Google Chrome’s latest update is under scrutiny for what has the potential to be major privacy concern.
Chrome 80 implements a new browser capability called ScrollToTextFragment, enabling deep links to web documents. ScrollToTextFragment allows Google to link a single word of text and its position on the page.
You may be thinking – “doesn’t Google already do this?”
Yes, it does, but this capability has always been dependent on an anchor created by the site owner. ScrollToTextFragment doesn’t require an anchor, meaning a link to a specific piece of text within a document can be created by anyone.
Google provides the following example:
“For example, the URL:
[https://en.wikipedia.org/wiki/Cat#:~:text=On islands, birds can contribute as much as 60% of a cat’s diet]
This loads the page for Cat, highlights the specified text, and scrolls directly to it.”
Google claims this is helpful, as it “will allow the link-creator to specify which portion of the page is interesting, without relying on author annotations.”
What’s the Concern?
While it’s true that ScrollToTextFragment can be useful, privacy pundits argue that it can also be exploited.
Peter Snyder, a privacy researcher at Brave Browser, says in a statement to Forbes:
“Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with [the anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.”
Snyder doubles down on this argument in a tweet where he says ScrollToTextFragment crosses a line that should never be crossed:
Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a "don't break the web", never cross, redline. This spec does that.
— pes (@pes10k) February 18, 2020
Privacy concerns were raised before the release of Chrome 80, but it was still shipped anyways. In a comment on Github prior to release, Mozilla’s David Baron stated:
“My high-level opinion here is that this a really valuable feature, but it might also be one where all of the possible solutions have major issues/problems. So I think the question we should think about is how the problems of the solution chosen here compare to the problems of other options and how they compare to the value of the feature.”
In the same Github thread, Chromium engineer David Bokan says security issues were discussed but it was decided that ScrollToTextFragment would ship without opt-in. An option to opt-out may be introduced in the future:
“. We discussed this and other issues with our security team and, to summarize, we understand the issue but disagree on the severity so we’re proceeding with allowing this without requiring opt-in (though we are still working on adding an opt in/out).”
Currently, ScrollToTextFragment is only supported by the Chrome browser.