Google Releases Google Browser Sync Extension

Pneuma ROCKS writes "Google has just released the Google Browser Sync extension for Firefox. This extension allows you to save your bookmarks, history and passwords on Google servers, effectively giving you a 'roaming profile,' which you can sync on any computer running Firefox (and the extension, of course)."

Encrypted?

This says nothing about whether the data is encrypted in transit or, more importantly, on the servers. I don't like the idea of Google or anyone who might hack in snooping on this data.

Re:Encrypted?

Well if you already use GMail, what's a little more personal information? Of course Google can index it and add it to the increasingly large profile of you.

Re:Encrypted?

"It depends on how much of correct data you provided when you signed up."

I don't think it's as simple as that. If you're using GMail, you're likely logged in to Google every time you do a search. Do a bunch of porn viewing, and Google has the means to link that to your login. Take it a step further and keep your bookmarks there.. well... they certainly have more to draw on.

Personally, I'm not so worried about what Google sees. I'm worried about the recent moves by the gov't to collect that info. Google is unintentionally setting up a nice little trap for a bunch of people. (No, this isn't a Google is evil statement, just pointing out the dangers of centralizing all this stuff.)

Re:Encrypted?

If you're using GMail, you're likely logged in to Google every time you do a search.

Why should I do that? No, of course I don't stay logged in any more than it is necessary.

Google is unintentionally setting up a nice little trap for a bunch of people.

I don't believe that founders and managers of a multi-billion dollar enterprise are so dumb that they don't realize what they are doing. I am convinced that they are perfectly aware of all the implications - they know them better than we do, it's their business after all. Also, the government is not silent on the matter - it approached Google already, so claiming innocence won't work. Google knows damn well what it is doing, and that is to become the ultimate data warehouse for, and about, everyone on the planet. And all that data will be for sale.

Re:Encrypted?

"I don't believe that founders and managers of a multi-billion dollar enterprise are so dumb that they don't realize what they are doing."

I was not trying to imply that. They obviously feel very comfortable with what they're doing, but that alone will not protect their users. In theory, the gov't shouldn't have even asked them for the records, yet it still happened. Worse, we've got a monkey in the white-house that may bend the rules a bit to try even harder. Now maybe my imagination's getting ahead of me, but just because they think they know what they're doing doesn't mean anybody's safe. Once you've commited the data to Google, that's it, you cannot undo it.

Re:Encrypted?

Actually it tells you right here [google.com] in the FAQ.

Re:Encrypted?

People that have access and sufficinet skill and the motivation, find much more profitable ways
to exploit their power than to read your ultimately important personal data from gmail. I find
it interesting that people have such an ego boost that they imagine that from the half a billion
interactive net users, they and their pocket money are the targets of all the hackers.

I'm amazed that anyone would still say something this stupid (and that others would actually moderate it up). I seem to get several dozen phishing attempts per day, with people trying to gain access to my PayPal, Ebay, bank accounts, and other online services. I guess I must be stupid and rich to gain the attention of such target limited hackers, right?

No, of course not. Not only are there countless hackers out there with nefarious intentions, but usually their dirty work can be automated -- e.g. a simple trojan that your cousin has on his laptop, which then takes over your router in a method only possible from the inside (or installing a net listener), then automatically relaying whatever information they want. This is ignoring the fact that carriers aren't exactly the pinnacle of security, and it's entirely possible that curious or criminal employees have net monitors, and that's not even including the whole government angle.

The "security doesn't matter because no one cares about you" angle was dumb when people were saying it in the 90s. Now it just strikes me as unbelievable.

I have zero trojans of viruses on my PC (despite your defeatist "why bother fighting them?" attitude), and I want sensitive communications to be encrypted. Everyone should demand the same.

Ps. if you are familiar with how SSL or any exchangeable keypair based encryption protocols work,
you should realize that people who have constant access to your network traffic, will find out your
information anyway.

Wow, really? Care to enlighten us on how that could be, apart from some temporary implementation defects in a couple of clients (such as Internet Explorer). I call bullshit, and say that the entire foundation of your argument is ignorant nonsense.

Re:Encrypted?

Actually, it does say it will be encrypted:

http://www.google.com/tools/firefox/browsersync/fa q.html#q9 [google.com]

Why do I need to provide a PIN?

