Encrypted sync, who will have the decryption key?
One_million_euros last edited by
This is actually an important upcoming feature for me. I know that with Opera, there is a password reset function. But if such a function exists, it means that Opera has the decryption key and can read your data. Since people bookmark a lot of very personal web pages and their history and saved passwords are equally private and important, I'm sure most people would want the browser sync function to offer local encryption, like Firefox does, and like Chrome also does (not automatically, but you have an option to add an encryption key to all your synced data). It means that no one but the original user who knows his password can ever access this data. I hope the Vivaldi team will do the right thing.
stealth789 last edited by
I also would like to know, what implementation of Sync will be used. Only way I will ever user this feature though, is if it will be end to end encryption. That way I can be sure, that only I can access the data, no one else ever in any circumstances! Other way it's useless for me.
And from security and privacy point of view, there's no any good reason, why anyone except me should have access to my private data at all. My point is, that company / developers have decision what kind of implementation they'll choose for this kind of feature. If they honor privacy and security, end to end encryption it is. If it's anything else, there's always some hidden agenda to have this kind of back door and access to my private data at will. It's simply unacceptable!
So please keep in mind what is really at stake here, and take it really seriously!
PS: I understand, that there's need good backup as far, as user can loose data. Still there's local backup all the time. So as far as standard hosting has normal backup of data (encrypted data) there's no problem at all. And it's different question. Also argument about problem solving is nonsense. You don't need any private data ever, to check problem And if in some crazy situation you need access (still I don't understand why), you can fairly ask user during some bug check if he's willing to give you password for developer to test problem. Still personally I would never do such thing. With proper backup on any of local machines, there's always a way to recover data. Implementation of synchronization is not from process point of view some rocket science, to need to check many and many of business data, to be able to identify the problem.