How to Export Your Passwords and Login Data From Google Chrome

In Chrome 66, rolling out now for Mac and iOS, Google has added a password export option to the web browser so that you can easily migrate your login details to another browser via a third-party password manager app. In this article, we’ll show you how to export your passwords from Chrome on Mac and iOS.

At the end of the process, you’ll be left with a CSV file containing all your login credentials. Popular password managers like Enpass and 1Password accept CSV files for importing login data. Just be aware that the CSV file you export from Chrome is in plain text. That means your credentials could be read by anyone with access to it, so make sure you securely delete the file once you’ve imported the data into your password manager of choice.

How to Export Passwords From Chrome on Mac

Launch Chrome browser on your Mac.
Select Chrome -> Preferences… from the Chrome menu bar.
Click the Settings button in the upper left corner of the tabbed Settings screen.

Click Advanced in the Settings side panel.

Click Passwords and forms in the dropdown menu.
Click Manage Passwords.

Click the column of vertical dots at the top-right of your list of Save Passwords.

Click Export passwords… in the pop-up.

Acknowledge the pop-up warning dialog by clicking the blue Export Passwords… button.
Enter your system password if requested to do so.
In the Export window, choose a location on your Mac to export the CSV file to, and click Save.With the login data exported to your computer, open your password manager of choice and look for the import option, usually found in the app’s menu bar under File. Once you’ve imported the data from the CSV file, be sure to delete it, preferably with a file shredding app like Secure Delete or Incinerator.

How to Export Chrome Passwords in iOS

Launch the Chrome app on your iPhone or iPad.
Tap the three dots in the upper right of the browser tab.
Tap Settings in the dropdown menu.
Tap Passwords.

Tap Export Passwords….
Acknowledge the pop-up warning dialog by tapping Export Passwords….
Using the Share Sheet, choose a secure method (i.e. not Mail) for exporting the CSV file. Tapping Save to Files lets you save it on your iOS device or in iCloud Drive, for example.
Again, once you’ve imported the CSV file into your password manager of choice, be sure to delete the file.

Related Roundup: macOS High SierraTags: Google, Chrome
Discuss this article in our forums

Facebook Prepares for Europe’s General Data Protection Regulation With ‘New Privacy Experiences’

Facebook this week shared a blog post explaining “new privacy experiences” that will be available on the social network, in compliance with the European Union’s General Data Protection Regulation (GDPR), coming into effect on May 25. Facebook originally detailed part of its plan for GDPR-related privacy features back in January, and is now following through in the wake of the Cambridge Analytica scandal.

The rollout will begin in Europe this week, but the company described the update as being “for everyone on Facebook,” and it’ll begin expanding worldwide “on a slightly later schedule.” In the new blog post, Facebook chief privacy officer Erin Egan explained that users will be asked to make choices about multiple aspects of the social network from now on, including ads, profile data, and face recognition.

As soon as GDPR was finalized, we realized it was an opportunity to invest even more heavily in privacy. We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook. We’ve brought together hundreds of employees across product, engineering, legal, policy, design and research teams. We’ve also sought input from people outside Facebook with different perspectives on privacy, including people who use our services, regulators and government officials, privacy experts, and designers.

Facebook will ask its users to review information about advertising based on partner data, such as websites and apps that use business tools like the Like button. They will be able to decide if they want Facebook to use data from partners to show them these type of ads or not.

For profile information, users that have opted into sharing political, religious, and relationship information will be asked whether to continue sharing this data, and if they want Facebook to use it. The update will make it easier to delete these personal tidbits from profiles as well.

Face recognition has been on Facebook in most parts of the world for about six years, allowing the service to detect when other profiles might be trying to use someone’s profile image, among other features. Egan said that specifically in the EU and Canada, face recognition will return but be defaulted to an off state, and users will have the choice to turn it on. For everyone on Facebook, Egan explained that this feature is still “entirely optional” no matter where the user is located.

This week’s blog post explained that these requests — including an updated terms of service and data policy — will have specific details relevant only to people in the EU, although “the substance” of the policy remains the same globally. As the update launches around the world, the company will “present the information in the ways that make the most sense for other regions.”

