I wonder how they did it. The sync data is supposed to be protected by E2EE where the key is derived from the user password or an separate sync password, at least before I abandon Chrome and go FF few years ago.
Last I looked, Chrome’s sync is not E2EE. Next to nothing (user space) is E2EE, in Google’s ecosystem. By default it’s only Encryption in Transit. I think you can enable a Passphrase (encryption on device), but that’s optional.
If you navigate to the security section you can define an extra, non-Google account tied, password specifically for browser data. If you do so, it’s E2E encrypted.
I wonder how they did it. The sync data is supposed to be protected by E2EE where the key is derived from the user password or an separate sync password, at least before I abandon Chrome and go FF few years ago.
It’s not Chrome and it’s not through sync.
It’s Google Collections. Read the post.
Yes. I read that. Thank you.
And thanks the person clarifying it.
Encrypted between… Chrome and Chrome? Two installations of Google’s non-FOSS browser? You never really had control over that data.
At least what they claim to be back then.
Last I looked, Chrome’s sync is not E2EE. Next to nothing (user space) is E2EE, in Google’s ecosystem. By default it’s only Encryption in Transit. I think you can enable a Passphrase (encryption on device), but that’s optional.
By default you’re correct.
If you navigate to the security section you can define an extra, non-Google account tied, password specifically for browser data. If you do so, it’s E2E encrypted.
Idk then. I had a separate sync password which will not sync anything after logged on in Chrome until I gave that password.