Sync passphrase does nothing?

lando242

lando242 last edited by

You did enter your master passphrase. You did it when you logged into that website. You can't view that website without logging into it first.

mikecerm

mikecerm last edited by

No, I didn't. The website does not request the sync passphrase. I logged into that website using ONLY my "Opera Credentials." I never entered my passphrase anywhere. I did this within Firefox, just to make sure that the Opera browser wasn't leaking my sync passphrase to the site or doing local decryption with the cached passphrase in the browser. Never was I asked for my passphrase, only my Opera credentials. Those are two different things.

When you set up sync without a passphrase -- the default configuration -- your sync data is secured using only your Opera account password. Because Opera controls this account, Opera is able to decrypt your information upon demand. The purpose of the passphrase is to encrypt all data locally with a passphrase that is never sent to Opera. All that should be sent to Opera is the encrypted information.

As Opera is closed-source, it's not possible to know if every single feature is implemented and functioning as intended. There is an element of trust. In this case, I am able to prove empirically that sync is not working as intended, putting the private data of users at risk. If I am able to view my data on the Opera website using ONLY my Opera account password (not the sync passphrase), then clearly the sync passphrase is not being used to encrypt the data. So, either this is a bug, or Opera is intentionally making false claims about how sync works, and it's not possible to secure your synchronized information.

Is there anyone at Opera who can speak authoritatively about this? This is a serious privacy violation, and it would be good if someone could answer.

leocg

leocg Moderator Volunteer last edited by

Opera controls this account, Opera is able to decrypt your information upon demand

I don't think Opera knows your password.

The purpose of the passphrase is to encrypt all data locally with a passphrase that is never sent to Opera. All that should be sent to Opera is the encrypted information.

I guess the pass-phrase works only with your saved passwords and works exactly the way you said.

Is there anyone at Opera who can speak authoritatively about this?

Well, this is an users; forum so you should not expect any comments from Opera although some employees may come here eventually.

mikecerm

mikecerm last edited by

I don't think Opera knows your password.

Opera doesn't need to know my password. Since the account is one that they control, they could (for example) reset the account credentials to a password that they do know. Or, possibly they don't have to do anything at all, because my browsing history is just sitting on their server, seemingly unencrypted!

I guess the pass-phrase works only with your saved passwords and works exactly the way you said.

Yeah, maybe that's true, and that's how it used to work. Opera now claims that all synced data will be encrypted, and they appear to be straight-up lying about how the passphrase works. Opera is claiming that the passphrase works just as it does on Google Chrome (everything is encrypted by the passphrase, Google can't access your synced data), or how sync works by default on Firefox (everything is encrypted, Mozilla can't see anything, no passphrase required). The end result is that users are being tricked into giving Opera a bunch of personal information that they might not be comfortable giving up. That seems like a class-action lawsuit waiting to happen, and a reason never to use Opera. I mean, many users are uncomfortable about the sale to a Chinese company, but not that Opera is obviously deceiving users about how their supposedly private data is being mishandled, users have legitimate cause to avoid Opera entirely.

Well, this is an users; forum

It seems to be the only support forum available, so I thought I'd raise the issue here. Companies usually have moderators for their forums. I've also now contacted Opera directly at privacy@opera.com, so we'll see if anyone responds. I guess I should also contact the EFF and Steve Gibson, see if they can take action and/or make a stink about it.

leocg

leocg Moderator Volunteer last edited by

Opera doesn't need to know my password. Since the account is one that they control, they could (for example) reset the account credentials to a password that they do know.

Well, if you think this way then it seems to me that you have a problem of trusting and i'm not sure if anything that could be said here will be helpful for you. After all, we can always think in a way of having our data being visible to them or to others.

Even the pass-phrase is not a guarantee of protection as you don't know how exactly it works.

Or, possibly they don't have to do anything at all, because my browsing history is just sitting on their server, seemingly unencrypted!

When you se a third part service you need to trust the ones providing that service.

mikecerm

mikecerm last edited by

Well, if you think this way then it seems to me that you have a problem of trusting

This is a rather bizarre ad hominem attack. I mean, I've just demonstrated to you conclusively that Opera is deliberately misleading users about privacy, and you accuse me of being a weirdo with trust issues. Do you think you're being helpful? Obviously, I trusted Opera enough to use the browser. Before the "secure passphrase" was implemented, I didn't use sync because of the inherent privacy implications. When Opera began claiming that the synced information would be securely encrypted, I thought, "hey, I trust these guys know what they're doing, let's give this a shot!" I took them at their word that the information would be encrypted, and it is not. So, this has nothing to do with an inability to trust, and everything to do with the fact that Opera is saying that they're doing something, and they're obviously not doing it.

