I’m doing some monthly finances and I need to download some of the utlitiy bills to get the full information for the month. And I get this warning each time I download a bill, warning me to clear my cache afterwards, because “sensitive information” may be stored in the cache.
What is the cache, and what sensitive information, and how could anyone else access it?
Your browser cache stores downloaded web page data, including text, images, and other elements. If they are warning you, then I wonder if their site is designed in such a way that someone examining your computer could see your bills or at least some personal information.
I also get that warning when I’m doing some documents on the Canada Revenue Agency website. It’s not like someone can access my computer online through my cache, is it? They would actually have to have the computer to do something like that?
They don’t need physical control of your computer, they could control it remotely. If your downloaded documents aren’t stored in password protected files it’s easier to go right to them instead of searching your cache. Don’t allow remote access to your computer and you don’t have to worry about it at all.
how would someone get remote access to my computer?
Via malware of some sort, or because you let them.
Scammer rings your number claiming to be from Microsoft and that your computer has an issue. They talk you through the process of giving them access to your computer so they can “fix” it.
Yup. You let them in and they set things up so they can get back in when they want.
In that case, you have a lot more to worry about than some cache…
The advice about the cache is probably more aimed at people who use shared computers, e.g a work or library computer.
A browser cache, simply put, is a temporary folder containing all kinds of data elements that have been downloaded through your browser. How you manage that data varies with browser; in Firefox, it’s under Options and Privacy & Security, where you can clear data (for everything, or just specific sites), manage it selectively, or specify exceptions.
You have to be careful to distinguish between cookies and cached data. Clearing cookies may be a good thing to do in the case of tracking cookies and the like, but it will also clear useful site preferences and login information. Clearing the cache may impact performance for a short time by causing things to have to be reloaded. but is otherwise harmless.
Bottom line is, clearing the cache is mainly important if using a public computer or some other situation where someone untrustworthy may be using the same computer. For your personal computer at home it’s rarely a concern. Yes, the cache could be accessed remotely if someone has covert control of your computer through a trojan or a poorly secured remote desktop. But in Windows the latter is disabled by default, and if you’re infected by a trojan you have worse problems that someone being able to access your browser cache – they could potentially directly intercept your banking password. In short, despite all the warnings, in normal home situations the browser cache is not a concern.
Keep in mind it may not be just your personal information that needs protecting. On some of the web projects I have worked on, we have allowed users to view PDFs of scanned documents that may contain other people’s PII. When they log out of the website, we display a “clear your cache” message so that, for example, if some unauthorized person at work manages to log into their PC, they won’t be able to poke around and see any of the cached documents. It’s not likely to happen but it’s all part of the procedures to help prevent unauthorized access to sensitive data.
Reading in this thread about this kind of stuff and the OP’s issue (as well as with the Canada Revenue Agency!), I wonder if much of is it due to inadequately designed web applications that fail to use HTTP cache control headers, javascript, encrypted objects, and document viewers correctly. If it is really an issue, the application should minimize the possibilities for cleartext documents to get cached in the first place.