the documentation says confidential information should not stored:
https://developer.chrome.com/extensions/storage
confidential user information should not stored! storage area isn't encrypted.
but seems users have option of choosing own passphrase encrypt chrome sync data:
https://support.google.com/chrome/answer/1181035
so 1 it? chrome extension data protected sync passphrase?
also, don't bit:
when sign in chrome , enable sync, chrome keeps information secure using google account credentials encrypt synced passwords. alternatively, can choose encrypt of synced data sync passphrase. sync passphrase stored on computer , isn't sent google.
why passphrase stored on computer? doesn't make more secure.
the chrome.storage area not encrypted anyhow while on machine. that's why first warning there, , it's valid.
when transmitted google servers, can opt secure additional layer of encryption - while it's on google's servers. it's protection against trying data (to new device, or hypothetical attack on google servers).
it's stored on computer, google never sees , can't decrypt data on servers. need passphrase work data, , chrome not ask every time syncs data (which often) - it's stored locally.
think of box lock. instead of giving google plain-text document, give google box said document , keep key yourself. meanwhile, while working on document, keep local copy outside box, , keep key handy in case box sent google you.
Comments
Post a Comment