The PIN you create during setup is used to encrypt information that's synced between your computers, which may include sensitive information such as your passwords for websites. We use your PIN to unlock that information. Without your PIN, no one will be able to read the information that's being transmitted between your computers via Google Browser Sync.

Re:Encrypted?

by saying nearly, they saved themselves a world of hurt if someone manages to crack one some day. Pretending encryption is 100% secure is foolish.

Re:Encrypted?

The "nearly" is just them doing the usual corporate CMA.

If I were overseeing a high-profile company who was releasing a product that in any way used encryption, you can bet I would couch every claim about its security with some sort of qualifier.

No intelligent person ever uses superlatives when discussing encryption, unless you want to be on the hook in case it ever gets broken.

Re:Encrypted?

If you look at the extension, you will see you can choose to encrypt any/all of what it can sync.

Re:Encrypted?

Its not really clear about how much of your information is encryped. Your passwords yes, but your browsing history? Your bookmarks?

I've just downloaded and installed it. It automatically encrypts your cookies and passwords (it doesn't let you change this setting), and gives you the option of encrypting history, bookmarks, and tabs and windows if you choose to synchronize them. Additionally, it's all optional.

And if you were really security-conscious, you could tell it to not synchronize anything at all.

Assuming it keeps working (it has so far), I really like it. It makes keeping bookmarks actually worthwhile.

Re:Encrypted?

I haven't looked at the actual firefox extension but it wouldn't make sense to offer encryption and still store the PIN.

It would if the point of encryption is to keep it private *in-transit*. Just as HTTPS doesn't prevent the site you are interacting with to get all that data you submitted, the encryption prevents bystanders from seeing it.

So all this encryption does is give you some security that nobody but google will be able to see it. So if you value your privacy at all the question remains, do you trust google with it? Do you trust google to look out for your interests, even under government pressure?

Just for Now? or Always and Forever?

I'm with that other individual: Is there any extension that does this with an ftp/webdav/... server of *my* choice?

Re:Encrypted?

Really why woud you care? If your keeping sensitive information in your bookmarks list then your a fool. Personally I have been copying my bookmarks.html to ~/publcic_html for years. Its very handy when using someone elses computer and trying to remeber a URL. (Actually it was more useful in the pre-google days. These days I mostly find the URL via goodle anyhow).

Ironically

Personally I have been copying my bookmarks.html to ~/public_html for years.

This is precisely what a "home page" originally was.

Re:Ads will conveniently follow your bookmarks

Google can already follow you around the 'net using their ad network. Blogs, photos, news sites, etc., all have Google Adsense. That same cookie builds up a wealth of data about you. If this offends you, putting your bookmarks up on Google shouldn't be any worse -- what could you possibly be telling them that they don't already know?

(Besides your passwords to other sites...)

Re:Ads will conveniently follow your bookmarks

it beats the penis enlargement ads, now google will allready know I have a large member & don't need such herbal enhancements

Re:Ads will conveniently follow your bookmarks

He's actually right. If your main source of revenue is advertising dollars, your biggest asset is your "client base" and all the information you have about them - basically a big database about who likes what and how you can contact them. Put those two things together, and you have a goldmine for corporate marketing/advertising departments. They even have a very ubiquitous software application called "Goldmine" (a CRM app).

Joe Q. Public likes Jessica R. Abbit, but he's a high-schooler on a budget. Instead of sending him the add for the Tacori Diamond bracelet, let's send him the advertisement for the CVS box-o-chocolates. He's more likely to respond to that ad, which results in increased revenue for GOOG.

Information is valuable. Organized information that no one else has is "invaluable"!

Re:Ads will conveniently follow your bookmarks

Any information Google can collect, MS can collect. They own the OS remember?

Re:Ads will conveniently follow your bookmarks

He's actually right. If your main source of revenue is advertising dollars, your biggest asset is your "client base" and all the information you have about them - basically a big database about who likes what and how you can contact them. Put those two things together, and you have a goldmine for corporate marketing/advertising departments. They even have a very ubiquitous software application called "Goldmine" (a CRM app).

All of which is completely irrelevant to this discussion because the information you are givng them is encrypted and they can't read it.

Re:Ads will conveniently follow your bookmarks

So what if it's encrypted iF Google has the encryption key.

