it prompted me to include screenshots it had already captured of both of my desktops (it showed large thumbnails). WTH is a web browser doing taking screenshots of other apps and data I'm privately using on my PC? Google is not granted permission to anything in my Windows privacy settings.
To see it for yourself, click the three dots in the upper right hand corner of Google Chrome, select "Help" and then "Report an Issue". A window will pop up for you to enter info. The screenshot of your desktops is shown there.
138
u/jauntypuppy Feb 19 '24
hardened Firefox is the way.
17
u/OtisLukas Feb 19 '24
The most private browsers possible already exist if dev teams would stop turning them into chrome.. once any private browser gets a good following they forget what the one thing they aren't supposed to do is...shit! It would be cool if they made one version that has no features just local bookmarks no option to sign-in or synch anything. Apps that don't make me sign in really get me going.
7
u/Not_Artifical Feb 19 '24
Try Firefox Focus. It isn’t exactly what you want, but it is closer than anything else I have come across.
2
124
u/MatrixFrog Feb 19 '24
It looks like that screenshot only exists on your local machine, and isn't sent to google or anywhere else unless you check the box to send it, and it's unchecked by default. Hard to be sure of course but that's the impression I get from the UI
9
u/barthvonries Feb 19 '24
The problem is that it doesn't ask before the screenshot is taken, so you can't be sure it doesn't take any at any moment of you using Chrome. If you are not prompted for permission, you wonder if it already does that anywhere else.
29
u/Arutemu64 Feb 19 '24
You're spoiling the fun /s
0
Feb 19 '24 edited Sep 12 '24
[deleted]
0
u/shaliozero Feb 20 '24
Yep. It's already able to grab it which it shouldn't, so doesn't need that checkbox to send it without permission.
33
93
u/HarlanCulpepper Feb 19 '24
Why are you using Chrome, OP?
23
Feb 19 '24
My thoughts exactly. He's out there using the absolute worst anti-privacy products, while still being a member of this subreddit. Makes no sense.
2
u/barthvonries Feb 19 '24
I didn't open the screenshot, but at the last company I worked for, Chrome was the mandatory browser besides Edge for internal stuff.
-10
Feb 19 '24
[deleted]
16
u/repocin Feb 19 '24
You can access Google translate through literally any browser if the need arises.
Need to translate an entire website? Just paste the URL into the translation box.
7
u/P_Jamez Feb 19 '24
Deepl.com gives much better translations, however does lack the translate a webpage functionality
1
u/mcnewbie Feb 19 '24
set your default search engine to duckduckgo and use !tr as a bang search.
type the word you want to translate in the url bar and add !tr, it takes you to google translate and auto-fills the box with the word you entered.
-1
-119
u/opticaldesigner Feb 19 '24
For the search engine.
65
u/crabgrass-5261 Feb 19 '24
Firefox uses Google Search by default.
Privacy soldiers prefer DuckDuckGo more often then Google, but Google is the default.
38
26
19
u/hsifuevwivd Feb 19 '24
Chrome's default search engine is Google. You can set Google as your default search engine in any other browser
8
8
33
u/Furdiburd10 Feb 19 '24
And thats why on linux the new wayland conpositor does not allow this by default :)
4
u/Ok_Bird8372 Feb 19 '24
How is it going with Yutani merger ?
1
u/lochness350 Feb 19 '24
Yutani
https://www.youtube.com/watch?v=6EtegGrPcp4 - the Yutani corporation along with Peter released this TED talk last year. The rise of AI is a hot topic in the boardrooms.
2
u/Big_Razzmatazz7416 Feb 19 '24
Oh lord, more CEOs circle jerking “AI”, the new blockchain buzz word. I swear 80% of being a CEO is spouting the latest buzzwords
2
-10
u/AugustusLego Feb 19 '24
Which Wayland compositor doesn't allow this? Or are you talking about that Wayland doesn't allow this?
13
u/Furdiburd10 Feb 19 '24 edited Feb 19 '24
i am talking about the fact you need to manualy enable an xdg desktop portal for the app to be able to record the desktop.
4
u/AugustusLego Feb 19 '24
You mean you need an xdg-desktop-portal that allows you to select the scope of what you allow capturing?