Otherwise, Facebook users will also start to see new Settings and Privacy shortcuts around the world this week, allowing them to more easily check their data, delete it, or easily download and export it. The social network is also focusing on protecting teenagers with multiple GDPR compliant features that will be launching worldwide. These include limited advertising, disabling face recognition, defaulting audience options for posts to friends only, and more.

Tag: Facebook
Discuss this article in our forums

Researchers claim hackers can create havoc in the Oculus Rift, HTC Vive

Virtual reality headsets produced by Oculus VR and HTC are open to hackers according to a recent paper published by researchers from the University of New Haven in Connecticut. Their proof-of-concept attack targets OpenVR, an open-source software development kit created by Valve Software and supported by the HTC Vive and Oculus Rift PC-based headsets. The result? Changing what the viewer sees and thereby causing physical harm. 

The problem with the HTC Vive and Oculus Rift is that you can’t see the surrounding physical environment. The setup process includes defining your movement area in the real world while inside virtual reality, this space is defined by a grid that suddenly appears if you get too close to the playing area’s edge. Typically, the edge is an actual wall, a couch, or simply an area where observers can watch from a safe distance while you swing wildly with the controllers. 

But hackers with access to a compromised PC could alter that space. If, for some reason, headset owners were playing near a staircase, they could trip over the steps or fall down to the next floor. If a group of family members is watching from the couch, headset owners could get too close and start swinging the controllers at their heads. The physical dangers are certainly possible. 

With the proof-of-concept, the research team attached malware to an email to see what would happen once it infected the targeted PC. “It was created with little security in mind, and they’re completely relying on the security of the operating system and the user,” says Ibrahim Baggili, director of the university’s Cyber Forensics Research and Education Group. 

Naturally, there are already safeguards set in place to prevent the infection, such as antivirus software and firewalls. But the experiment targeted the VR platforms themselves to see what would happen if the typical safeguards failed. The software powering the Oculus Rift and HTC Vive failed to block the malware as it infiltrated through the OpenVR crack. Not only could the researchers change the boundary, but everything seen through the headsets. 

Both HTC and Valve Software wouldn’t comment on the findings, but Oculus VR pointed out that the majority of the Oculus Rift experiences are served up on the Oculus Store without OpenVR. Even more, adding encryption to Guardian would introduce bugs and “unnecessary complexity.” If your machine is compromised, all data is at risk, not just the VR experience. 

But a closer look at the report shows there is more to the issue than just altering the headset’s view. For instance, a deep dive into Steam discovered two authorization files hidden in the Steam folder that could be used to bypass two-factor authentication. Other files include the person’s name, port details, IP addresses, and data associated with specific apps. Researchers also found accessible “artifacts” with a number of applications such as Rec Room, AltspaceVR, Facebook Spaces, and Big Screen. 

The full disclosure will be presented in May during the 39th annual Institute of Electrical and Electronics Engineers Symposium on Security and Privacy. 

Editors’ Recommendations

• Oculus Rift re-enters virtual space after bad software caused a global blackout
• HTC Vive vs. Vive Pro
• Oculus Rift vs. Vive Pro
• HTC Vive review
• Oculus Rift is now more popular than HTC Vive among Steam users

Epson shrinks its cartridge-free ink, but it’ll still last you two years

Epson

Epson’s refillable, eco-friendly print cartridges just got smaller, but the compact form of the ink EcoTanks still allows the company’s new all-in-one to ship with two years of ink in the box. On Tuesday, April 17, Epson announced the WorkForce Pro ET-8700 EcoTank All-in-One, a printer designed for small businesses.

The new WorkForce Pro has enough ink in the box to print up to 16,000 black-and-white pages and 11,00 color pages, which means businesses averaging 450 sheets a month may not have to buy ink for two years. The printer uses a set of four ink packs, which Epson says is more affordable than the traditional cartridge. The printer packs start at $25.

