Problem with this is that it needs the sync server:
> Since the Mozilla-hosted sync servers will not trust assertions issued by third-party accounts servers, you will also need to run your own sync-1.5 server.
This article is from 2018, and contains a single update from 2020. I would think the terrain has shifted in the last 3 years, so take the article with an appropriate pinch of salt.
> Update (2020-06-10): The issue has been resolved in Chrome 80. The key derivation algorithm used now is scrypt with N=8192, r=8, p=11. These values are sane and should make attacks against most passwords unrealistic.
Yes, they fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
They fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
> Can [any storage that is not physically in my possession] be trusted with sensitive data?
No. You could make a case for E2E encrypted data where the storage provider does not have keys. That's pretty rare though. The point is, nobody gives a flip about your privacy. As soon as men with guns come asking for your data, any data business will hand it over without hesitation. Men with badges are only very slightly less threatening than men with guns, as everybody knows who the men with guns work for. So if you think anybody or any business is going to die on the hill of protecting your donkey porn collection, you're delusional.
Firefox Sync encrypts all data on the client side before sending it. Chrome Sync can do the same if you know which settings to use. 1Password, Bitwarden, Dashlane – every password manager worth their salt encrypts data locally (LastPass is the only one which failed really badly here). How is this rare and not something we should expect?
[+] [-] cap10morgan|2 years ago|reply
[+] [-] WirelessGigabit|2 years ago|reply
> Since the Mozilla-hosted sync servers will not trust assertions issued by third-party accounts servers, you will also need to run your own sync-1.5 server.
The tutorial refers to the old unmaintained version: https://github.com/mozilla-services/syncserver, see https://github.com/mozilla-services/syncserver/commit/8d9804...
The alternative is https://github.com/mozilla-services/syncstorage-rs which is ridiculously hard to set up.
[+] [-] Daril|2 years ago|reply
Floccus for bookmarks (https://floccus.org/) : it works also on mobile devices : a great plus ! You need only a webdav server (or a Nextcloud account), I use Dave (https://github.com/micromata/dave)
Vaultwarden for the passwords (https://github.com/dani-garcia/vaultwarden)
A huge advantage of this solution is that you can have synchronization also between different browsers and on mobile devices.
[+] [-] l1n|2 years ago|reply
[+] [-] aodj|2 years ago|reply
[+] [-] aodj|2 years ago|reply
[+] [-] andrewmutz|2 years ago|reply
[+] [-] palant|2 years ago|reply
Yes, they fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
[+] [-] dang|2 years ago|reply
Google moderates Google Collections items - https://news.ycombinator.com/item?id=37301600 - Aug 2023 (38 comments)
[+] [-] insanitybit|2 years ago|reply
[+] [-] jeffbee|2 years ago|reply
[+] [-] deadbunny|2 years ago|reply
https://strangeobject.space/@silvermoon82/110969122337810598
[+] [-] bloopernova|2 years ago|reply
https://www.google.com/save/
That's where collections live, and apparently they can be shared.
Not to defend google, for sure. I just wanted to stop the spread of incorrect information.
EDIT: I like many others didn't know about this feature and had no idea what was saved there or how it got there.
[+] [-] insanitybit|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] rapnie|2 years ago|reply
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] quantumstar4k|2 years ago|reply
https://bugs.chromium.org/p/chromium/issues/detail?id=820976
[+] [-] palant|2 years ago|reply
They fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
[+] [-] JohnDeHope|2 years ago|reply
No. You could make a case for E2E encrypted data where the storage provider does not have keys. That's pretty rare though. The point is, nobody gives a flip about your privacy. As soon as men with guns come asking for your data, any data business will hand it over without hesitation. Men with badges are only very slightly less threatening than men with guns, as everybody knows who the men with guns work for. So if you think anybody or any business is going to die on the hill of protecting your donkey porn collection, you're delusional.
[+] [-] palant|2 years ago|reply
Firefox Sync encrypts all data on the client side before sending it. Chrome Sync can do the same if you know which settings to use. 1Password, Bitwarden, Dashlane – every password manager worth their salt encrypts data locally (LastPass is the only one which failed really badly here). How is this rare and not something we should expect?
[+] [-] unknown|2 years ago|reply
[deleted]