Edge really needs end-to-end encryption for sync and better privacy policy

%3CLINGO-SUB%20id%3D%22lingo-sub-1189089%22%20slang%3D%22en-US%22%3EEdge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1189089%22%20slang%3D%22en-US%22%3E%3CP%3EFirefox%2C%20Vivaldi%20and%20even%20Chrome%20have%20end-to-end%20encryption%20for%20sync.%20For%20Firefox%2C%20it's%20on%20by%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdge%20doesn't%20have%20that.%20That%20means%20that%20Microsoft%20can%20see%20all%20your%20bookmarks%2C%20tabs%20and%20history.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4468242%2Fmicrosoft-edge-browsing-data-and-privacy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EEdge's%20privacy%20policy%3C%2FA%3E%20doesn't%20say%20much%20specifically%20in%20regards%20to%20how%20data%20from%20Sync%20is%20used%2C%20only%20about%20history%20and%20tabs%20are%20used%20for%20analytics%20if%20you%20opt%20in%20to%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1189241%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1189241%22%20slang%3D%22en-US%22%3E%3CP%3E%22Firefox%2C%20Vivaldi%20and%20even%20Chrome%20have%20end-to-end%20encryption%20for%20sync.%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESource%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1189291%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1189291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fhelp.vivaldi.com%2Fguide%2Fset-up-sync%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EVivaldi%3C%2FA%3E%3A%20%22The%20data%20on%20your%20Sync%20account%20are%20encrypted.%20Please%20provide%20your%20encryption%20password%20to%20decrypt%20them.%22%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fhacks.mozilla.org%2F2018%2F11%2Ffirefox-sync-privacy%2F%23foot-5%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EFirefox%3C%2FA%3E%3A%20%22Firefox%20Sync%20by%20default%20protects%20all%20your%20synced%20data%20so%20Mozilla%20can%E2%80%99t%20read%20it.%20We%20built%20Sync%20this%20way%20because%20we%20put%20user%20privacy%20first.%20In%20this%20post%2C%20we%20take%20a%20closer%20look%20at%20some%20of%20the%20technical%20design%20choices%20we%20made%20and%20why.%22%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.google.com%2Fchrome%2Fanswer%2F165139%3Fvisit_id%3D637180481868103649-1633798694%26amp%3Bp%3Dsettings_encryption%26amp%3Brd%3D2%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EChrome%3C%2FA%3E%3A%20%22With%20a%20passphrase%2C%20you%20can%20use%20Google's%20cloud%20to%20store%20and%20sync%20your%20Chrome%20data%20without%20letting%20Google%20read%20it.%20...%20Passphrases%20are%20optional.%20Your%20synced%20data%20is%20always%20protected%20by%20encryption%20when%20it's%20in%20transit.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERight%20now%2C%20Edge%20really%20is%20unique%20in%20offering%20no%20end-to-end%20encryption.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1661860%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1661860%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565823%22%20target%3D%22_blank%22%3E%40ragingrei%3C%2FA%3E%26nbsp%3BI%20agree%20here%20very%20strongly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBrowser%20sync%20is%20about%20as%20sensitive%20as%20data%20can%20get%2C%20as%20it%20is%20likely%20to%20contain%20all%20kinds%20of%20personal%20information%2C%20ranging%20from%20political%20opinions%20to%20social%20security%20numbers*%20and%20similar.%20If%20there%20is%20no%20end-to-end%20encryption%2C%20all%20of%20these%20can%20be%20exposed%20by%20rogue%20employees%2C%20successful%20external%20attacks%2C%20or%20plain%20misconfigurations.%20So%20it%20isn't%20even%20about%20trusting%20Microsoft%20as%20a%20company%2C%20E2EE%20is%20simply%20essential%20for%20damage%20mitigation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGiven%20that%20end-users%20cannot%20be%20expected%20to%20be%20aware%20of%20these%20concepts%2C%20really%20only%20Firefox%20gets%20it%20right%2C%20but%20Chrome%20at%20least%20allows%20the%20end-user%20to%20make%20it%20so.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditionally%2C%20Edge%20is%20the%20first%20browser%20I%20have%20seen%20to%20enable%20Sync%20by%20default%2C%20making%20the%20default%20settings%20even%20more%20important.