So I’m using an untrusted computer but on a trusted network (my home). The operating-system + hardware are trusted but the Profiles, certificates & software installed in the system are not trusted.
I can in fact see a bunch of certificates installed on the machine by going into my Profiles settings with names such as “Kernel Extensions” and many other Profiles. And my actual account on the OS (uses my own password) has a bunch of untrusted software installed which I’d like to keep there just so I understand better the layers of security involved.
Now I know this an untrusted machine but I’m trying to learn and understand up until which layers they can get access to. This is purely educational, I’m not trying to use an untrusted computer for my personal use.
Given that I trust the OS and the hardware (being Apple and all) I was wondering what are the exact repercussions of me downloading and installing Chrome (hence also trusting Chrome of course) and logging into my Gmail account (note I have 2FA enabled).
- Can the person/group access my emails. If yes, how?
- Can they read my Chrome settings in clear? Say my browser history. If yes, how?
- Can they possibly access the disk files in Chrome’s settings folders and use these files to try and access my email? If yes, how?
Please note I know they can probably read and understand a bunch of things via network logs and keylogging since they could’ve installed any spyware software on the machine, but I’m mainly concerned about accessing my email (in gmail) via chrome specifically. And am mainly curious on how they would do that.