• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Sync passphrase does nothing?

    Synchronization
    6
    35
    12592
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • leocg
      leocg Moderator Volunteer last edited by

      Exactly, old and outdated, makes no mention of a passphrase. Not helpful at all. However, it does say, "if we later decide to sync sensitive private data, such as passwords, we will encrypt that as well." And maybe they are encrypting it, but they're definitely not using the passphrase to do it, as I have proven.

      Well, i can't access/view my passwords on that page, i can only see the number of stored passwords. Can you see yours?

      opera://sync-internals/ may show you some info on encryption and what is encrypted.

      Reply Quote 0
        1 Reply Last reply
      • mikecerm
        mikecerm last edited by

        Well, i can't access/view my passwords on that page

        What about all of your other synced data? As I mentioned above, the setup for Sync says, "encrypt all synced data with your own master passphrase." It does not say, "only your passwords will be encrypted," which is what it used to say. Then it was updated. When I signed up, it said, "all synced data will be encrypted," just as it says today. If it had not said "all data," I would never have signed up.

        opera://sync-internals/

        Interesting, I didn't know that page existed. Clearly, Opera is just reusing the sync engine from Chrome (or Chromium), because that page looks virtually identical in Opera as does its counterpart in Chrome. The one key differentiator: the part that details "encrypted types." In Opera it only says passwords, whereas Chrome lists, "Bookmarks, Preferences, Passwords, Autofill Profiles, Autofill, Autofill Wallet Metadata, Themes, Typed URLs, Extensions, Search Engines, Sessions, Apps, App settings, Extension settings, App Notifications, Dictionary, Favicon Images, Favicon Tracking, Articles, App List, WiFi Credentials."

        So, Opera actually is lying after all. The setup says that all data will be encrypted, but they're only encrypting passwords. So, is this deliberate deception, or just a bug? Either way, it's a massive privacy violation.

        Reply Quote 0
          1 Reply Last reply
        • leocg
          leocg Moderator Volunteer last edited by

          What about all of your other synced data?

          As we discussed before and as the FAQ page says, synced data may not be encrypted on the server except for passwords and d some other more e sensitive data.

          is this deliberate deception, or just a bug?

          I would guess a fault in UI, the string should'n say that all data is encrypted.

          Reply Quote 0
            1 Reply Last reply
          • mikecerm
            mikecerm last edited by

            That FAQ is so outdated that none of what it says is applicable at all the the current version of sync. As far as I'm concerned, the only line that matters is this one:

            If we later decide to sync sensitive private data, such as passwords, we will encrypt that as well.

            They are syncing all sorts of sensitive private data and not encrypting it. They didn't used to sync this stuff, and now they are, but they're not encrypting it like they said they would and, more importantly, like they currently say they are. Yes, the current version of the client -- not some 2 year old FAQ from before the sync feature was anywhere close to complete -- says that all sync data will be encrpyted using the passphrase. Furthermore, it didn't always say this. When version 32 was released 9 months ago, the first version to support passwords syncing, the setup said that only passwords would be encrypted. http://betanews.com/2015/09/15/opera-32-adds-password-sync-improved-bookmarks-view/

            In the time since then, there was a change made to the setup, and they now say that they are encrypting everything, but they are not actually doing it. So, if they are not encrypting everything, then why did the update the wording within the sync UI to say that they are? Was it simply to mislead users into enabling the insecure sync feature? Was this done so that Opera's new Chinese masters could gather all that data? Is there some other explanation?

            Reply Quote 0
              1 Reply Last reply
            • leocg
              leocg Moderator Volunteer last edited by

              there was a change made to the setup, and they now say that they are encrypting everything, but they are not actually doing it.

              As he FAQ says, data is not encrypted on the server, but only during the transfer between the computer and the server:

              Everything is encrypted in transit between client and server. However, non-login data is not stored encrypted on the >servers. If we later decide to sync sensitive private data, such as passwords, we will encrypt that as well.

              On opera://sync-internals/, if you go to the tab 'Sync node browser' you may see what is encrypted.

              So, if they are not encrypting everything, then why did the update the wording within the sync UI to say that they are?

              Maybe something inherited from Chromium? Maybe a fault in the UI like i said? Or maybe it's being encrypted but only during the transfer like the FAQ says?

              Reply Quote 0
                1 Reply Last reply
              • mikecerm
                mikecerm last edited by

                As he FAQ says,

                That 2-year-old FAQ is has nothing to say about the current state of sync.

                You can't be serious if you think that it's okay that Opera is saying that data will be encrypted and then not doing it. You can't seriously think that it's okay that Opera copied the sync feature wholesale from Chromium, and removed all of the privacy and security, but left in place the the claims about privacy and security.

                Reply Quote 0
                  1 Reply Last reply
                • leocg
                  leocg Moderator Volunteer last edited by

                  That 2-year-old FAQ is has nothing to say about the current state of sync.

                  Well, this is your opinion. I think that many of what is written there is still valid.

                  ou can't be serious if you think that it's okay that Opera is saying that data will be encrypted and then not doing it.

                  Is that so difficult for you to understand that sync data is encrypted during its tranfer between the computer and the sync server but it's not stored encrypted on the server except for passwords?

                  Btw, found a newer comment from a former Opera employee regarding sync and security of data: http://www.opera.com/blogs/desktop/2015/09/opera-32-privacy-is-a-universal-right-2/#comment-2256300376

                  Reply Quote 0
                    1 Reply Last reply
                  • jryc
                    jryc Opera last edited by

                    Hey mikecerm!
                    There was bug in "Advanced configuration" dialog, wrong string/information about encryption. It has been fixed. Now there are two options named: "Encrypt synchronized passwords with you Opera credentials." and "Encrypt synchronized passwords with your own passphrase." Only passwords are encrypted. If you are using Opera 39 or later you have it fixed. If you have older Opera version, please upgrade to newest, Opera Stable 39, Opera Beta 40, Opera Developer 41.
                    Cheers!

