in post

what google knows

In an age that border security services sometimes demand access to email passwords, and hackers manage to gain access to them without asking permission, it's interesting to reflect on what such access conveys, especially in the case of Google.  Because even if we don't actively use a Gmail account, it's quite likely we have one that is associated with an Android phone or Chrome browser.  It's worthwhile going in to have a closer look at that Google account to see what information Google is storing.  Fortunately that's fairly simple to do, by clicking on the Account.

There are a few interesting sections there.  Depending on what we've allowed it to accrue, Google may have a record of every website visited, everywhere in the (real) world we've been (based on phone location and browser location history), everything we've watched on Youtube, etc.  Unless we've told Google not to collect this information, Google knows virtually everything about us, again, even if we don't use Gmail.

But beyond all this, if we use Chrome, Google kindly keeps a record of all of our passwords to every sign-in website we visit, in order to make logins easier for us, even if we change to another device.  That's under, Connected Apps and Sites, Saved passwords.  The passwords are not only stored but are visible too (you just click on the eye icon).  So, if we routinely store passwords in Chrome, and don't use 2-factor authentication for Google or other services, anyone with access to our Google account has access to every other account we have, without even needing to reset passwords via email (which is possible on most web services).  A hacker or border security person will also know which accounts we use and therefore where to look.

All of the information stored by Google can be deleted under its account controls, and information storage itself can be turned off.  It's less convenient but probably safer to do so.  I personally like Chrome browser, but there are a number of other browsers based on Chrome (or rather Chromium), that will store passwords outside of Google's account system. ( I haven't checked so far whether Chrome is capable of storing passwords locally but not globally.)