You don’t. In fact browser hijacking (either by installing spyware into a browser like chrome or firefox or by installing a nearly identical browser that’s malicious) is a very common kind of cyber attack. You know when people download something sketchy and it gives them a weird toolbar? Or when searching it always used yahoo despite the settings being set to google? Both are good examples of common browser highjacks

This is actually a pretty good question. Bottom line is, you can’t. Most browsers are closed source, so you can’t “know”. But there are security researchers who are always watching what software and how it communicates looking for unexpected behavior. There’s also the risk to the company. If one instance were confirmed of the software doing something like that, it could totally ruin the whole company.

As others said, you can’t and you shouldn’t. Use a third party app (like LastPass) to manage your passwords.

Somebody would notice, simple as that. There are people out there who will monitor every scrap of network traffic that is coming out of their computer, either for cybersecurity research or because they’re simply that paranoid, and they would be able to tell if the browser communicated something it shouldn’t. The likes of Google and Mozilla make a lot of money from their browsers (despite them being “free”), so it’s simply not worth it to them to take a risk like this.

As for the downloaded app not being the same as the source says it is, again, somebody, somewhere, will compile the app from source and will have questions if the resulting executable differs from the pre-compiled one.

This is all assuming you’re getting your browser from official sources, of course.

As others have said, you can’t. Taking it a step further, it’s probably safe to assume that all of your password’s have been compromised. The only thing you can trust in is the fact that you aren’t important enough for those who are harvesting the info to use it. If you aren’t rich and famous enough to be blackmailed or doing work important enough that a nation-state would want to steal it, there’s little risk.

Browsers are one of those things that gets implicit trust because you have to trust something. It’s the same with your computer’s OS.

At the end of the day, we HAVE to do stuff to function.

To make your fears worse, browsers are openly collecting people’s passwords, and I think Chrome even allows you to sync your passwords across browsers, meaning that yes, passwords get sent back to google.

However, there’s another part of risk analysis that I think you’ll find reassuring.

What would a browser have to gain or lose by exploiting your passwords? Well, if they’re a major browser, or if they’re actually trying to be one, what they have to lose is sooo much higher than what they have to gain. If they got caught, they’d be so deep in lawsuits from both individuals and companies that… well… I’d be surprised if a single dollar survived. It would also be such a PR nightmare that the entire company would just be done.

No business with even a 64/th of a braincell in their management would be willing to send important information through or to that company’s hosted email ever again. used that company’s service for load balancing? NOT ANYMORE! Content hosting? Well that’s not happening. Company blogs? NOPE! All of that goes poof! Contracts canceled, other companies contracted in and all old programs pretty much treated as malware style DONE.

And the PR nightmare? In all honesty, I’d expect a complete purge.

And for what? Money that the banks would immediately move to recover because the activity would look suspicious as all >!censored!<? A major browser couldn’t get away with very much before services and sites react.

Google, Microsoft, and Mozilla are NOT gonna play around with your passwords, not because they can’t, but because the cost of doing so is so dangerously high.

Passwords are no joke, and if people thought browsers were abusing them… I would not want to be involved in cleaning up that mess.

Sometimes I wonder this. Like if someone hacks Google, which stores all my passwords, then I’m screwed. We’re all screwed

A rickety hole-filled system of checks and balances comprised of:

* Data protection legislation
* Platform provider (Windows, iOS) wanting to maintain a safe ecosystem and enforcing some basic standards
* White hat hackers and security analysts who find and document unethical data scraping
* Black hat hackers looking to eavesdrop on existing data scraping, which feeds into
* Consumers impacted by data scraping leaks raising hell
* Competing browsers looking to offer a selling point over those who data scrape

Ultimately it’s a fear of consequences in the form of fines, lawsuits and delisting impacting their profitability.

If you weren’t willing to trust any browser, you probably wouldn’t be willing to trust any computer operating system either. So you’d never type anything private into any computer that’s ever going to be connected to the internet.

So it’s just a question of whether the benefits of using a computer with the internet are enough to make it worth it for you to choose to trust makers of the browser, the OS, and all the other software on your machine that could access your private files.