                    Reply Quote 0
                      1 Reply Last reply
                    • mikecerm
                      mikecerm last edited by

                      I'm glad to hear that the "bug" has been fixed, but it is unfortunate that Opera has elected to fix it by leaving so much data unencrypted, rather than enabling full sync encryption as Google and Firefox have done. With Opera's sync servers having been recently compromised, it goes without saying that Opera's sync model is horribly insecure, and should be avoided completely. Had Google or Firefox's servers been compromised, no user data would have been put at risk.

                      Reply Quote 0
                        1 Reply Last reply
                      • black-955-tiger
                        black-955-tiger last edited by

                        Stupid question alert?????
                        What is the passphrase and where does one get it from? I tried to set up this sync thing a couple of days ago and was never asked to create a passphrase. Now in the sync button, top right of the screen I'm being told that I need to enter my passphrase to complete the sync process. Can anyone help please?

                        Reply Quote 0
                          1 Reply Last reply
                        • leocg
                          leocg Moderator Volunteer last edited by

                          What is the passphrase and where does one get it from?

                          The passphrase is set up by the user itself.

                          I tried to set up this sync thing a couple of days ago and was never asked to create a passphrase

                          Then you shouldn't need to use one.

                          Now in the sync button, top right of the screen I'm being told that I need to enter my passphrase to complete the sync process.

                          So you login into Sync and it asks you for a passphrase?

                          Reply Quote 0
                            1 Reply Last reply
                          • Deleted User
                            Deleted User last edited by

                            As of today (version 40) the "Advanced Synchronisation Settings" dialog gives you two choices: "Encrypt synchronised password with your Opera credentials" or "Encrypt all synced data with your own sync passphrase".

                            Does option two (ALL SYNCED DATA) really mean that I'm the only one who can access my data?

                            Reply Quote 0
                              1 Reply Last reply
                            • leocg
                              leocg Moderator Volunteer last edited by

                              Does option two (ALL SYNCED DATA) really mean that I'm the only one who can access my data?

                              It should say 'encrypt synchronised passwords with your own passphrase'.

                              Reply Quote 0
                                1 Reply Last reply
                              • mikecerm
                                mikecerm last edited by

                                Does option two (ALL SYNCED DATA) really mean that I'm the only one who can access my data?

                                I just tested it out, and that does appear to be true. If you try to view your synced data at sync.opera.com it now shows that the data is encrypted, where previously the data was visible even if you had chosen to encrypt all data with a passphrase.

                                Still not sure I'd trust it. I mean, previously Opera claimed to encrypt the data though they weren't actually doing it. If they're that careless with user data (remember, they were also hacked recently), who knows whether they're actually encrypting it now or just saying that they are.

                                Reply Quote 0
                                  1 Reply Last reply
                                • Deleted User
                                  Deleted User last edited by

                                  As a user I would really appreciate to know wether it's encrypted all the way or Opera just dropped a few padlock icons to gain trust.

                                  Reply Quote 0
                                    1 Reply Last reply
                                  • leocg
                                    leocg Moderator Volunteer last edited by

                                    As a user I would really appreciate to know wether it's encrypted all the way or Opera just dropped a few padlock icons to gain trust.

                                    Synced passwords are encrypted.

                                    Other data only during transition between client and server.

                                    Reply Quote 0
                                      1 Reply Last reply
                                    • Deleted User
                                      Deleted User last edited by

                                      How do you know? If you're correct, why does the dialog say "Encrypt all synced data..", and the "auth.opera.com" website tell users that bookmarks etc is encrypted?

                                      Reply Quote 0
                                        1 Reply Last reply
                                      • Deleted User
                                        Deleted User last edited by

                                        ..the "sync.opera.com" website that is.

                                        Reply Quote 0
                                          1 Reply Last reply
                                        • mikecerm
                                          mikecerm last edited by

                                          Synced passwords are encrypted.
                                          Other data only during transition between client and server.

                                          That's how it used to work, not how it currently works.

                                          Reply Quote 0
                                            1 Reply Last reply
                                          • mikecerm
                                            mikecerm last edited by

                                            How do you know? If you're correct, why does the dialog say "Encrypt all synced data..", and the "auth.opera.com" website tell users that bookmarks etc is encrypted?

                                            Don't listen to him, he's relying on outdated info. You can get details about what is actually being encrypted at opera://sync-internals/

                                            But ultimately, since Opera is closed source, you have to trust that they're actually doing what they say, and that hasn't always been been true in the past.

                                            Reply Quote 0
                                              1 Reply Last reply
                                            • First post
                                              Last post

                                            Computer browsers

                                            • Opera for Windows
                                            • Opera for Mac
                                            • Opera for Linux
                                            • Opera beta version
                                            • Opera USB

                                            Mobile browsers

                                            • Opera for Android
                                            • Opera Mini
                                            • Opera Touch
                                            • Opera for basic phones

                                            • Add-ons
                                            • Opera account
                                            • Wallpapers
                                            • Opera Ads

                                            • Help & support
                                            • Opera blogs
                                            • Opera forums
                                            • Dev.Opera

                                            • Security
                                            • Privacy
                                            • Cookies Policy
                                            • EULA
                                            • Terms of Service

                                            • About Opera
                                            • Press info
                                            • Jobs
                                            • Investors
                                            • Become a partner
                                            • Contact us

                                            Follow Opera

                                            • Opera - Facebook
                                            • Opera - Twitter
                                            • Opera - YouTube
                                            • Opera - LinkedIn
                                            • Opera - Instagram

                                            © Opera Software 1995-