Google changes sign-in, you now need Javascript to sign in

[RollTime]

Google is changing the sign-in process, and they will now run a "risk assessment" in the background as you sign in.

 

https://www.techradar.com/news/google-bumps-up-sign-in-security

 

Quote

Google will now run a risk assessment on your account login page that will only allow you to sign in if “nothing looks suspicious.”

However, the catch here is that you need to enable JavaScript as you sign in in order for it to work, and there's no option to turn that off.

Quote

This feature is intended to help protect against phishing and it requires that JavaScript be enabled.

Meaning that if you use NoScript to protect your privacy online, you now have to turn it off every time you sign in. And I'm willing to bet they'll be adding some kind of periodic checker that will also require JS. 

This is Google's comment on the situation:

Quote

 "But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off. This might make sense if you are reading static content, but we recommend that you keep Javascript on while signing into your Google Account so we can better protect you.”

 

I think most people who turn off scripts are trying to prevent tracking and stay more anonymous than they would otherwise. Google is conveniently skirting around those people.

 

Bottom line, will this feature increase security? Sure. Is increasing security Google's only motive here? I doubt it. I think they're using this to try and force people to enable JavaScript, so that they can more easily track them. It may be slightly paranoid, but given Google's track record I think they're deserving of a little paranoia.

[Alexzz_]

When you log into google you are pretty much already giving up your privacy, if you really are that concerned about javascript you should also be using a vpn and only give google a minimum amount of data about yourself.

[Shally]

Just now, Alexzz_ said:

When you log into google you are pretty much already giving up your privacy, if you really are that concerned about javascript you should also be using a vpn and only give google a minimum amount of data about yourself.

I agree, they already have EVERYTHING on you. 

[MyName13]

Haven't they been doing this for a while?

[I-r0k]

It’s 2018. I expected nothing less. 

[RollTime]

19 minutes ago, Alexzz_ said:

When you log into google you are pretty much already giving up your privacy, if you really are that concerned about javascript you should also be using a vpn and only give google a minimum amount of data about yourself.

The point here isn't necessarily that they already know so much about you, it's that they're trying really hard to make sure you can't hide ANYTHING. While it's true being signed in to Google gives them info about you, it was still possible to stop tracking requests and other similar things by blocking Javascript. Now it's no longer an option. 

[MyName13]

Just now, RollTime said:

The point here isn't necessarily that they already know so much about you, it's that they're trying really hard to make sure you can't hide ANYTHING. While it's true being signed in to Google gives them info about you, it was still possible to stop tracking requests and other similar things by blocking Javascript. Now it's no longer an option. 

You're all worried about people using google services who care about privacy (which makes no sense) and you forget all of google's scripts loaded into lots of websites.

[Fasterthannothing]

Ask to turn on JavaScript (IMHO a security nightmare) to do a security risk assessment ok Google sure. What is Google thinking besides taking more data it leaves people open to JavaScript exploits  The irony is strong with this one.

[MoonSpot]

32 minutes ago, RollTime said:

It may be slightly paranoid

It would be if it weren't the truth, but it is.

[insert X-files theme]

 

[RollTime]

3 minutes ago, MyName13 said:

You're all worried about people using google services who care about privacy (which makes no sense) and you forget all of google's scripts loaded into lots of websites.

That's part of what I'm trying to get at. They might start blocking people from accessing these sites unless they use the google auth "for security".

[MyName13]

1 hour ago, RollTime said:

That's part of what I'm trying to get at. They might start blocking people from accessing these sites unless they use the google auth "for security".

'Nahh, there's no way that could happen....'

 

-Anonymous

 

Besides, this makes me wonder if all of these scripts are using our computing power for some gigantic distributed computing network.Maybe there are no Google data centers, all of their processing power comes from internet users

[DrMacintosh]

What exactly counts as “suspicious to them”?

 

[Syntaxvgm]

16 minutes ago, DrMacintosh said:

What exactly counts as “suspicious to them”?