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E*%20It%20isn't%20unlikely%20to%20see%20some%20websites%20transmit%20sensitive%20information%20through%20URI%20parameters%2C%20against%20all%20recommendations%2C%20so%20things%20like%20social%20security%20numbers%20can%20end%20up%20in%20the%20synchronized%20data%20like%20favorites.%20Other%20sensitive%20personal%20information%20is%20directly%20encoded%20in%20the%20bookmarks%20and%2C%20once%20sync%20for%20those%20is%20implemented%2C%20open%20tabs%20and%20history.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2019710%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2019710%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565823%22%20target%3D%22_blank%22%3E%40ragingrei%3C%2FA%3E%26nbsp%3BIMHO%20this%20thread%20remaining%20open%20is%20misleading.%20The%20use%20of%20%22primary%20password%22%2C%20or%20former%20%22master%20password%22%20for%20example%20in%20Firefox%20is%20quite%20different%20than%20what%20is%20implied%20by%20your%20statement.%20It%20is%20utilized%20for%20local%20encryption.%3CBR%20%2F%3E%3CBR%20%2F%3ETypically%20this%20is%20not%20be%20required%20in%20a%20user's%20environment%20in%20Windows%20as%20apps%20and%20users%20can%20benefit%20from%20other%20means%20to%20protect%20their%20local%20data%20with%20their%20logon%20password.%20I%20won't%20go%20into%20details.%3CBR%20%2F%3E%3CBR%20%2F%3EOf%20course%20data%20are%20encrypted%20by%20all%20browsers%20when%20synched%20with%20a%20backend%20service%20in%20a%20manner%20that%20in%20theory%20is%20not%20reversible%20by%20the%20service%20owners%2C%20as%20it%20requires%20the%20original%20account%20password%20of%20the%20user%20account%20on%20the%20service.%20The%20latter%20is%20available%20to%20the%20local%20browser%20but%20typically%20not%20to%20the%20service%20itself%20as%20it%20should%20in%20principle%20only%20store%20the%20hashed%20password.%3CBR%20%2F%3E%3CBR%20%2F%3EOf%20course%20there%20are%20several%20techniques%20that%20allow%20secondary%20keys%20(backup%20or%20recovery%20keys)%20to%20unlock%20encrypted%20data%20with%20user's%20password%2C%20however%20I%20want%20to%20believe%20that%20none%20of%20the%20big%20ones%20employs%20such%20a%20technique...%20I%20hope%20I%20won't%20prove%20wrong%2C%20but%20in%20any%20case%20this%20has%20nothing%20to%20do%20with%20the%20master%2Fprimary%20password%20thing.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Fuse-primary-password-protect-stored-logins%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Fuse-primary-password-protect-stored-logins%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2019757%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20really%20needs%20end-to-end%20encryption%20for%20sync%20and%20better%20privacy%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2019757%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565823%22%20target%3D%22_blank%22%3E%40ragingrei%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F913435%22%20target%3D%22_blank%22%3E%40gkakas%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F791934%22%20target%3D%22_blank%22%3E%40klaus930%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fuser-help-auth-app-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQuestions%20%26amp%3B%20answers%20about%20Microsoft%20Authenticator%20app%20-%20Azure%20AD%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSTRONG%3ECloud%20and%20network%20security%3C%2FSTRONG%3E%3A%20%3CSTRONG%3EYour%20passwords%20on%20the%20cloud%20are%20encrypted%20and%20decrypted%20only%20when%20they%20reach%20your%20device.%3C%2FSTRONG%3E%20Passwords%20are%20synced%20over%20an%20%3CSTRONG%3ESSL-protected%20HTTPS%20connection%3C%2FSTRONG%3E%2C%20which%20ensures%20no%20attacker%20can%20eavesdrop%20on%20sensitive%20data%20when%20it%20is%20being%20synced.%20We%20also%20ensure%20we%20check%20the%20sanity%20of%20data%20being%20synced%20over%20network%20using%20cryptographic%20hashed%20functions%20(specifically%2C%20hash-based%20message%20authentication%20code).%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20Same%20database%20and%20same%20encrypted%20passwords%20that%20Edge%20and%20Authenticator%20app%20both%20use.%26nbsp%3B%3C%2FP%3E%3CP%3Ethis%20is%20because%20the%20Authenticator%20app%20on%20Android%20and%20IOS%20are%20now%20password%20managers%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Firefox, Vivaldi and even Chrome have end-to-end encryption for sync. For Firefox, it's on by default.

