I’ve been avoiding Sign In feature for quite some time now, up until today, because security with major service providers, that are also legitimate businesses and often are not open-source, seems always to be tricky. I realized I couldn’t hold back any longer, though, because the temptation to use synced data — and Chrome/Chromium syncs basically everything and lets you recreate your browser environment on just any computer/mobile device with the Internet connection and default browser configuration — was becoming very intense.
So, I’ve ran an extensive search on Google, but there were very few detailed results that would give you the dirt. Mostly generalized statements about how secure or insecure it is. Luckily, though, some peoplewrote up excellent articles that answered my questions and made me feel confident that I can safely upload my personal data to the cloud.
Because bottom line is Chrome/Chromium Sign In feature provides a very reasonable security model.
In short, the solution is to encrypt everything and use encryption passphrase, not Google Account as a passphrase (this gets sent to Google periodically and kinda defeats the purpose, because theoretically unscrupulous/overly enthusiastic employees literally have the key to your encrypted stash of private data and could read it if they really wanted to. Not cool.)
To learn more details I highly recommend to follow these URLs and read these wonderful articles:
- Comparing the Security and Privacy of Browser Syncing by Gregory Szorc with Firefox who happens to work on FirefoxSync (this is exactly what I hoped to read, a fresh publication too!)
- How to Optimize Google Chrome for Maximum Privacy by Chris Hoffman of How-To Geek.
- Google Chrome Leaking Credit Card Data? by Adam Caudill, a demonstration of why you need to encrypt everything, not just passwords.