Keyboards, Firefox, Chrome and Privacy

I hardly ever used Google Chrome because of a bug that made the Ctrl-arrow keyboard shortcut work incorrectly in right-to-left languages. This shortcut works makes the cursor jump a word to the left or to the right. In Hebrew and Arabic it would jump to the left when the right arrow was be pressed. It works well in most other programs, but since Chrome doesn’t use the operating system’s text editing capabilities, this worked incorrectly.

I write a lot of email, blog posts and Wikipedia articles and this keyboard shortcut is essential for me, so if it doesn’t work correctly in a program, i simply cannot use it and will use the competitor, in my case Firefox. Since i love Firefox anyway, it was not really a problem for me.

It took more than two years to do it, but this bug is more or less solved now and the fix will probably be released soon. I am now trying a preliminary version and the Ctrl-arrow shortcut seems to work correctly. However, as i expected, i quickly found other problems because of which i cannot use Google Chrome. Long story short, i cannot write Russian there. It’s not that it’s impossible – it’s just way too hard for me.

I could enable the Russian keyboard layout in my operating system, but it would be very hard to use for me. Keyboards sold in my country usually come with Latin and Hebrew letters printed on the keys and not Russian. It’s possible to buy a keyboard with Russian letters on it, and i did it once, but it didn’t help me much. You see, i write Russian several times a day, but less often than i write Hebrew or English, and the Russian layout is very different from the Latin layout, so i type in it very slowly even if i have the letters in front of my eyes.

Since 2006 my solution for this issue was the Transliterator add-on for Firefox, created by Alex Benenson (thank you so much, Alex). It was first called “ToCyrillic”, because it only helped with the Cyrillic alphabet, but later it was adapted to many other languages. It allows me to type Russian phonetically, so the Latin ‘b’ is automatically converted to Cyrillic ‘б’, ‘sh’ becomes ‘ш’ etc. It works everywhere in Firefox – websites’ input fields, the address bar, the dialog windows etc.

I couldn’t find anything like it for Chrome. It’s possible that i didn’t look well enough, but the add-ons i did find that claimed to do transliteration, phonetic typing or keyboard emulation either did something completely different or asked me to allow the add-on access my data on all websites and my tabs and browsing activity. I don’t understand why such an add-on would need access to my data and browsing activity – it is only supposed to translate the characters i type into other characters and forget it.

It’s possible that the message that tells me about these privacy implications is over-zealous and the add-ons in question don’t actually breach my privacy, but it is still weird to see them, so i didn’t install them.

So there – i still have a strong reason not to move to Google Chrome. It’s not really Google’s fault. In fact, i could myself develop an extension that does something that i want – the source and the API are open and it’s probably not a lot of work. But why would i waste even a minute of my time doing such a thing if i already have Firefox and its Transliterator add-on that work perfectly well? You could say that Google Chrome is faster and uses less memory; it is not quite true in the first place, and even if it would be true, i wouldn’t care about it, because being able to write the language i want is far more important than minor differences in performance.

As a side note, in some Google websites it’s possible to type in transliteration. However, it works only on these particular sites and needs the machine to be online, because it uses a web service to translate every word. That is weird software design and has rather unacceptable privacy implications.

Wikipedia already has phonetic typing support in Malayalam, Tamil and other languages and soon it is going to be deployed to other languages. It works in-place – it translates the text immediately in the browser letter by letter. Of course, it only works in one website; it would be better to help people to enable their native keyboard layouts rather than do it in only one website, but apparently doing it this way helps people start writing and searching immediately. More details on that soon.

8 thoughts on “Keyboards, Firefox, Chrome and Privacy

  1. Chrome triggers those warnings not necessarily because the extensions actually perform the actions on the warning, but because the APIs they call can potentially allow them to perform those actions.

    But yes, support for non-Latin scripts is rather lacking. From the various filed bugs on the Chromium tracker, it actually seems to be an issue with WebKit, however.

  2. Basically all Firefox extensions can “access my data on all websites and my tabs and browsing activity”.

    Chrome just tells you about it because some kinds of extensions can be written with reduced permissions.

  3. What Anonymous said. All Firefox extensions can do anything, not just to your site data, but can write malware to your harddrive, send its contents to scammers, what have you. Of course most of them don’t, but it’s possible.

    The fact that Chrome forces extensions to register for particular capabilities and then warns you what the potential consequences of those capabilities are does not mean Chrome or its extensions are less secure or less privacy-respecting.

    In your case, messages about “your data on all websites” are probably a reflection of the extension wanting to be able to run script on all sites — script that will intercept your keystrokes and transliterate them. Allowing an extension to inject script everywhere potentially gives it your data from everywhere, hence the warning.

    If you want to avoid Chrome or its extensions because of these warnings, that’s fine, but if you think that you’re somehow prone to privacy leaks in Chrome that you aren’t in Firefox when running extensions in both, you’re mistaken.

    1. That’s why i wrote “It’s possible that the message that tells me about these privacy implications is over-zealous and the add-ons in question don’t actually breach my privacy, but it is still weird to see them”.

      1. Blame Google for putting in scary warnings and not making permissions fine-grained enough!

        1. It’s extremely difficult to figure out how to draw a meaningful fine-grained surface area here. How do you let extensions inject script into all pages without running the risk that that script can access your data on all pages? I’m not aware of a way. Perhaps detailed human review of every version of every extension might work, but that has its own costs that are perhaps even worse.

          So I don’t consider the message to be “over-zealous” in the sense that the concern it’s expressing is a real threat.

  4. Permissions aside, Chrome keyboarding extensions can only interact with webpages, not chrome like the URL bar, find bar, or prompt() dialogs. That’s only possible in Firefox because XUL is used for everything.

    So the flipside, of course, is that Firefox extensions can also inter*fere* with the URL bar, find bar, and prompt() dialogs. :-)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.