The printer isn’t the first to integrate Epson’s cartridge-free concept, but uses the smaller Replaceable Ink Pack System. Compared to ink and toner, Epson says, best-case scenario, the ink packs can save up to 80 percent over the cost of traditional ink cartridges and toner for a color laser printer.

Compared to the earlier model, the ET-8700 is more compact, at about 40 percent of the size of the previous generation model. The printer still offers a 250-page capacity and an 80-page rear tray, with the option to buy a 500-page tray add-on.

Epson says the new printer also delivers on speed, with prints speeds of up to 24 pages per minute, and scans also reaching that speed using the USB interface. Print settings and options are controlled from a 4.3-inch touchscreen.

“With the new low-cost replacement ink packs integrated along the base of the ET-8700 printer, we’ve taken Epson’s traditional EcoTank design, and optimized it for high productivity,” Nils Madden, marketing director for consumer marketing at Epson America, said in a press release. “We’ve made it easier for business owners to enjoy the hassle-free two years of ink in the box with this new, easy-to-use design and ultra-fast print speeds, giving them more time to focus on what’s really important — managing their businesses.”

The ET-8700 also offers Wi-Fi and Ethernet connectivity, and sells with a two-year limited warranty.

The WorkForce Pro ET-8700 printer will launch sometime this month with a list price of about $1,000.

Editors’ Recommendations

• The best color laser printers of 2018
• How to print from an iPhone and iPad
• The best photo printer you can buy
• The best inkjet printers you can buy
• Cadillac’s downsized XT4 SUV aims to give people what they want

Cambridge Analytica designed cryptocurrency to sell back your personal data

Bryan Bedder/Getty Images

In a twist of irony, Cambridge Analytica — which worked on Donald Trump’s digital campaign strategy and was the subject of scandal for Facebook — had been quietly working on its own virtual currency designed for an initial coin offering, or ICO. Cambridge Analytica’s cryptocurrency was conceived as a means to pay for a system allowing people to store and sell their online data to advertisers, former employee Brittany Kaiser told The New York Times in an interview, essentially allowing people to protect the data that the company had exploited from some 87 million Facebook users.

Cambridge Analytica promoted its virtual currency business to blockchain companies wishing to use predictive modeling to target investors. The psychographic profiles that the company has created allow for more precisely targeted advertising.

“Who knows more about the usage of personal data than Cambridge Analytica?” Kaiser said in an her interview. “So why not build a platform that reconstructs the way that works?”

Work for the virtual currency began in the middle of last year, with Cambridge Analytica aiming to raise as much as $30 million through the ICO, according to Reuters.

“Prior to the Facebook controversy, we were developing a suite of technologies to help individuals reclaim their personal data from corporate entities and to have full transparency and control over how their personal data are used,” a Cambridge Analytica spokesperson said in an email statement to Reuters. “We were exploring multiple options for people to manage and monetize their personal data, including blockchain technology.”

Jill Carlson, a consultant for several blockchain companies who had attended pitch meetings with Cambridge Analytica, said that the company’s approach “was contrary to the ideas of openness and transparency that drew her to virtual currency projects like Bitcoin,” according to the Times report.

“The way that Cambridge Analytica was talking about it, they were viewing it as a means of being able to basically inflict government control and private corporate control over individuals, which just takes the whole initial premise of this technology and turns it on its head in this very dystopian way,” Carlson said.

In one instance, Cambridge Analytica would send virtual currency to different areas in Mexico as incentive for people to fill out surveys. The data would be used to design political campaigns for Mexican candidates running for office.

Work on the the coin’s technical specification was overseen by Alexander Taylor, Cambridge Analytica’s chief data scientist. Kaiser has since left the company, in February, and remains critical of Cambridge Analytica. It’s unclear if Cambridge Analytica is still pursuing work on the coin, though Kaiser believes that the work has not moved forward.

“A spokesman did not comment on the coin offering, but did say the firm was looking at using blockchain — the technology underlying digital currencies — to help people secure their online data,” Reuters reported.

Kaiser is pursuing similar ideas in her new role at Bueno Capital.

