Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This popup should be criminal. Ive misclicked the signin button multiple times, causing PII to be sent to a third party I dont trust without my authorization.


Don't worry about misclicks, Google already tracked your visit when the webpage was loaded.

Google One Tap works via a script tag from Google servers: https://developers.google.com/identity/gsi/web/guides/displa...


The bad thing is not sharing the info with Google (you are right, just by siing it, Google has your info), but the random third party website.


FWIW, these uBlock Origin rules solve the ploblem:

    ||accounts.google.com/gsi/iframe
    ##iframe[src^="http://accounts.google.com/gsi/iframe"]
    ##iframe[src^="https://accounts.google.com/gsi/iframe"]
    ##iframe[src^="//accounts.google.com/gsi/iframe"]
    ###credential_picker_container
source: https://stackoverflow.com/a/78429389. Last rule is from me since popup was invisible but still blocked the content underneath.


Good information, but you can already turn this off via the (quite hidden, I admit) setting that is mentioned in the article. That's a better way to turn this off completely, rather than patch it via a visual rule.


Brave browser does not have an option to turn it off but uBlock Origin custom filter works.

In the Brave community the only solution offered was an adblock filter: brave://adblock (custom filter) ||accounts.google.com/gsi/client$script,third-party

https://community.brave.com/t/annoying-login-with-google-pop...


The article mentions a setting in Chrome only. Someone using uBlock Origin is not using Chrome.


Either way it's something you'd need to go out of your way to configure any time you interact with a new web browser. And both ways can be disabled randomly (Chrome settings changes during browser updates, or uBlock extension being deprecated).


The irony of getting that popup on Stack Overflow when I clicked that link


Blocked this using uBlock since years ago.


I hope the PMs are reading this thread. They misjudged the tradeoffs


If teaching ethics to big tech worked, this would've ceased to be a problem more than a decade ago.


Delete your Google account and this won’t happen.


It happens a lot regardless of browser and accounts and incognito. It just pops up everywhere.


I haven't signed in to my Google account since browser install but I still see it in StackOveflow.


[flagged]


Just throw in only a date of birth and you have only all you need for identity theft.

Besides, email is usually enough to cross reverence with other benign data troves. But there is no way any reseller could possibly profit from that.

Really no reason to be overly paranoid about.


> Name and Email

Yes, both are PII, which is highly regulated in EU and CA (among others I'm sure). If these knowingly "leaked" in a data breach, the company which leaked them would be legally obligated to notify me. Sounds pretty serious to me.


[flagged]


But it's a similar concept. If someone accidentally gives some website their name + email, they could be part of a leak for some service they don't even use. People probably care less about Tea in particular because they've never heard about it before the data leaks.


"So-and-so used Tea" is clearly not the focus of the coverage of the Tea app leak. Again, let's be explicit about impacts here. You can deploy hyperbole and hypothesis to make anyone a horrifying villain. But if you do that at least be honest about it.

Edit to note: the Tea story has now fallen off the front page while this one is still going strong.


> You can deploy hyperbole and hypothesis to make anyone a horrifying villain.

Alternatively you can deploy a dismissive attitude and subtle ridicule to make any concern sound silly, no matter how important the issue is to people for a variety of different reasons which you don't seem to be receptive to understanding.

And that sort of infighting is certainly many orders of magnitude more fashionable, both on social media and in real life, than people being observant and critical of companies and governments when they find new ways of eroding our rights and freedoms a little bit more than they already have.

I sympathize with ~everyone affected by any type of data leak, but I'm only human with limited time and attention. That means I can't actively engage with every single issue that plagues our world, both out of practical, as well as sanity-maintaining reasons.

Implying that we're hypocrites if we don't engage with completely unrelated issues before we engage with issues that directly affect us is probably the clearest example of a bad faith argument I've read on this site in a very long time.


I guess it's more about the chats there, but swap Tea with Ashley Madison or something. Having your name+email on that leak could be quite bad.


The only one arguing in bad faith here is clearly you.

First, you say that a full name or email is somehow not a big deal, even though these are some of the most critical pieces of PII, either one would obviously be enough to unmask exactly who the person is.

And now, because there is some random HN post about a hack that affects a significantly smaller user base than Google's and Chrome's invasive practices and it doesn't have as many upvotes that somehow means this topic isn't serious and that everyone is arguing in bad faith.

You either have absolutely no understanding of PII or privacy, and I seriously hope you never work on anything related to it. Or you're just arguing in bad faith, I’m not sure which is worse, to be honest.


> inarguably much more impactful a privacy issue

Except, you know, the volume of users impacted.

Tea had a few tens of thousands of users. Google has billions.


Yea, the use case is not wanting to be signed up for another stupid “newsletter” I never asked for that’s full of crap I don’t want.


> most of them are at least slightly criminal

Huh ? Not wanting reddit to know my government name makes me a suspect ?


Having a 'government name' and calling it that makes you suspicious alone.


I agree that it is problematic. You can mostly block it with the uBlock extension.


You can create multiple profiles in Chrome. You shouldn't sign into Google in your main profile. That should be reserved for just one profile reserved for Gmail.


You can also just not use chrome. It's still a problem that shouldn't exist and the blame for that falls entirely on Google and the websites that push google's crap on users


Edge has its own shenanigans. Solution: When signing into Gmail use Edge. When signing int Outlook use Chrome. That way Google/Microsoft can't use your credentials to sign into the browser itself.


Better: Use browsers not owned by search companies


Safari seems to have this too, now — especially with the latest iOS 18.

Any workarounds would be massively appreciated.


This is the #1 reason I don't use apple OS. Even if you install another browser it's just a wrapper around safari restrictions...gross.


There is one! Mac only though.

Scroll down to "#credential_picker_container" here: https://pxlnv.com/blog/user-stylesheets-are-still-pretty-gre...


Firefox?


Yes blame the victim




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: