33
11
I've been using Chrome (and Chrome Sync) for many years now. Does that mean Google, the owner of Chrome, knows all my passwords?
I ask because I realized that Google owns Chrome, and also, it is a closed source browser, which means there could be some sort of backdoor that allows the browser to collect my passwords.
Also, is it the same case with Firefox?
Selin Peck
Posted 2014-05-14T16:31:27.897
Reputation: 467
42
Short answer, yes. If sync is enabled, and you opt to save a password, that password will be sent to Google's servers. That said, the data is encrypted, and access to it is limited.
By default, Google encrypts your synced data using your account credentials. Google indicates that this data cannot be decrypted without knowledge of your password, and that in fact, when your credentials change, all synced data must be deleted from their systems, and can then be re-synced from your devices (and in the process is re-encrypted with the your new credentials).
So, if everything is working correctly, Google themselves can be trusted, and the Google infrastructure is sufficiently secure to keep interested third parties out (read NSA, criminal hackers, etc) then your data is safe. That said, however, Google still has the capability to decrypt your data, though they don't make that known. This is simply the result of them being party to the creation of the cipher key (your credentials), leaving them in a position to save and potentially misuse the keys.
This level of trust is more than I would want to place in them, so in this situation, I would choose not to save passwords or sync data to their services, but that's just my preference. Only a fool trusts everyone, but only a bigger fool trusts no one.
Frank Thomas
Posted 2014-05-14T16:31:27.897
Reputation: 29 039
@BrianS: Why, exactly? – SarahofGaia – 2015-10-02T19:49:27.477
11It's worth mentioning that the linked page reads: "Alternatively, you can choose to encrypt all of your synced data with a sync passphrase. This sync passphrase is stored on your computer and isn't sent to Google." – and31415 – 2014-05-14T19:26:53.377
2@FrankThomas: I don't get it. You can choose your own passphrase when syncing the data. That means Google doesn't know the passphrase and hence can't decrypt the data... does it not? – user541686 – 2014-05-14T19:26:59.127
@and31415: Oh whoops looks like we mentioned the same thing. – user541686 – 2014-05-14T19:27:36.843
4Using Google Chrome for any data that the NSA might be interested in is a horrible mistake. – JonathanReez – 2014-05-14T19:53:17.143
5Yes if you encrypt all data you synch, google states that the operation happens entirely client side, in which case they will not be able to infer the key easily. That does make it safer, but not safe, per se. We have no idea what cipher is in use, whether they maintain a hash of the password, whether your key is the only one, etc. US law doesn't really allow a service to hold encrypted data that they themselves cannot access in response to a lawful intercept request. – Frank Thomas – 2014-05-14T20:02:26.893
1@FrankThomas, what law is that? I thought the rule was that if I have the technical capability to access their plaintext, then I must comply, but that the storage of encrypted blobs that I cannot decrypt isn't illegal in any way. – thirtythreeforty – 2014-05-15T06:52:41.507
1Patriot act 215 and FISAA 702 grant the government the right to demand any data they believe you possess. If you don't actually possess it, or cannot provide it, they take you to court, and if the problem persists, they install hardware on your site designed to facilitate future requests. Thats why the Lavabit founders are still in a legal quandry despite having ceased to be a company. – Frank Thomas – 2014-05-15T11:55:12.213
@and31415 who is to say they don't send that passphrase over in some way, Google controls the entire Sync suite so I believe that they could steal that passphrase behind the scenes (if they were evil) – ratchet freak – 2014-05-15T12:18:55.363
"This level of trust is more than I would want to place in them" "Don't trust us? Erm, we have root." (Quote regards Ubuntu, but the sentiment is the same.) As you say, only a fool trusts no one. Google is certainly a company I'd be willing to trust.
– Brian S – 2014-05-15T16:41:28.38722
It depends on your encryption settings.
- Encrypt synced passwords with your Google credentials: This is the default option. Your saved passwords are encrypted on Google's servers and protected with your Google Account credentials.
With this option, Google has access to your data.
- Encrypt all synced data with your own sync passphrase: Select this if you'd like to encrypt all the data you've chosen to sync. You can provide your own passphrase that will only be stored on your computer.
With this option, Google does not have access to your data, assuming they are being honest about what happens with your passphrase (what happens if you forget your passphrase makes it clear that they do not store it for your benefit), don't have some gaping hole (or backdoor) in their sync security, and your passphrase is secure enough to withstand a brute force attempt by Google (such a password is possible, but very atypical).
You can reduce the opportunity for Google to intercept your passwords by using an offline password manager like KeePass in conjunction with Chrome as your browser. You can remove the opportunity entirely by no longer using Google products (what if they really bundled a keylogger with Google Drive or Chrome? And with Gmail, password reset requests could be intercepted in one way or another, possibly resulting in Google accessing your accounts, even if your passwords are uncrackable).
With Firefox, the security of your data hinges on how secure your Firefox Account password is. If you choose a good password, it should be impossible for Mozilla or anyone to access your passwords. However, this makes the assumption that Mozilla is being honest about how the system works, and there's no gaping hole (or backdoor) in their security. You can add an additional measure of security by running your own private Sync server instead of using Mozilla's. Since Firefox is open source and Mozilla has a better track record regarding privacy than Google does, the likelihood of them trying to compromise your data seems far lower.
Choose your paranoia level as you like, and based on your needs. I wouldn't use anything Google for Snowden-level needs, but for ordinary-privacy needs, I'd go with a passphrase on Google Sync at a minimum (so that an attacker accessing your Google Account has another layer to get through before he has your passwords).
Also, note that all of this goes out the window if anyone manages to install a keylogger (maybe complemented by a screen scraper and mouse click recorder to combat on-screen keyboards) on your PC.
Tim S.
Posted 2014-05-14T16:31:27.897
Reputation: 323
1
Your paranoia is well-justified. Yes, Google can access your passwords. That's even true if you defined a custom passphrase, unless that passphrase is truly random rather than being a typical human-chosen password. Reason is, the approach used by Chrome to convert that passphrase into an encryption key (PBKDF2-HMAC-SHA1 will 1003 iterations) is ridiculously simple to bruteforce. It doesn't take Google's resources, anybody willing to invest less than $1000 into a graphics card can guess most passwords within a few days. The current implementation even fails to set a variable salt, which allows guessing passphrases for all accounts in parallel.
Current Firefox Sync implementation is considerably better. Anybody merely accessing data on the server won't be able to do a whole lot with it, the protection is sane. The client-side component of that protection is currently suboptimal however (PBKDF2-HMAC-SHA256 with 1000 iterations), so anybody who is able to intercept the password hash as it is being sent to the server will be able to guess your password with comparably little effort.
Additional information:
Wladimir Palant
Posted 2014-05-14T16:31:27.897
Reputation: 1 101
You haven't specified whether you're logging into your browser or not. If you're not signing into Chrome, then any settings, passwords, etc, are just saved locally, and not in the cloud. – ernie – 2014-05-14T17:15:20.890
5@ernie he uses Sync, so it's not all local – Tim S. – 2014-05-14T20:28:00.307
4Google knows everything. If Google isn't able to find something then it doesn't exist.. ;) – Sp0T – 2014-05-15T08:32:05.050