I thought that was just for when like calling a screen share picker from any app, since like screenshot utils (I use grim on hyprland), can work without asking for scope?
9
u/chrisprice Feb 19 '24
My understanding is long term such apps will either need permission or administrative privileges.
So Chrome could still do the same thing, but you'll get a request to let Chrome do something in terms of admin rights.
Wayland is slowly letting Linux adopt modern granularity with control, so screen share can be limited to a discreet app's window frames. This is also needed to finally get HD content from streamers into desktop Linux, since they need secure pipelining too.
But you are correct it's still a WIP.
1
u/citewiki Feb 20 '24 edited Feb 20 '24
You'll also need a sandbox to ensure the app doesn't ask a screenshot tool to take a screenshot via D-Bus
Edit: I checked and Chrome uses the portal on Wayland
45
u/bojack1437 Feb 19 '24 edited Feb 19 '24
Any application on Windows can take their own screenshot of the entire Desktop*.. This is nothing tricky that Google is doing.
That's just a Windows thing.
Edit: Corrected Window to Desktop
6
u/bojack1437 Feb 19 '24
For anybody following this, It does appear that at some point Windows 10 and of course subsequently 11. That the option was added to the privacy settings of Windows to allow you to restrict what applications can take screenshots and what they can take screenshots up.
By default though, all applications can take screenshots of the entire desktop.
4
u/The_Wkwied Feb 19 '24
It's not the window. It's obvious that an app can see itself.
The issue is that chrome has the ability to screenshot your entire desktop and all your open windows
20
u/bojack1437 Feb 19 '24
Again, that's a Windows OS thing... Any app can do that. There's no restrictions on it.
-3
Feb 19 '24
[deleted]
6
u/bojack1437 Feb 19 '24
It's been this way forever. There were never any restrictions on applications being able to take a screenshot of the desktop in Windows.
-1
Feb 19 '24
[deleted]
6
u/bojack1437 Feb 19 '24
.... Of course it can. It's the one that took the screenshot so why wouldn't it have access to access the screenshot that it just took.
-1
Feb 19 '24
[deleted]
3
u/bojack1437 Feb 19 '24
Exactly why you shouldn't be running software that you don't trust.
But by default windows allows any application to do this.
Now since my first post I have discovered that starting with Windows 10 at some point you can restrict via privacy settings if applications are allowed to take screenshots. But by default they are because that's the way it's always been with Windows.
-1
Feb 19 '24
[deleted]
2
u/bojack1437 Feb 19 '24
Yes, again, it's been this way in Windows just about forever.
Just like any application that can screen record can do so without any explicit permissions.
Not exactly sure why this is news to anybody.
Again, the only bit of news is starting at some point with Windows 10. You now have a privacy option to prevent that. But by default just as it's always been the case, any application can screen record or take a snapshot of everything on the desktop.
1
u/CaptainKernel Feb 19 '24
Yes they can do that. Unless the new Win10 restrictions are turned on they can capture the entire desktop and do whatever they like, it's just data, a series of bits.
Source: I've been writing windows apps since 1990.
-4
u/dghughes Feb 19 '24
An app window vs the user's entire desktop are two very different things.
10
u/bojack1437 Feb 19 '24
I shouldn't have said window..
Any application on Windows can take a screenshot of the entire desktop. All monitors everything..
This is nothing special that Google is doing.
-4
u/vim_deezel Feb 19 '24 edited Mar 27 '24
piquant scarce encouraging zealous foolish consist ring unite cats shocking
This post was mass deleted and anonymized with Redact
5
u/bojack1437 Feb 19 '24
OP, implied that somehow Google was doing something nefarious by getting around some kind of restriction that allowed it to take a screenshot of the entire desktop.
The point is windows does not restrict any application from taking a screenshot of the entire desktop. Google is not doing anything nefarious by getting around any kind of restriction.
Yes, an application can choose to restrict itself to only taking a screenshot of it's window but it doesn't have to. Again, Windows doesn't restrict screenshots of the desktop in any way.
12
u/chrisprice Feb 19 '24
My understanding is the system screenshot is taken because sometimes capturing the Windows window-view frame can cause issues with capturing system level problems. It also has issues when Chrome spawns multiple windows.
Taking the full window, and then cropping it, is more likely to let the user crop what's really going on, and send it.
