[nine_k]

This is why I never put anything secret into browser autofill data. No credit cards, no passwords, nothing I would not be OK with disclosing publicly, or already did.

Sensitive info belongs to a password manager which limits it to the domains the data belong.

Credit card numbers are a pain, though. I could put them to a password manager, and manually select to fill only that particular field when I need to. In reality I rarely buy things where PayPal or Amazon payment options are not available; I suppose Stripe offers a similar service.

[nucleardog]

> Sensitive info belongs to a password manager which limits it to the domains the data belong.

So all that stands between you and being in this exact situation (or worse, since passwords) is your password manager's url comparison?

I refuse to use LastPass - the interface is horrible (probably because you're expected to use the browser extension). But I don't want my password manager anywhere near my browser. I'd really rather have to take an affirmative action in order to release each individual piece of information so I know what I'm disclosing and to who.

[cbr]

    your password manager's url comparison?

Better than manual url comparision! A surprising number of humans think things like www.goodcompany.evil.com are urls for "Good Company", and anyone can screw up and make mistakes checking urls (www.goodcomany.com).

[ksenzee]

Add Unicode and it gets worse. I don't trust my eyes to differentiate between Cyrillic а and Latin a. https://en.wikipedia.org/wiki/IDN_homograph_attack

[cbr]

Browsers only display unicode in domain names if the TLD has restrictions on character sets that prevent homograph attacks.

See https://en.wikipedia.org/wiki/IDN_homograph_attack#Defending...

[nine_k]

Well, yes. A domain name, when backed by an SSL certificate, gives a modicum of certainty that information is not being siphoned to a third party.

A password manager running outside my browser and only communicating the bare minimum required by a page, after checking its certificate, sound like a good idea. LastPass is almost there; the only reservation is that it's not run on a machine controlled by you. Other similar solutions overcome this limitation.

A browser extension is actually a great approach, too: it can and should be open-source and signed, thus reasonably tamper-proof. It should, again, do the bare minimum regarding the communication with the actual password store. Its usefulness is mostly in discovering the mapping between form controls and info to be stored.

[gohrt]

Browsers don't auto-fill credit cards and passwords, today, because they are private.

Chrome (and I assume others) has a secure credit card and password auto-fill, separate from regular form auto-fill.