Editors’ Recommendations

• Cambridge Analytica used more apps to steal data, former employee claims
• 9 things to know about Facebook privacy and Cambridge Analytica
• Here’s how to check if Facebook shared your data with Cambridge Analytica
• Want to ski better? Elan’s Smart Ski Concept uses sensors to help you improve
• Facebook isn’t the only one watching. Protect your privacy with these 5 apps

Leak reveals Microsoft’s new Xbox Avatar system

Microsoft’s new Xbox Live avatars have been on the cards for a while now, with the company last year promising more diversity and customization. Now, a leaked video (allegedly from a former Microsoft designer and since removed from YouTube) has revealed what they’ll look like, plus the editor interface that’ll let you design your character.

A look at the #NewAvatars@JamieMoranUK @Rand_al_Thor_19 @BeastFireTimdog @Mooch1978 @JezCorden @The_CrapGamer pic.twitter.com/htVGQ1xg29

— ✖IdleSloth✖ (@IdleSloth1984) April 17, 2018

The new Xbox Avatar Editor lets you customize body, face, hair, makeup and limbs with color pickers across all features and the option to purchase additional items from the avatar store. It’s pretty comprehensive — you can even edit your character’s fingernails. While the update won’t support items from existing avatars, you’ll be able to import your previous character into the system. The editor will operate across Xbox One and Windows 10, and will be made available to testers this month, so you shouldn’t have to wait too long to start designing your virtual self.

Via: The Verge

Source: @IdleSloth1984 (Twitter)

The Morning After: IRS’ payment system went down on tax day

Hey, good morning! Happy hump day! An accidentally discovered enzyme can eat up plastic, and the IRS’ online payment system went down at the worst possible moment: on tax day. We also have EMG wristbands that can type with your thoughts… at some point in the future, at least.

What do you want to see more of in The Morning After?

We’re upgrading Engadget’s daily newsletter and want to hear from you. Tell us exactly what you think by emailing us at themorningafter(at)engadget.com.

Now you have an extra day to file.
IRS’ direct online-payment system went down on tax day

For most of tax day in the US, a “glitch” took down the website that accepts IRS payment. As a result, the agency extended its window for filers an extra day, through midnight tonight.

We know a patch that it could take care of.Scientists accidentally produce an enzyme that devours plastic

Researchers studying a newly discovered bacterium found that, with a few tweaks, the bug can be turned into a mutant enzyme that starts eating plastic in a matter of days, compared to the centuries it takes for plastic to break down in the ocean.

The squabble continues.
AMD calls out NVIDIA’s partner program, G-Sync ‘gamer taxes’

According to AMD, NVIDIA’s GeForce Partner Program (GPP) hides an attempt to elbow competition out of high-profile system lines. That’s why ASUS suddenly launched another gamer brand, AREZ, for Radeon cards, which is separate from the ROG lineup. NVIDIA claims it’s just trying to let customers know exactly what will be in their new PC.

The notes app doesn’t count.
The best to-do apps

Add installing to-do apps to your to-do list.

But hey, don’t worry, Casey Hudson says ‘Anthem’ will be great.
‘Mass Effect’ failings forced BioWare to reevaluate how it makes games

Mass Effect: Andromeda wasn’t the critical and commercial success that Bioware was banking on. In a post on the company’s blog, producer Casey Hudson apologized for how that game turned out — and that DLC issue.

“That experience ultimately became a defining moment in refocusing BioWare’s mission,” Hudson writes. “We need to delight players with new experiences and innovation, but we must stay focused on the importance of the world, character and storytelling elements that players expect from our games.”

Six more sequence buttons make a big difference.
Roland’s TR-8S drum machine is ready to tackle the stage

Find out why Roberto Baldwin said this is “one of the easiest to understand electronic instruments I’ve used.”

But wait, there’s more…

• Boosted’s 2018 line includes faster and shorter electric skateboards
• EMG wristbands may spell the end for keyboards and mice
• Amazon is turning William Gibson’s ‘The Peripheral’ into a series
• Pros and cons: our verdict on Lenovo’s ThinkPad X1 Yoga (2018)
• Cambridge Analytica may have used other quizzes to gather Facebook data
• Windows 10 update will support more password-free logins

The Morning After is a new daily newsletter from Engadget designed to help you fight off FOMO. Who knows what you’ll miss if you don’t Subscribe.