 

they're actively trying to kill anonymity. 100%

You can't sign up a gmail account without phone verification now, and some really old accounts that I had grandfathered in, accounts I've had for 5 years or more and signed up over vpns now REQUIRE that I attach a cell number to fucking LOG IN TO MY EXISTING ACCOUNT. So I've basically had to abandon these emails, since I made these forever ago with the intention of as much anonymity as possible. This lead to the awkward situation on one site where I had to verify an email change using by verifying through my existing email, and I basically had to message the site admins (who actually helped me)
All of my regular emails were hit with this to, but I was willing to tie a cell number. It's damn near impossible these days to find an email service that you dont have to tie info to in order to sign up for a site. Keep in mind that stuff like Yandex is blocked commonly, and Yandex just instantly shadowbans accounts it detects a VPN on, and for some reason exact 50% of accounts on one IP (say a college campus) as soon as they're created. 

 

Noscript is another part of this, it's used with the tor browser bundle and the same idea is recommended for staying anonymous in general 

[RejZoR]

As much as I dislike Google, I find it funny that people are obsessing over JS while logging to Google service. If tracking is your concern, you being on Google at that point means it's already too late for you. And people who block JS do it selectively because some pages just don't work without it. I think the JS content here is really for security purposes...

[Syntaxvgm]

1 minute ago, RejZoR said:

As much as I dislike Google, I find it funny that people are obsessing over JS while logging to Google service. If tracking is your concern, you being on Google at that point means it's already too late for you. And people who block JS do it selectively because some pages just don't work without it. I think the JS content here is really for security purposes...

half of the internet is google. YT is google.  And some sites have an email provider whitelist instead of blacklist. And forget oauth stuff that only lets you use google or FB and no local login

[paddy-stone]

28 minutes ago, DrMacintosh said:

What exactly counts as “suspicious to them”?

 

Suspicious meaning not being able to see up your butthole.

[Syntaxvgm]

6 minutes ago, paddy-stone said:

Suspicious meaning not being able to see up your butthole.

They need that for your topographical anal handshake

[AlTech]

1 hour ago, DrMacintosh said:

What exactly counts as “suspicious to them”?

 

> Not using Google Search as default

>> Google marks account as suspicious

[DrMacintosh]

2 minutes ago, AluminiumTech said:

> Not using Google Search as default

>> Google marks account as suspicious

Well rip because I use Bing and Safari on my Mac and on Chrome on my PC. I wish Apple would bring Safari back to Windows again, if they claim to be all about privacy extend the browsers with some of the best user privacy protection protocols to Windows! 

[poochyena]

3 hours ago, RollTime said:

I think most people who turn off scripts are trying to prevent tracking and stay more anonymous than they would otherwise.

Why should anyone be worried about that? I use noscript, but I use it so websites load quicker and sketchy websites can't give me bad redirects. I whitelist sites like google.

[AlTech]

3 minutes ago, DrMacintosh said:

Well rip because I use Bing and Safari on my Mac and on Chrome on my PC. I wish Apple would bring Safari back to Windows again, if they claim to be all about privacy extend the browsers with some of the best user privacy protection protocols to Windows! 

I was sort of joking.

 

Privacy for Windows would be to use duckduckgo and either Brave or Firefox or Tor.

[DrMacintosh]

Just now, AluminiumTech said:

I was sort of joking.

 

Privacy for Windows would be to use duckduckgo and either Brave or Firefox or Tor.

Oh I know, I guess the "Oh rip" didn't transmit the tone that was going through my head when I typed it  

[AlTech]

1 minute ago, DrMacintosh said:

Oh I know, I guess the "Oh rip" didn't transmit the tone that was going through my head when I typed it  

Oh and I forgot to mention PrivacyBadger and VPN.

 

Switching away from Google would help only if you ask them to delete all the info they have on you. And idk if they do it for other countries outside of Europe.

[yian88]

Is this browser only and PC only or does it have anything to do with android phone sign in aswell?

[Sauron]

4 hours ago, Alexzz_ said:

When you log into google you are pretty much already giving up your privacy

At least when it comes to the activities you perform on their websites, yes. Either way, good luck watching youtube on the main website without using js, and the same goes for the majority of Google services (with the exception of Google itself perhaps).