Did you not read the rest of that FAQ? Or are you being deliberately misleading? From the FAQ:

What's the point of encrypting my information?

By encrypting your information, it will be transmitted to and stored on Google's servers in a format that is nearly impossible to interpret without the PIN. That means that without the PIN, no one, not even Google, will be able to read your data.

Re:Ads will conveniently follow your bookmarks

This can really be interpreted in 2 ways:

We, Google Server, will use your PIN to unlock that information
OR
We, Google Client App, will use your PIN to unlock that information.

I personally don't see why Google would ever need to unlock the encrypted information on their side (unless they want to be evil), and obviously, it won't be you who's unlocking the information, but the firefox extension (we, google client app) will be.

Re:Ads will conveniently follow your bookmarks

Yes, because as everyone knows, businesses being able to more effectively communicate and accurately target the right customers is the worst thing that can happen.

It's a bit hard to explain without rising to hyperbole - but imagine if we'd all been happily using riaasearch.com for the last few years. Everyone has riaasearch textads all over their blogs, torrent sites ask you to click one before entering, and every second person has a riaasearch toolbar in their browser.

Now, imagine if riaasearch turned evil...

Really, marketing is not a dirty word...

You're right. It's not a dirty word; it's a weasel word...

Like those cat parasite things; Toxoplasma [boingboing.net]. Supposedly makes some people feel good, more outgoing and warmhearted. But a parasite is still a parasite...

Re:awesome

Just to clarify, this is not the first Google Firefox extension.

http://www.google.com/tools/firefox/index.html [google.com]

• Google Toolbar
• Google Browser Sync (how relevant.....)
• Blooger Comments
• Send to Phone

They also used to have:

• Google Safe Browsing [google.com]
• Google Suggest [google.com]

But they are both incorporated into Google Toolbar now.

Pr0n

Wait, I don't want all my bookmarks from home in my work browser!

-Peter

Spiffy

So does that mean we can finally use our Google(TM) Browser Sync to save our settings on Google(TM) Search and Google(TM) Mail anywhere on the Google(TM) Earth?

BookmarkRank?

BookmarkRank to augment PageRank?

Hmmm.....

For those who are loathe ...

Google has just released the Google Browser Sync extension for Firefox. This extension allows you to save your bookmarks, history and passwords on Google servers, effectively giving you a 'roaming profile,' which you can sync on any computer running Firefox (and the extension, of course).

For those who are loathe to continue shovelling their personal info at Google ...

scp ~/.firefox/default/<random_letters>/bookmarks.html my_web_host:~/public_html/

Then, from any computer:

wget -O ~/.firefox/default/<random_letters>/bookmarks.html http://mywebhost/bookmarks.html

If the system you are on doesn't have wget, you can just visit the URL and use the links in the browser or save the file to your profile on the machine. If you don't want it so easily accessible on the 'net, then you can use a different file name or put it in some randomly named directory.

Re:For those who are loathe ...

When he says "any computer" he means "any computer except the 95% running Windows." Just clearing that up for you. :)

Re:For those who are loathe ...

Yes, because nothing protects your bookmarks more from the prying eyes of the world's biggest web-crawler than dropping "bookmarks.html" into a publicly-viewable web directory...

(I just tried it on your site, Roberto Sanchez; noticed you haven't done it ;-)

Too Late

Nice idea, but too late. I keep all my bookmarks on del.icio.us [del.icio.us] now. It would be nice if they offered a better way to make off-line backups, though.

saved passwords

it seems a lot like del.ici.ou.us for the bookmarking, but sorry google, i love you, but you're not going to be getting my passwords for anything besides my google account

Trust

If you trust Google then this could be great! if you don't then feel free to bash this as a blatant grab for yet more personal data.

Either way you cant say Google aren't pushing to see what users want, and integrating it into whats good for Google. My opinion? I don't know, I like and trust goggle as much as I trust any corporation, but do I want them to have yet more information about me? Probably not. So personally I will give it a miss, although it might be useful in the future, and if it takes off in internet kiosks (and why not) then all the better. It has some serious benefit to people who travel regularly and don't own laptops and PDA's.

Cue the "tin foil hat" posts, closely followed by the "there is no privacy anyway" posts possibly followed by some random "I don't like the new layout" posts.

