SOLVED
Home

Does Edge's sync use end-to-end encryption by default?

%3CLINGO-SUB%20id%3D%22lingo-sub-844436%22%20slang%3D%22en-US%22%3EDoes%20Edge's%20sync%20use%20end-to-end%20encryption%20by%20default%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844436%22%20slang%3D%22en-US%22%3E%3CP%3EFirefox%20and%20Vivaldi's%20sync%20uses%20end-to-end%20encryption%20by%20default.%20Chrome%20doesn't%20do%20this%20by%20default...%20Does%20Edge%3F%20If%20not%2C%20please%20consider%20using%20end-to-end%20encryption%20%3CSTRONG%3Eby%20default%3C%2FSTRONG%3Ewith%20syncing%20in%20Edge!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844541%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Edge's%20sync%20use%20end-to-end%20encryption%20by%20default%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844541%22%20slang%3D%22en-US%22%3EEnd%20to%20End%20encryption%20is%20not%20necessary.%20TLS%20is%20enough.%3CBR%20%2F%3E%3CBR%20%2F%3EEnd-to-end%20encryption%20(%20enduser-to-enduser%20encryption)%20is%20a%20concept%20where%20communication%20is%20encrypted%20directly%20between%20the%20users%20of%20a%20system%2C%20whereas%20many%20systems%20just%20provide%20encryption%20between%20each%20individual%20user%20and%20the%20service%20provider.%3CBR%20%2F%3E%3CBR%20%2F%3EMicrosoft%20uses%20TLS%20and%20it's%20encrypted%20on%20user%20side%20and%20gets%20decrypted%20on%20the%20server%20side%20so%20that%20the%20data%20can%20be%20stored%20on%20the%20server.%20no%203rd%20party%20should%20be%20able%20to%20eavesdrop%20on%20the%20connection.%3CBR%20%2F%3E%3CBR%20%2F%3Eusing%20E2E%20encryption%20means%20that%20the%20users%20doesn't%20even%20trust%20Microsoft%20servers%2C%20or%20Google%20servers%20in%20case%20of%20Google%20Chrome%20browser.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844552%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Edge's%20sync%20use%20end-to-end%20encryption%20by%20default%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844552%22%20slang%3D%22en-US%22%3EI%20think%20the%20concern%20is%20that%20companies%20like%20Google%20can%20use%20synced%20data%20to%20build%20a%20profile%20of%20their%20users%20for%20advertising%20purposes%20(or%20other%20purposes).%20So%20I%20guess%20if%20Microsoft%20could%20guarantee%20that%20synced%20data%20won't%20be%20used%20for%20user%20profile%20building%2C%20that%20would%20be%20sufficient.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844785%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Edge's%20sync%20use%20end-to-end%20encryption%20by%20default%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844785%22%20slang%3D%22en-US%22%3EAgreed%2C%20I%20guess%20after%20the%20Facebook%20incident%2C%20all%20of%20the%20tech%20giants%20learned%20their%20lessons%20about%20user%20data%20and%20to%20keep%20them%20safe%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Bdsrev
Contributor

Firefox and Vivaldi's sync uses end-to-end encryption by default. Chrome doesn't do this by default... Does Edge? If not, please consider using end-to-end encryption by default with syncing in Edge!

3 Replies
Solution



End-to-end encryption (enduser-to-enduser encryption) is a concept where communication is encrypted directly between the users of a system, whereas many systems just provide encryption between each individual user and the service provider.

Microsoft uses TLS so data is encrypted on user side and gets decrypted on the server side, so that the data can be stored on the server. no 3rd party should be able to eavesdrop on the connection.

using E2E encryption means that the user doesn't even trust Microsoft servers, or Google servers in case of Google Chrome browser.

 

 

Note that technically speaking, any secure communication tunnel provides encryption between two ends, but the term end-to-end encryption is usually applied to messaging services or, more generally, the secure communication between users of a service but not between a user and the service provider itself.

 

so you see E2EE is not really necessary if you are dealing Directly with Microsoft servers, Not other users.

I think the concern is that companies like Google can use synced data to build a profile of their users for advertising purposes (or other purposes). So I guess if Microsoft could guarantee that synced data won't be used for user profile building, that would be sufficient.
Agreed, I guess after the Facebook incident, all of the tech giants learned their lessons about user data and to keep them safe
Related Conversations