Craving even more? Like us on Facebook or Follow us on Twitter.

Have a suggestion on how we can improve The Morning After? Send us a note.

Airbnb just opened an ‘Office of Healthy Tourism’

In a bid to counteract tourist saturation in major cities around the world, Airbnb is opening a new global Office of Healthy Tourism. The move is designed to bring the economic benefits of tourism to small businesses and local residents in destinations off the beaten track, while lessening the burden on popular holiday hotspots.

The office will be tasked with finding new ways to use technology to create new travel destinations, and will build on the work of similar, previous initiatives. Last year, for example, the company launched a program to promote 40 villages in Italy. Speaking to Fast Company at the time, Airbnb CEO Brain Chesky said, “If I could summarize the major problem with travel, it’s millions of people are going to see a few things, rather than millions of people going to see millions of things.”

The announcement comes at a critical time for Airbnb, which has faced scrutiny for its impact on housing markets in major cities such as San Francisco and Paris. A report last year noted that four major areas of Paris, located near popular tourist attractions, were seeing a drop in the number of residents, with some officials blaming home sharing for the decline. In Venice, Italy, some nine percent of its total historic housing stock is listed on Airbnb as whole-home rentals.

Last week, Airbnb was hit with a lawsuit from Paris for allegedly failing to remove listings that don’t conform with the city’s legal requirements. Meanwhile, Amsterdam has drastically reduced the number of days owners can rent out their properties, and at one point, the city of Detroit was considering banning Airbnb rentals altogether. The company says the new initiative is designed to mitigate the pressure its business is bringing to cities and to open up unknown destinations to travelers, but it’ll have undoubtedly considered the program’s potential in getting legislators off its back, too.

Source: Airbnb

Russia stops at nothing to silence Telegram

The protracted fight between the Russian government and encrypted messaging app Telegram is coming to an end. Last week, the country’s court granted a request for the app to be banned, enabling officials to begin work on booting it out of the country. Then, yesterday Roskomnadzor, Russia’s equivalent of the FCC, began telling mobile networks that they had to block access to Telegram.

In addition, Roskomnadzor has reportedly told Apple and Google to remove the app from their storefronts. The agency has also metered out some punishment to both Amazon and Google, since Telegram uses the pair’s infrastructure for its own backbone. In order to block Telegram’s access in the country, Russia has indiscriminately blocked the better part of two million IP addresses owned by both companies, which means other services that use the same hosts are also at risk of disruption.

The country is adopting a similar playbook to the one it used while battling Zello, another secure messenger service. Zello, which offered walkie-talking services, became popular with political protesters in areas like the Ukraine, Turkey and Hong Kong. Much like in the Telegram case, a huge number of AWS IPs were blocked in Russia, forcing Amazon to ask Zello to switch provider. Another casualty of this policy was LinkedIn, which was blocked in Russia back in 2016 for refusing to bow to the country’s demands for access to user data.

The fight between Telegram and Russia is the same one playing out between many tech companies and governments around the world. Platforms are built to be secure and can potentially put communications beyond the reach of the authorities. A similar fight took place in the US between Apple and the FBI following the San Bernardino attacks. And, like then, Telegram’s clash with the FSB began after 2017’s St Petersburg Metro bombing.

Russian law forces messaging providers to sign up with the government and store six months of user correspondence. Should the police or security services require this information, even without a warrant, it is to be handed over without delay. Since digital communications are encrypted, most companies are required to hand over the decryption keys. It wasn’t until early 2017 that Telegram officially signed up as a listed information distributor.

Unfortunately for Telegram, it had become infamous for its popularity with some terror groups, including Daesh. In 2015, Telegram founder (and Russian native) Pavel Durov said he knew the platform was being used by nefarious characters. When asked how he felt about this state of affairs, he responded that protecting the privacy of his users was paramount. It did, however, begin closing public channels that were seen to encourage violence and, later, began cracking down on inappropriate content.