Spyware

The difference between Google and most big spyware companies is that the Spyware makers promise a valuable service, while Google delivers unobtrusively

I have no problem answering surveys for those mall clipboard guys as long as I'm not in a hurry. I have no problem allowing Google tracking my web habits, as long as I'm getting something valuable, Gmail, Maps, Earth, Search, et. al. in return. When I quit finding their apps useful, I'll rescind my offer to be profiled.

Googles response

When I quit finding their apps useful, I'll rescind my offer to be profiled.

I'm sorry Dave, Im afraid I can't do that.

Re:Googles response

touché

Worried about Privacy? Use Foxmarks instead.

For those who are worried about giving their browsing history and passwords to Google (or anyone for that matter), you can still reap the benefits of synchronized bookmarks with another Firefox extension: Foxmarks [mozilla.org].

Foxmarks is basically the same thing, but just for bookmarks (and not on Google's servers). It's great for keeping bookmarks across multiple machines, and also really useful for those who dual (or triple) boot a single machine. My triple-boot MacBook [sharealike.org] keeps all its bookmarks in sync with Foxmarks!

Re:Worried about Privacy? Use Foxmarks instead.

Does Foxmarks encrypt the data

No. [foxcloud.com]

Foxmarks does nothing to protect your privacy, but that won't prevent the tinfoil hats from citing privacy when offering alternatives to Google. Google, on the other hand, does support encryption, to the effect that your data is stored on their servers in encrypted form and is only decrypted locally using your key.

PageRank?

I can see how they might be interested in the bookmarks and browser history information. This could help augment the PageRank algorithm to possibly cut down on all the scammers trying to increase their PageRank by google-bombing. If they can collect data on what sites people actually visit, based on their own browsers, this would be very useful. Of course, the NSA might want this information, too,... ;-)

Your anti-piracy pledge

By installing the extension you take an anti-piracy pledge:

* defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;
* upload, post, email or transmit or otherwise make available any inappropriate, defamatory, infringing, obscene, or unlawful Content;
* upload, post, email or transmit or otherwise make available any Content that infringes any patent, trademark, copyright, trade secret or other proprietary right of any party, unless you are the owner of the Rights or have the permission of the owner to post such Content;
* upload, post, email or transmit or otherwise make available messages that promote pyramid schemes, chain letters or disruptive commercial messages or advertisements, or anything else prohibited by law, these Terms of Service or any applicable policies or guidelines.
* download any file posted by another that you know, or reasonably should know, cannot be legally distributed in such manner;
* impersonate another person or entity, or falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material;
* restrict or inhibit any other user from using and enjoying Google services;
* use the Extensions for any illegal or unauthorized purpose;
* remove any copyright, trademark or other proprietary rights notices contained in or on the Extensions or any Google services;
* interfere with or disrupt the Extensions or other Google services or servers or networks connected to Google services, or disobey any requirements, procedures, policies or regulations of networks connected to Google services;
* submit Content that falsely expresses or implies that such Content is sponsored or endorsed by Google;
* promote or provide instructional information about illegal activities or promote physical harm or injury against any group or individual; or
* transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature.

Wow, this should make the world a safer place. I guess I can sleep soundly tonight. How the hell are they going to enforce this?

Great Googley moogley!

Google is the only search engine I've used in the past, what, four or five years now, and I have a Gmail account that I check constantly. I use the translator to give me ahead start on my translating work. I know about the calculator feature. I use Google Maps all the time. I've checked the spreadsheet out and look forward to GoogleWritely. I look for jobs on Base (anyone need a bilingual CSS coder?). I use the personalized homepage to keep track of the three blogs I run and the 762 that I read every day. I'd use the Page Creator if I wasn't pretty good with Drupal. I've followed the Web Clip links and even a few GoogleAdWords links. At any given time, I have between three and seven tabs open to Google services.

I have just one question. When is it too much of a good thing, privacy or no privacy?

Server side settings are nice

I've long wished that Firefox would support LDAP+TLS or WebDAV+TLS (with client certificates) for storing at least bookmarks, if not history. It's amusing that Google seems to have done it for them - the downside being that I can't use my own servers, I have to use Google. I'll still bite.

To be honest, though, what'd be REALLY exciting would be a similar tool for Thunderbird that enabled a secure writeable server side (pref. LDAP) address book, not just the limited read-only LDAP address book support it currently has. If their calendar app added WebDAV+TLS or HTTPs WebDAV remote calendar storage, it'd start to feel like an app made for people who (*gasp*) use more than one computer.

