Comment Re:more info, pls (Score 4, Informative) 40
The goal of the feature is basically similar to "go to this page, then cntl+f for this text". One of the Google docs linked in the article suggests that for Chrome, that might even be the literal the implementation. The privacy concern is that the linked website would be able to detect the act of this automated scrolling, then infer roughly what text snippet was linked.
(The Google doc mentions timing-based detection as a possibility, as well as scroll-event-based detection.)
This sort of search is only worth doing if the snippet being searched for is relatively unique on the page, and thus has high information content. Because the user clicked on such a link rather than looking at a page from a web search, or even a link to the site at a high-level, the text is presumably very relevant to the link-follower. For example, you won't create a link with the text "from the" because it will misfire more often than not, but you mightfor something like "from the office of the Surgeon General".
This also assumes that the attack is conducted by the linked site. That means this is a website you want to go to, but which you don't necessarily trust. That's actually a pretty safe assumption for any site in the age when everything is used to fingerprint the user for advertising purposes, and that information is then sold of. But the example of someone who you want to control the flow of information towards -- an insurance company, a customer, an employer, a competitor, a lawyer -- is also a solid one.
An alternative attack is to use the linked page to infer something about the reader. An example is "if the page contains a string like "User Type: Admin", then the person who followed the link is a system admin that can be targeted for attack.
An alternative attack is a cross-site search attack. The success/failure in finding the linked text leaks information. This can give you a yes/no on some questions like "did they receive an email from "hiring@snap.com"? (The trick is searching for link text "No messages matched your search" to indicate they did NOT receive such a message.)
So far, they've figured out a few cases that demonstrate this can leak 1 bit (yes or no) of information, which is a privacy concern by not a security concern. More information could be leaked if a user action were not required to follow the link, which is not the case so far (but sounds like something easy to forget about over time).