We promised our users 100% privacy and would rather cease to exist than violate this promise.

Telegram CEO Pavel Durov

That said, even if Telegram was passively enabling some murky business to take place, it appears to have lacked access to a fair hearing. OpenDemocracy explains how the Telegram case was fast-tracked through the courts in the wake of Vladimir Putin’s re-election. The subsequent hearing, on April 13th, apparently only took 18 minutes to play out, and Telegram representatives were reportedly not permitted to travel to the court or request a delay.

It’s not likely that Russia is concerned with the optics of the move, but its scorched-earth policy may hurt its standing in the technology world. In an editorial published in business publication Vedomosti, Russian journalist Yelizaveta Osetinskaya says entrepreneurs may not want to do business there. After all, what sort of person would launch a startup in the country that has such a blatant disregard for corporate interests and the rule of law?

And it’s fair to remember that founder Pavel Durov was considered something of a great Russian success story. According to Statista, Telegram is the world’s ninth-biggest messenger, just behind Line, Snapchat and Viber. Unfortunately, Durov was forced to leave the country in 2014, after being forced out of his role at “Russian Facebook,” VKontakte. Since then, he has become an outspoken critic of the country’s repressive regime and policies.

In response to today’s ruling, Durov posted a missive to his public Telegram channel offering his feelings on the matter. “We promised our users 100 percent privacy,” he said, “and would rather cease to exist than violate this promise.” Durov also claimed the ban has not — yet — caused a drop in user engagement in the country since many Russians use proxies and VPN services. The CEO did, however, publicly thank Apple, Google, Amazon and Microsoft for “not taking part in political censorship,” and said that he would hand out Bitcoin grants to groups who help run VPNs and proxy servers within the country. It’s not clear if Apple and Google will acquiesce to Russia’s demands; although, it’s likely that they will, given similar capitulations related to VPN apps in China. But it’s clear that Durov isn’t prepared to go quietly into the night.

Durov’s battle with Russia will serve as a test run for a much bigger fight that is likely to come later this year between the Kremlin and Facebook. Much like LinkedIn, the currently-embattled social network was told to move its local data storage to Russia, where information about users could be accessed by the authorities. In an interview with the Kremlin-aligned Izvestia Daily, and outlined by the Moscow Times, Roskomnadzor head Alexander Zharov said Facebook would be inspected by the end of the year. And, if officials aren’t happy about their access to people’s private communications, then “the blocking question will come up,” Zharov reportedly said.

Source: Roskomnadzor

Google Chrome 66 Browser Adds Default Mute Autoplay Feature, Password Export, and More

Google is currently rolling out its Chrome 66 update to users of the web browser on Mac and iOS. The Mac version now mutes autoplaying content by default, while both desktop and mobile versions include a passwords export option, security improvements and new developer features.

Mute autoplay was originally slated for Chrome 64, which introduced autoplay settings on a per-site basis, but the function got pushed back for unspecified reasons. However, Chrome 66 now rolls out the default behavior for all users, and feeds into Google’s wider intention to make the media playback experience more consistent when users navigate the web.

Going forward, web-hosted media can only automatically play if it has no audio, if the user interacted with the page during a previous browsing session, or if the user frequently plays media on the site. Similarly on mobile, media can only autoplay if the site was added to the Home Screen by the user.

The new passwords export option was previously hidden in Chrome’s backend flag menus, but Chrome 66 adds the option to the user-facing settings.

As for enhancing security, Chrome 66 follows through on Google’s plan to deprecate Symantec-issued certificates, after the company failed to comply with industry security standards. The decision to end its trust for Symantec certificates was made when certificates for example.com and variations of test.com escaped into the wild.

Additionally, Chrome 66 includes a Site Isolation feature that offers additional protection from the Spectre CPU vulnerability, by forcing websites to run as different processes, with blocks to prevent them receiving certain types of sensitive data.

Google Chrome for Mac is a free download available directly from Google’s servers.

Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Tags: Google, Chrome
Discuss this article in our forums