I started using Firefox Sync -- and it doesn't pose a potential (and probably real) privacy problem like Google Chrome sync
Now that I'm running Iceweasel (aka Firefox) 4.0.1 on my Debian Squeeze laptop and Firefox (not aka Iceweasel) on my Windows XP box, I decided to use the newly built-in Firefox Sync to have my bookmarks, history and such track across my two instances of the browser.
That way I don't have to maintain two sets of bookmarks.
So far this is way, way better than Google Chrome sync. In Chrome's version of the utility, I'm not sure whether or not I can exclude passwords from the sync (which I am doing in Firefox Sync and want to do in Google).
And here's the killer feature for Firefox Sync: Your sync information is encrypted, only you have the key, and neither Mozilla nor anybody else can decrypt this information or use it for marketing purposes.
While Google does encrypt this data during transit, what makes you think the company is NOT using your Sync data -- decrypted on their side -- to compile a profile on your web use and target you with advertising?
From Google Chrome Help (emphasis mine):
You have total control over your information.To keep your information secure, synced data is encrypted when it travels between your computer and Google's servers. As an added layer of protection, your saved passwords are encrypted on your computer and on Google's servers using a cryptographic key.
The data held by Mozilla for Firefox is encrypted on their servers (emphasis again mine):
Where's all my data?It's encrypted with your Sync Key and safely stored on the Mozilla servers. Because Sync uses advanced security measures your information is never vulnerable to online bad guys or companies that will sell your information.
And while I don't see anything about this option when I look at the Mozilla instructions for Firefox Sync, I remember there being an option in that setup to use a server other than Mozilla's -- perhaps your own?
Open, above board. Not evil (even potentially). I like that. Chalk one up for Mozilla -- and users.
(If somebody can tell me that the sync data isn't unencrypted and usable for targeted advertising or other Googlish profiling, I'd love to know about it. Ah ... it's only "evil" if you don't want Google knowing about your bookmarks. Right?
But doesn't Google deserve our private data in exchange for all their wonderfulness?
I'm going to say no.
My journey is only beginning on what data companies such as Google should have from users.
What I do know is that we should have alternatives that allow us to keep our private data just that -- private. I'm working on it. And questioning free e-mail, web-based "productivity" software, social networking and even search.
And yes, I'm thinking about the Freedom Box. And large segments of people who don't seem to care about privacy or a lack thereof -- and certainly don't know what they're giving up (and what the consequences could be).
10 Comments
Leave a comment
About this blog
what about something like xmarks?
http://www.xmarks.com/
that's what I use and it works just fine. (especially since I have google chrome and firefox on both my windows and my #! (debian derivative) I need to keep all 4 browsers synced.
You can choose not to have your passwords synced by Chrome. You can choose to just sync bookmarks, apps, extensions, user data, passwords, or whatever you'd like. And yes, your passwords are encrypted on Google's side. Look at your first quote again, "As an added layer of protection, your saved passwords are encrypted on your computer and on Google's servers using a cryptographic key."
It's cool if you like Firefox's sync, but I don't think there's any reason to worry about your data on Chrome. You can also use the opensource Chromium browser and add the password sync information to the command line on your own. It's very secure.
I invite you to follow @csoghoian
Use Chromium. Same sync, no tracking by Google. Problem solved.
randy: how does chromium sync if not through googles server?
dave: the point of the article is that with firefox everything is encrypted, not only the passwords. that means google can read your bookmarks, but mozilla can not.
greetings, eMBee.
As I understand it, (and I can post links if you need them), the server tracks url hashes, not the urls themselves. Even with a 32-bit hash the combinations it could be one certain url range in the billions.
Look at Google's language again:
"To keep your information secure, synced data is encrypted when it travels between your computer and Google's servers. As an added layer of protection, your saved passwords are encrypted on your computer and on Google's servers using a cryptographic key."
That doesn't mean bookmark data is encrypted. Passwords are. Bookmarks, I'm not so sure.
The questions I have are:
How much does Google know about your activity when signed in to Google services (and what do they do with that information)?
How much does Google know about your activity when you're not signed in to Google and using Google Search?
How much does Google know about your activity when you're using Chrome or Chromium? And does using Sync cause you to be "signed in"?
Personally I don't use Chrome a lot, is just a secondary browser for me, but all my primary web surfing is done via Firefox. I use a radically different approach to the main problem of synchronizing the two world (linux and Win). First I created a Folder in my 'D:' drive (something like D:\firefox) and created a new profile (firefox -P) pointing to that folder. Then went back to Linux and renamed the original folder just to create a new 'firefox' folder in the original position (which now is empty).
At this point I created a new firefox profile for Linux (always firefox -P) pointing to the new empty folder (which as the 'right' name).
Once activated the new profile in Linux i closed firefox, deleted the new 'firefox' folder and renamed back the original firefox folder previously created with Windows. In This way both firefox profiles point to the same folder without the need of any synchronization. Folder sharing is much better for my purposes.
I question how secure Firefox sync can be, when I was NOT asked to enter the sync key on my new laptop in order to sync my bookmarks and passwords from my old laptop. As the sync took place successfully then encryption cannot have taken place, especially since all my passwords were encrypted in Password Manager with my own password (different to the sync key), but were transferred to my new laptop where they appeared in the clear without password protection. Now this is a terrible breach of security if you ask me
what is there to be afraid of if google can read your bookmarks?? you get better advertising, more of the stuff you wanna see and not advertising that is completely not interest.
I dont see any problem with that, unless your interest is child pornography then google might send your list of child porn bookmarks to the police and get u arrested.