If you tell Chrome to crop the screenshot, it does, and only sends the cropped version to Google.
If you decide to send feedback to Google, keep this in mind so you don't waste their time, and cause them to tune out feedback even more.
0
Feb 19 '24 edited Mar 27 '24
[deleted]
1
Feb 19 '24
[deleted]
1
u/vim_deezel Feb 19 '24 edited Mar 27 '24
society exultant meeting rinse future soft onerous square unwritten lock
This post was mass deleted and anonymized with Redact
3
u/whoopdedo Feb 19 '24
Windows privacy settings
Those are a joke. And it only applies to sandboxed apps from the MS Store. Chrome is a desktop app and has full access to everything on your computer.
8
10
7
2
Feb 19 '24
Google does have permission to do this You gave them the go-ahead when you clicked accept while installing and not actually reading the terms of service. Plus this is not in violation of any of Windows privacy settings and is likely just sending a print screen function and pasting it into the box or doing something similar.
Considering the scenario you described it's likely a poorly thought-out bug report system intended to try and figure out what exactly was going wrong better than just seeing an error code but obviously can cause people to panic about privacy due to what they might have been viewing so they still give you the choice whether or not to submit that bug report
The screenshot is just taken and displayed locally on your machine until you actually submit the report
2
2
Feb 20 '24
Don’t use chrome. Firefox, Epic, Tor, or Brave. Epic only if you don’t care about losing some functionality and features in favor of no compromises on the privacy settings. It can break webpages because privacy isn’t a fundamental design consideration on the general internet.
2
u/Oneguysenpai3 Feb 20 '24
I just went through the privacy settings & the "screenshot access" is off. Chrome can still screenshot your screen.
I went to my registry HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureProgrammatic set to DENY. Chrome can still screenshot your screen.
Anything else i can do to really protect myself besides these fake Microsoft/Google settings toggles that don't do anything in reality?
2
u/opticaldesigner Feb 20 '24
A few people have said there's a privacy setting in Windows 10 that restricts which apps can take screenshots. Where is that? I'm using the desktop Pro version and don't see that option. Thanks!
1
u/Oneguysenpai3 Feb 20 '24
see my comment of what i went thru & chrome still can screenshot you.
i think they might be referring to setting->privacy & security->screenshot and apps->screen shot accessvery tired of microsoft's fake setting toggles that dont really do anything
4
u/aeroverra Feb 19 '24
Privacy settings on windows is funny. Windows doesn't sandbox it's apps in the same way a phone does. That's actually a really good thing for autonomy because you have more choices and power when using or coding an app however it also means it's easier for apps to violate your privacy if you choose to use the wrong app.
2
u/pakaschku2 Feb 19 '24
Give LibreWolf a chance. A hardened Firefox.
Chromium I only have to use for online Meetings where I have to share my screen anyway.
2
u/tehyosh Feb 19 '24 edited May 27 '24
Reddit has become enshittified. I joined back in 2006, nearly two decades ago, when it was a hub of free speech and user-driven dialogue. Now, it feels like the pursuit of profit overshadows the voice of the community. The introduction of API pricing, after years of free access, displays a lack of respect for the developers and users who have helped shape Reddit into what it is today. Reddit's decision to allow the training of AI models with user content and comments marks the final nail in the coffin for privacy, sacrificed at the altar of greed. Aaron Swartz, Reddit's co-founder and a champion of internet freedom, would be rolling in his grave.
The once-apparent transparency and open dialogue have turned to shit, replaced with avoidance, deceit and unbridled greed. The Reddit I loved is dead and gone. It pains me to accept this. I hope your lust for money, and disregard for the community and privacy will be your downfall. May the echo of our lost ideals forever haunt your future growth.
1
u/Mayayana Feb 19 '24
Google is a very sleazy company. They make their money through extensive spying to collect personal data and sell that to advertisers. Chrome is one of their spyware vehicles. As is gmail. If you care about privacy then you don't use Chrome. It's that simple.
1
Mar 20 '24
if anyone else has been noticing a theme with Google's permission model, let me help fill in the blank spaces.
Google, microsoft, probably others, dont have to follow permissions. They arent laws. They're guidelines without much enforcability since making them any different than currently exists would break so many things ppl cant seem to live without..
personally i just wanted calling and sms. anythinng else is a feature added service to charge me for later.
