for example if i only use it to browse the internet and maybe download games from play store but i dont install extensions and use https only, can i still be hacked and my operating system destroyed?? what can i do to avoid that?? i only use my chromebook for python
Anything can be hacked.
Technically, anything can be “hacked”, but that’s the same kind of technically as “any car can be broken into”.
Just like there are ways to mitigate getting your car broken into, there are ways to mitigate getting your system compromised.
I came here to write exactly this. Except a rock. A rock cannot be hacked.
If you think about it, computers are just rocks that humans tricked into thinking.
Rocks can be hacked. Especially rocks.
Exactly. Just be responsible and don’t do anything dumb with your security. Do the typical stuff right like using a password manager and updating your software often. With your programming, don’t skip ssl validation, don’t have unauthenticated connections that matter, don’t shell out, etc. On your local system, use permissions correctly, keep a local firewall, and all that good stuff. You should be fine, but it’s never 100%.
Plenty of malicious apps on the playstore
Rule of thumb: If a human made it, it can be hacked/cracked/disassembled/reverse engineered.
…if i only use it to browse the internet and….
Any and every device connected to the Internet net can be hacked. I’m not sure why they’d want to, however.
Even if your data was of particular value, it’d be far more cost effective to just pay Google for it.
You don’t necessarily need to do something for the device to be hacked. There could be an exploit that affects all devices running ChromeOS (or any OS for that matter).
TL;DR: Yes you can.
Operating systems that are locked down like iOS or ChromeOS remove one major vector of compromise, which is people accidentally or being tricked into installing malicious programs. However, explicit installation is different than an exploit, which can be triggered by a text message or merely visiting a webpage. For instance, there has been a string of iOS exploits related to iMessage attachment processing, or the explot related to webp that was revealed a few months ago. So, yeah, but on ChromeOS, who cares? You can reset it easily and your files are stored on Google servers, anyway. Use 2FA for your account and if you’re not a high profile target, it’s unlikely anyone will try that hard.
You’ll be fine. Just dont visit shady websites and do fall victim to phishing. The other comments in the thread are good advice too.
Also give this a read since you’re using Python. It could happen to you: https://arstechnica.com/information-technology/2022/08/10-malicious-python-packages-exposed-in-latest-repository-attack/
deleted by creator
At first I thought this was about the band Chromeo.
I thought it was about a cereal called Chromeo’s
Don’t turn the lights on
Cause tonight I’m gonna hack you in the dark 🎶
Do you have security clearance?
Does your job involve any confidential (in any way, trade secrets, etc) information?
Do you work in any sort of IT or information security?
Those are the kind of things that make you a target of hacking. Generally, if you’re not out dilly-dallying about in dangerous, unsavory parts of the internet, you’re not risking getting infected. So, you would have to be a target.
Most people are not targets. We ignore spam emails because we recognize them. We don’t go to strange websites because we don’t recognize them. Most of us have menial jobs where we have little control or access and so targeting us for corporate espionage would largely be pointless. Even if you work a menial job that is targeted (you work at a T-Mobile outlet, for example, which have seen thefts of the customer-service devices used to modify people’s accounts) it’s not you being targeted, it’s the company.
If you have reason to believe you may be a target, then you probably need to take more precaution.
However, if you’re just a fucking Joe Schmoe like myself, it’s probably a slightly overblown worry and you should be fine.
Plenty of actors carpet bomb malicious content and would be happy to make $1000 in BTC ransoming grandma’s computer.
Or just straight up mine that crypto on someone else’s power bill. Much less obvious, so people may not even realise that their systems are compromised.
Or bot nets that do nothing until somebody pays the owner to deploy an untraceable proxy or brute force or ddos attack. There are so many reasons for bad actors to hit up as many machines as possible, regardless who is behind the keyboard.