I recently installed a new operating system version on my pc. A clean install rather than an 'upgrade'. Now I like to use the Chromium / Google Chrome browsers mainly as the bookmarks are auto sync'd for every pc or even phone that uses chrome.
I was really surprised to find that when i used the browser for the first time in my new debian system - not only are the bookmarks retrieved from some online server - but ALL my secret login details even for SSL enabled websites automatically appear as well!
Who has control or access to the servers that store this data?
If malicious crackers somehow break into these online servers it would be an epic disaster. I was just wondering if I should stop using this browser for this reason! I'm sure that there is a mathematical proof that shows 'convenience = greater risk' (in computer security at least) Do you worry about this?
If malicious crackers somehow break into these online servers it would be an epic disaster. I was just wondering if I should stop using this browser for this reason!
Absolutely, in my opinion. I'm being a bit of a hypocrite, though. I still prefer the Google search engine to others, such as DuckDuckGo. And I do not disable the blacklist system in Firefox (which to my knowledge functions by asking Google and others if a site is safe, or if it was reported for forgery etc.)
As RB said I wouldn't worry to much. Though you ahould take some steps just incase. Like never autosave you login information for anything critical like bank accounts, don't choose the save credit card number for later purchases on shopping websites, and stuff like that. They most likely won't get hacked but your computer can get hacked.
If you are really concerned you can look into stuff like identity guard or other reputable services like it. They cost about 10 dollars a month but are worth it in my opinion. I use it to protect my identity and monitor my credit score, ect.
I just checked one example bookmark site uses https. Months ago I told chromium to save the password. I did not expect that passwords and usernames were stored in the cloud. I thought it was only the bookmarks data.
It seems that a bunch of other data goes out there as well.
I didn't even have to type in my routers admin password. Anyone who has that can walk right in and not worry about cracking my 63 character WPA PSK key.! What's more a remote user could do that even though I have remote management disabled. Those who have access to this cloud can do that if they wanted.
Someone somewhere can access this cloud data . What con erns me now is that its a fact that the criminals are always exploiting tech way before regular people like me get to know about it.
When it comes to privacy there are no good guys and bad guys just plain snoops.
But yes I'm sure about this. Did you tell your browser to remember the password?
If you do it definitely goes out there. If I did not do a clean install of wheezy, I would have thought the passwords and usernames were stored on my hard disk. But they were not.
I'm doing what zero said. Remove saved password for sensitive websites and hopefully it will ne removed from the cloud on the next sync.
What catfish4 points out was shocking as well. I had no idea Google kept search records for 2 years.
Holy crap, so much ignorance in this thread. Your Chrome data is encrypted with your google accountpassword, which is more than likely hashed and salted for your Google account; Google cannot decrypt your password, and therefore cannot descrypt your sync'd data.
Furthermore, you can double-encrypt it with a separate passphrase, that google will never see, making it nearly impossible to decrypt.
Some people are paranoid that google has their password and secret encryption key in plain text form and is only pretending to store your data encrypted. In fact they're so paranoid that they think that using a network sniffer to see for themselves would involve having the sniffer send the data to the guy that made it, so they can't even find out for themselves.
Personally though I trust that Google really doesn't have access to my data without my password.
Don't worry buddy , all that dat is encrypted so if you just lost your passphrase or password it is humanly impossible for any one to break in and look at it.Though technically if all the google's cpu power was used to brute force chances are it may be cracked using brute force within some reasonable (maybe not) time.
Google is a data hog. How can anyone believe they would store your data in a way such that it's inaccessible to them?
I will go further and say they don't even delete it, ever. Because who deletes "backups", no?
Still, I have an open mind! So please give me an official, technical whitepaper detailing exactly how Google manages its data (and not some legalese commitment to privacy crap) that proves me wrong, and I'll read it.
First of all even if they hacked into the actual Servers they would need to decrypt the actual custom hash which is almost impossible to do then there would be covering your tracks via deleteing IP logs from Servers using a come type of Shell such as C99 the other thing is first breaking into the server which would probably be almost impossible even if they managed to find an exploit it needs to be:
[=] RFI \ LFI
and not other exploits of course there can be Remote Code Execution but they are rarely found.
Also there would be high security protection for example a AV , A Real Person watching for any changes in the database and such. then there is automated systems which would inform FBI, CIA about any suspected breach.
So it would be 99.99999999999999999999999999999% percent that any hack would be successful during our lifetime. Even if they hacked into it now it would take couple centuries to decry-pt the hashes so till then they too will die.
Not only that but if hack is successful the servers would become offline as soon as possible. To prevent more data transfer.