0
-12
u/twotimefind Feb 19 '24
This is true I'll uninstall chrome so quick .....
26
Feb 19 '24 edited Mar 12 '24
shocking advise wipe makeshift steer dolls bright fertile memorize ruthless
This post was mass deleted and anonymized with Redact
1
u/opticaldesigner Feb 19 '24
I've just added more info to my post, so you can see this for yourself. I'm hoping someone will suggest a way to disable it.
1
u/twotimefind Feb 19 '24
i worded my post wrong. i did not doubt you.
1
u/opticaldesigner Feb 20 '24
I'm glad you commented! I realized I should explain how it was that I saw it.
1
-1
u/marzthemagnificent Feb 19 '24
Is brave web browser better than Firefox? Or vice versa?
2
Feb 19 '24
No, Brave is bad. Don't install it.
0
u/TheAspiringFarmer Feb 19 '24
lol. They’re all bad, for different reasons. Brave is the least bad in my estimation, although one has to wonder where the money is coming from. I know they’ve struggled to find a business model.
1
Feb 19 '24
LibreWolf is my preferred, however I do browser isolation in order to obtain more privacy.
-1
u/retro_grave Feb 19 '24
Google: We're going to make it easier for our users to report issues.
Reddit: Foaming at the mouth
Your issue is with Windows APIs and there's literally 0 permissions model. Google spearheaded ABAC in Android early on, and Microsoft has done pretty much nothing in response. Windows privacy is a joke, but since it's Microsoft nobody cares as long as the stock goes up.
2
u/opticaldesigner Feb 20 '24
How'd you know I was foaming at the mouth? LOL. OK, so maybe I overreacted a little...
-1
-18
-14
-10
-24
u/makridistaker Feb 19 '24
Brave > All
5
Feb 19 '24
Brave looks nice but it is only the one you should use. There are also several good options like well-configured firefox, mulvad browser etc...
You may say that brave is the easiest one to start - becouse out of the box have security settings but it does not mean that is the best.
3
u/notcaffeinefree Feb 19 '24
Brave just uses Chromium and its rendering engine, JS engine, etc.. All of which Google is the primary contributor on.
-1
u/makridistaker Feb 19 '24
Chromium is the engine and it's open source, having google are the primary contributor means nothing since their own browser uses the engine too.
3
u/notcaffeinefree Feb 19 '24
Chromium is not an engine. It is a browser. Blink is the rendering engine and V8 is the JavaScript engine it uses.
And it does matter, because developing engines is not a trivial task. Using any Chromium browser, just contributes to a web monopoly.
0
u/makridistaker Feb 20 '24
Those are some serious mental gymnastics ! Your argument was that google being the main contributor to the (open source) chromium project is somehow shady or at least a bad thing which is plainly wrong. Other than that, brave is a pretty good privacy browser out of the box, being based on chromium doesn't invalidate that.
1
u/qxlf Feb 19 '24
switch to hardened firefox along with searx for a search engine (either the .be instance or the disroot instance)
1
1
u/0oWow Feb 19 '24
There is a print screen button on your keyboard that does the same thing. It works in Windows, Linux, and I believe also MAC. Any program can do that specific function.
It's not a privacy issue until it's sent somewhere.
1
u/opticaldesigner Feb 20 '24
I guess so, but I'd sure like an app-specific privacy setting just to be on the safe side..
1
u/Sweyn78 Feb 19 '24
This reminds me of the time that the business side of a company I worked for tried to get us to do this. We fought them for a while until they forgot about it and moved on to their next stupid idea.
1
u/batterydrainer33 Feb 19 '24
Any app can "take screenshots" on Windows.
If you use Discord, it does the same thing when you go preview your screens before sharing your screen. No permissions or anything.
1
Feb 20 '24
[removed] — view removed comment
2
u/user081 Feb 20 '24
It is an issue on the OS level. There is no permission manager to prevent apps from taking a screenshot or capturing the desktop on windows 10, Any app can do it if it is created to do so.
1
820
u/ColoradoPhotog Feb 19 '24
Now is a great time to remind everyone that Mozilla Firefox is very much still a thing, and is entirely independent from the Google-backed Chromium code base as they build and maintain their own engine.