Maybe Google's move here will show the mozilla folks that people are interested in these features.

Buggy!

I tried it on my Windows PC (Firefox 1.5). All of a sudden the menus and URL bar would not work properly. I type in a URL and it takes me to my homepage... I wanted to synch with my Mac mini, and now that machine is locked up where I can't hardly use the mouse, and I can't even close down Firefox! Very weird stuff.

Finally it would not synch anything for me. It kept giving me different errors related to how I have too much data, or to "try again later". Maybe their servers are being hit hard now.

I am uninstalling this stuff, maybe some time in the future I will reinstall when they have fixed the problems...

NSA sue Google

Seen on CNNNN

Today the NSA filed a anti trust suite againt Google inc
When a legal representative of the NSA was questioned about the case he replied, "Our case is based on Googles practice of gathering data in direct competition to the NSA, in such a manner that it's impossible for us to compete".

Our reporter was suddenly arrested before he could question Google on the matter, based on child sex porn bookmarks handed over to legal authorities by google.

You can encrypt everything it can sync

If you look at the settings, next to every checkbox for "sync this", there is another check box for "encrypt this".
Literally everything it can sync can be encrypted.

Second, it syncs much more than bookmarks.
I for one, enjoy having my history, tabs, and windows saved between the laptop and desktops I work on.

Unfortunate flaw right now

"What does it mean when I see a warning message that tells me "you logged in on a different machine"?
Currently, Google Browser Sync only allows you to be logged in to one browser at a time"

The people would mostly likely use this proably have Firefox on 2 to 3 machines and it is certainly not uncommon to A) leave your computer running with a browser window open and then get on another machine running firefox B) be on firefox on say a laptop while your wife/girlfriend etc is on your main machine(and no they shouldn't all have to have seperate accounts).

I see they are "working" on having multiple accounts but personally this simply won't work for me and many others until then. On the positive side it's nice to have Google developing for Firefox and if the encryption is sound this sounds like a nice feature that maybe one day will become standard on Firefox.

Moving away from the philosophical debate...

... and on to an actual comment about the extension itself.

On my Mac, this extension was rather problematic. It installed just fine, and syncs with Firefox on my Linux box just fine. But when I launch subsequent sessions of Firefox on my Mac, I get one window telling me it's connecting to the Google server - and it overlays (and 95% of the time prevents interaction with) the window that pops up asking for my master password (for FF's saved passwords feature). Can't type my master password, can't get past this point.

In order to actually run Firefox again, I had to manually remove the extension from my profile.

I'm used to Google's "betas" working quite smoothly - it's unusual to run into one with a big old flaw like this one.

Does it even work?

Great tool. Doesn't work for me at all.

When I start it with default config after some thinking it tells me upload too large. try disabling some components and trying again. When I uncheck all the options (i.e. don't save anything) after some thinking it tells me settings change did not complete. please try again later.

As I said, great tool. Doesn't work.

Robert

What does Google get out of this?

Google doesn't do anything if it doesn't benefit Google. They in fact will gain access to everyone's bookmarks. That is one of the most valuable pieces of information they can get, because now they can do very focused, targeting advertising. Also, they will get another way "to pagerank" web pages. If a million people bookmarked Slashdot, SourceForge and PizzaHut, they'll have a good reason to increase the rank of those sites. It seems like a win-win situation to me and smart move on the part of Google.

If it weren't for %$*#!! Mozilla...

I'm glad Google has come to the rescue of such a serious oversight on Mozilla's part. They could solve all these portability problems if they just implemented a light database backend to store your data; instead you've got:

1. HTML files (bookmarks)
2. DB files (client certs)
3. CHROME files (browser prefs)
4. TXT files (signons, cookies)
5. DAT files (forms)
6. RDF files (download manager)
7. INI files (extensions)
8. XML files (roaming profiles)
9. JS files (user prefs)
10. et-fucking-cetera

THANK YOU GOOGLE for sorting all this shit out. Too bad it took an "evil-but-not-really" third party to figure out what the end-users have been clamoring on about for years.

And yes, I'm aware that the new, improved Mozilla will implement SQLite [wikipedia.org]. Eventually, when it's released, probably, they think.