Embed Notice

Many people seem still unaware of just how bad Chrome Sync is for your privacy. By default, Chrome will sync all your data – including e.g. your passwords, bookmarks, browsing history and open tabs. And by default, Chrome will not encrypt any of this data. All of it will be accessible by Google, by anyone who subpoenas Google to turn up your data and whoever else managed to get access to these servers.

If you want this data encrypted before it is first uploaded, you need to click “Settings” instead of confirming sync, then expand “Encryption options” and set up a sync passphrase. The default option “Encrypt synced passwords with your Google Account” is essentially a disguised “We can access all your data but we promise not to look. Don’t you trust us?”

The only positive aspect here: Chrome Sync used to be a lot worse. It used to enable automatically when you signed into Chrome. It used to encrypt only passwords and none of the other data even if you set up a passphrase. It used to warn you when setting a passphrase because Google’s web services would no longer be able to access your passwords. It used to upload data without encryption first, only allowing to enable encryption after the fact. And its encryption used to be horribly broken. I wrote about that five years ago: https://palant.info/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/#chrome-sync

But even now, Chrome Sync requires you to take action in order to get privacy. Because Google knows that you won’t. Compare that to Firefox Sync which has always been encrypting all data by default. I criticized the implementation here as well, but that was really a minor issue compared to the mess which is Chrome Sync.

#Google #GoogleChrome #privacy

Edit: Removed link to a post claiming that Google is censoring synced bookmarks. This claim appears to be incorrect, the message there referring to a different Google service.