Forum Discussion
Edge continues to be the only major browser with no end-to-end sync encryption
- ragingreiNov 09, 2020Brass Contributor
HotCakeX That's true of any site that has cookies or requires user accounts. That's not a case where there's a reasonable expectation of privacy, so it's not nearly as much of an issue (though I personally use alternative search engines for this reason). Nor, importantly, is Google aware of what you do on the sites you navigate to from the search results, especially if you block tracking cookies, which a large portion of Internet users do. That's a massive difference from knowing every step you take and every tab you have open or have had open.
End-to-end encryption inherently is unbreakable by whomever is storing the data. That's the whole point of it. In fact, there are famous cases where Apple can't break phone encryption for police access.
There are probably some well-funded, shady organizations out there who can break it, but they can rarely act on it overtly, as then they would be revealing their capabilities to their adversaries, who would then change their encryption scheme.
Meanwhile, without end-to-end encryption, a disgruntled Microsoft employee, or one who gains permission for the sake of the interests of the company, can easily decrypt your entire browsing history and view everything you do in Edge. I'm not even sure it would be illegal for them to, outside the EU.
- HotCakeXNov 09, 2020MVPSpoiler
ragingrei wrote:HotCakeX That's true of any site that has cookies or requires user accounts. That's not a case where there's a reasonable expectation of privacy, so it's not nearly as much of an issue (though I personally use alternative search engines for this reason). Nor, importantly, is Google aware of what you do on the sites you navigate to from the search results, especially if you block tracking cookies, which a large portion of Internet users do. That's a massive difference from knowing every step you take and every tab you have open or have had open.
End-to-end encryption inherently is unbreakable by whomever is storing the data. That's the whole point of it. In fact, there are famous cases where Apple can't break phone encryption for police access.
There are probably some well-funded, shady organizations out there who can break it, but they can rarely act on it overtly, as then they would be revealing their capabilities to their adversaries, who would then change their encryption scheme.
Meanwhile, without end-to-end encryption, a disgruntled Microsoft employee, or one who gains permission for the sake of the interests of the company, can easily decrypt your entire browsing history and view everything you do in Edge. I'm not even sure it would be illegal for them to, outside the EU.
apple,. they can do it themselves, never believe just anything you read on the news.
there is also Israeli company that breaks apple phones and sells these technologies to whoever pays.
I have a legitimate question though, how can you know Google chrome has end to end encryption? how do you verify that?
how to be sure the password field for data encryption in Chrome isn't just a password field to grab your keywords, save them on their server as plain text, and then you get a message that your data is encrypted, and then you believe it. you can't know what actually happens on their end and whether or not your data is actually encrypted.
if you can, enlighten us too.
- ragingreiNov 09, 2020Brass Contributor
HotCakeX wrote:I have a legitimate question though, how can you know Google chrome has end to end encryption? how do you verify that?
You can inspect the Chromium source code, compile it yourself, run it through a debugger, and see that it does indeed encrypt against your key. You can also just run it through a tool like Fiddler and you'll see that it isn't plaintext.
apple,. they can do it themselves, never believe just anything you read on the news.
there is also Israeli company that breaks apple phones and sells these technologies to whoever pays.
Again, the point isn't that it can't be done; it's that it's difficult to do in plain sight. The point isn't to limit what openly bad actors can't do; it's to limit what supposedly good actors can.