First, let me say that I am not a professional of any kind. I'm actually just entering my first year of undergrad.<p>Anyway, let's get to the point:<p>If someone were to use the auto translate feature to look at a foreign bank account (as an expat or something), couldn't the server request to translate your page be intercepted and read by a malicious party? It seems like a much easier point of entry than something like a key logger or something. However, like I said, I'm not a professional, or even a semi-professional. I thought of this, quite literally, in the shower.
1) It's encrypted, but most of everything has a vulnerability somewhere<p>2) This is a great question, of the kind more people should regularly be asking<p>3) Don't stop!
There are a lot of strings of text that it would not make sense to translate and not be wise to send to a remote translation service, like strings of digits, blocks of base 64 encoded text like ssh keys, digits and letters separated by punctuation like phone numbers and bank account numbers, etc.<p>Perhaps Google Translate should filter out non-word private tokens from the original text (replacing them with opaque identifiers that aren't translated but are left alone, and substituting the originals back into the translated text).<p>(PS: Are you still in the shower, posting on one of those new-fangled waterproof phones? Hopefully not a Google Glass!)
It might be fun for you try this yourself.<p>Connect two computers to the same network. On one, use some MITM proxy software. On the other, set all the traffic to go via this proxy, either transparently (via default gateway) or explicitly via proxy settings.<p>Then see if you can intercept the info being sent from your browser to Google translate.<p>I'm not at a computer right now, but I guess that:<p>1. The auto-translate feature uses https, so that the traffic between you and Google is not available via network-level MITM.<p>2. The page contents are not sent to Google at all, but only the URL
End to end encryption seems to be less understood by many people, even some professionals I know. HTTPS is completely secure, check this out, it's a fun read: <a href="https://en.m.wikipedia.org/wiki/Public-key_cryptography" rel="nofollow">https://en.m.wikipedia.org/wiki/Public-key_cryptography</a><p>The real question is perhaps, are we okay with Google having their eyes on everything?
Google translate refuses to work on private pages. It's actually kind of annoying, but yeah, anything past a login it refuses to do. At least for my bank and anything bill related.
It depends how Chrome is programmed to detect languages. The language detection could be all done in the browser, and it would only send data to google if you want to translate.
The translation could be intercepted, but it could also (hopefully) be encrypted.<p>To get a definite answer you would need to look at the source code and go from there.
Not directly answering your question but stil relevant.
At a fairly big company I worked at as a student I was able to circumvent the website blocker of the company by just applying google translate to the site. Formatting and images etc. were lost but it enabled me to browse reddit.
1.) I don't know, but that's fucking cool.<p>2.) You should follow rahimmathwani's advice and set up a man in the middle attack. You'll learn a lot.<p>3.) Have I mentioned that is fucking cool???<p>Good work! This is the exact kind of question that everyone should ask.<p>PS - That is fucking cool!
If you ask a person or a service to translate things that person can of course see these things.<p>If your connection to that service is not secured others may be able to intercept it. Chances are that it is though. Google Translate uses secure connections.