 

Edge doesn't have that. That means that Microsoft can see all your bookmarks, tabs and history.

 

Edge's privacy policy doesn't say much specifically in regards to how data from Sync is used, only about history and tabs are used for analytics if you opt in to that.

5 Replies

"Firefox, Vivaldi and even Chrome have end-to-end encryption for sync. "

 

Source?

 

 

 

 

@HotCakeX 

 

Vivaldi: "The data on your Sync account are encrypted. Please provide your encryption password to decrypt them."

Firefox: "Firefox Sync by default protects all your synced data so Mozilla can’t read it. We built Sync this way because we put user privacy first. In this post, we take a closer look at some of the technical design choices we made and why."

Chrome: "With a passphrase, you can use Google's cloud to store and sync your Chrome data without letting Google read it. ... Passphrases are optional. Your synced data is always protected by encryption when it's in transit."

 

Right now, Edge really is unique in offering no end-to-end encryption.

@ragingrei I agree here very strongly.

 

Browser sync is about as sensitive as data can get, as it is likely to contain all kinds of personal information, ranging from political opinions to social security numbers* and similar. If there is no end-to-end encryption, all of these can be exposed by rogue employees, successful external attacks, or plain misconfigurations. So it isn't even about trusting Microsoft as a company, E2EE is simply essential for damage mitigation.

 

Given that end-users cannot be expected to be aware of these concepts, really only Firefox gets it right, but Chrome at least allows the end-user to make it so.

 

Additionally, Edge is the first browser I have seen to enable Sync by default, making the default settings even more important. 

 

* It isn't unlikely to see some websites transmit sensitive information through URI parameters, against all recommendations, so things like social security numbers can end up in the synchronized data like favorites. Other sensitive personal information is directly encoded in the bookmarks and, once sync for those is implemented, open tabs and history.

@ragingrei IMHO this thread remaining open is misleading. The use of "primary password", or former "master password" for example in Firefox is quite different than what is implied by your statement. It is utilized for local encryption.

Typically this is not be required in a user's environment in Windows as apps and users can benefit from other means to protect their local data with their logon password. I won't go into details.

Of course data are encrypted by all browsers when synched with a backend service in a manner that in theory is not reversible by the service owners, as it requires the original account password of the user account on the service. The latter is available to the local browser but typically not to the service itself as it should in principle only store the hashed password.

Of course there are several techniques that allow secondary keys (backup or recovery keys) to unlock encrypted data with user's password, however I want to believe that none of the big ones employs such a technique... I hope I won't prove wrong, but in any case this has nothing to do with the master/primary password thing.

https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins

@ragingrei @gkakas @klaus930 

 

Questions & answers about Microsoft Authenticator app - Azure AD | Microsoft Docs

 

  • Cloud and network security: Your passwords on the cloud are encrypted and decrypted only when they reach your device. Passwords are synced over an SSL-protected HTTPS connection, which ensures no attacker can eavesdrop on sensitive data when it is being synced. We also ensure we check the sanity of data being synced over network using cryptographic hashed functions (specifically, hash-based message authentication code).

 

This is the Same database and same encrypted passwords that Edge and Authenticator app both use. 

this is because the Authenticator app on Android and IOS are now password managers too.