Encryption keys and usability in Vivaldi and other browsers

  • Ambassador

    @julien_picalausa: Ah, I'm not criticizing the current behavior, far from it.
    I just remembered that you said earlier that if no encryption password were provided, the login password was used as the encryption password, unknowingly from the user, to allow for E2E even without a specific password provided.
    And my question was if that behavior was still actual or not. And you kind of answered it already 🙂

  • Such third party services are not cheap or limited to use. And sending login data to third party service may be a severe privacy issue.

    In general, yes.

    But in this particular case, the API call to check an email or password is free and reasonably anonymous, plus anyone could just download and integrate the full pwnd/bad database.

  • Thanks for the detailed explanation.

  • Thanks very very much, i learnt a lot (though some things went over the head). I will be glad to see more of such posts for not so learned person like me.
    I have a doubt: I thought since Chromium is a Google project somehow, there's no way one can be totally private on it however one may try, which also includes a Chromium derived browser. So i want to ask this to you: if i take necessary actions like not using chrome sync, Google account, encryption and what else there is, can Chromium provide the privacy like an independent open sourced browser? If not, can that happen with another browser based on Chromium which takes some additional steps (like Vivaldi)? If yes this time, please educate me, I'll be very grateful, how Chromium based browser can take privacy steps which aren't possible in Chromium even after manipulating the settings (like you talked about encryption being off by default but which can be switched from the settings)
    Thanks in advance, should I have discussed this in the forums instead?

  • Moderator

    @sid0 Vivaldi is not capable of making the connections that Google uses to harvest data from Chromium-based browsers. You can't, for instance, log in to Google sync with Vivaldi. Google can still get info from you (in any browser) if you log in to things like GMail, YouTube, Google Maps, Google Drive, Google docs, etc.

  • Moderator

    @sid0 There are always some connections that must be made to Google servers:

    • Extensions updates
      If you install an extension from the Chrome Store Vivaldi (or any Chromium browser that install from Chrome Store) will connect to Google to check for updates and download them.
    • Components updates
      There are some components that are updated independently from browser updates, for example Widevine, the DRM required for Netflix, Amazon Prime, etc.
    • Dictionaries updates
      The spell checking dictionaries need to be updated too.

    The first can be prevented by not installing extensions from the Chrome store, the second is required, the third is unavoidable.

    Bare chromium on the other hand still makes some more connections to Google, even with many settings turned off. It still sends a ping to list Google accounts that were used in the browser for example.

  • Amazing new vivaldi's made email and sync. Finally I am glad your best vivaldi!!!

  • Right, this is quite a weak point of all browsers. I would very much prefer if we could have all browser data encrypted and protected with a password. Too much sensitive / private information is stored there without any security whatsoever. Vivaldi team, please think about it and improve if you can. Thanks.

  • Excellent!! 🌟🌟🌟🌟🌟

  • I still use my handwriting for really sensitive data, xD. And still use my head to store all my passwords. But due to the high number of services is leading to insanity.

    But what I think is that adding another password is make another process, adding processes don't help with usability friendliness from the user standpoint.

    Then we have third party password managers ... but I think that chicken is going to be set apart for another dinner.

  • Is the encryption key stored anywhere? It keeps saying wrong password. I entered the same as my account but it still says wrong. I have no idea what it is. Is there a file somewhere i can find it?

  • @Saile Nope, the only way to "get back" the encryption key is to reset remote data (you'll keep anything stored in local) and sync again - generating a new key.

Log in to reply

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.