Privacy Bookmark Syncing for Chrome
07:45Naturally when I think of a browser that respects privacy, it has to be Firefox. Their encryption method and security model for account syncing deserves some serious respect. For bookmarks in particular - although there are a lot of tools available to sync browser bookmark data (like XMarks), the one I came across that really deserves more attention was xBrowserSync.
When you look at Google Chrome, syncing data to them looks really shady. Unlike knowing the strengths and vulnerabilities of Firefox's 'onepw' protocol, there doesn't seem to be any clear documentation for Google Chrome's sync that states how it transfers and stores data. If you set up a sync passphrase for Google Chrome, their answer page simply says it adds "an extra layer of encryption so Google can't read your data". It's better to assume that with or without a passphrase, they probably have a way of looking at what is stored and synced on your browser and Google account.
xBrowserSync is a browser extension that syncs your bookmarks with the option to include your bookmarks bar. It's currently available for Google Chrome and is coming soon™ for Firefox. It uses 256-bit AES encryption to secure your bookmarks using your secret key/passphrase that is only stored locally on input.
If it's your first time using it, you simply enter a passphrase and it syncs your bookmarks and generates an xBrowserSync ID. If you have an existing ID, you can optionally pop that in and sync your server-stored bookmarks to your browser. It even has a search bar to find and filter your bookmarks after syncing:
By default, the bookmarks are stored to https://api.xbrowsersync.org/ which is hosted on Red Hat OpenShift. Since your passphrase is stored locally, their servers can't decrypt it. They do collect IP information for some requests to prevent abuse, but they aren't associated with data being synced from your browser and are only kept for a day. If you aren't comfortable with that, you can simply host your own server, change the extension's service location, and sync your bookmarks there.
xBrowserSync's server-side REST API and client app code is open source and is available on Github. If you would like to support them, you can help their development by forking and making pull-requests on their page. You can also donate them Bitcoins to their wallet addressed on their homepage.
It may not sync your history, tabs, or extensions; but its pretty useful to have. If you're worried about Google Chrome phoning back home even without sync enabled, you can try a forked/patched version of the browser like Iridium, Inox, or ungoogled-chromium; browsers I will definitely cover in another day.
0 comments