Even the pass-phrase is not a guarantee of protection

Obviously, Opera claims that it is used to secure the information. Sure, there could be some bug or flaw in the way they implemented the encryption, but I thought at least an attempt would be made to encrypt the information they said they were going to encrypt, you know, at a minimum. I never once thought they would just be outright lying, and not doing any encryption at all.

Privacy is a serious issue, and Opera claims that they take it seriously. If they are lying about this, then what else might they be lying about?

leocg

leocg Moderator Volunteer last edited by

This is a rather bizarre ad hominem attack

Attack? Serious that you took what i said as an attack?

I've just demonstrated to you conclusively that Opera is deliberately misleading users about privacy

Nope, you pointed out that https://sync.opera.com/web/ doesn't ask for your pass-phrase and that, in your opinion, it's an issue.

However, we can't say for sure if the pass-phrase is to be asked or not.

and you accuse me of being a weirdo with trust issues.

I didn't accuse anyone of nothing, i simply presumed something - that may be wrong i admit - based on a statement of yours.

BTW, i found an old and somehow outdated FAQ on Sync and it says that (most) data is encrypted only during transmission.

mikecerm

mikecerm last edited by

Attack?

Yes. An ad hominem attack is a term of art for when you attempt to refute a valid point by attacking the character of the person making it, e.g., "if you think that Opera is untrustworthy, maybe you just have problems trusting." Saying such a thing has no relevance to the legitimate issue I am raising.

However, we can't say for sure if the pass-phrase is to be asked or not.

If the passphrase is used to encrypt the data, then it must be used to decrypt the data. It's as simple at that. If Opera is able to display my information on https://sync.opera.com/web/ without asking me for my passphrase, then the passphrase was not used to encrypt the information. The only other explanation would be that Opera is storing the passphrase in their server and using it to decrypt the data, which they explicitly state they will not do, not to mention it would defeat the purpose of the passphrase entirely, i.e., if you leave the key in a lock, then anyone can just come along and turn the key.

old and somehow outdated FAQ on Sync

Exactly, old and outdated, makes no mention of a passphrase. Not helpful at all. However, it does say, "if we later decide to sync sensitive private data, such as passwords, we will encrypt that as well." And maybe they are encrypting it, but they're definitely not using the passphrase to do it, as I have proven.

Bottom line: the entire point of the passphase is that the encrypted data can only be decrypted by the person with the passphase. Opera says "all synced data will be encrypted with the passphrase," and they plainly are not doing it. If Opera is doing any encryption at all, which remains to be seen, then Opera is using a key that Opera controls, not the passphrase that is known only to the user. This means that Opera has the ability decrypt all synced data, and the passphrase is completely useless.

leocg

leocg Moderator Volunteer last edited by

Exactly, old and outdated, makes no mention of a passphrase. Not helpful at all. However, it does say, "if we later decide to sync sensitive private data, such as passwords, we will encrypt that as well." And maybe they are encrypting it, but they're definitely not using the passphrase to do it, as I have proven.

Well, i can't access/view my passwords on that page, i can only see the number of stored passwords. Can you see yours?

opera://sync-internals/ may show you some info on encryption and what is encrypted.

mikecerm

mikecerm last edited by

Well, i can't access/view my passwords on that page

What about all of your other synced data? As I mentioned above, the setup for Sync says, "encrypt all synced data with your own master passphrase." It does not say, "only your passwords will be encrypted," which is what it used to say. Then it was updated. When I signed up, it said, "all synced data will be encrypted," just as it says today. If it had not said "all data," I would never have signed up.

opera://sync-internals/

Interesting, I didn't know that page existed. Clearly, Opera is just reusing the sync engine from Chrome (or Chromium), because that page looks virtually identical in Opera as does its counterpart in Chrome. The one key differentiator: the part that details "encrypted types." In Opera it only says passwords, whereas Chrome lists, "Bookmarks, Preferences, Passwords, Autofill Profiles, Autofill, Autofill Wallet Metadata, Themes, Typed URLs, Extensions, Search Engines, Sessions, Apps, App settings, Extension settings, App Notifications, Dictionary, Favicon Images, Favicon Tracking, Articles, App List, WiFi Credentials."

So, Opera actually is lying after all. The setup says that all data will be encrypted, but they're only encrypting passwords. So, is this deliberate deception, or just a bug? Either way, it's a massive privacy violation.

leocg

leocg Moderator Volunteer last edited by

What about all of your other synced data?

As we discussed before and as the FAQ page says, synced data may not be encrypted on the server except for passwords and d some other more e sensitive data.

is this deliberate deception, or just a bug?

I would guess a fault in UI, the string should'n say that all data is encrypted.

mikecerm

mikecerm last edited by

That FAQ is so outdated that none of what it says is applicable at all the the current version of sync. As far as I'm concerned, the only line that matters is this one:

If we later decide to sync sensitive private data, such as passwords, we will encrypt that as well.

They are syncing all sorts of sensitive private data and not encrypting it. They didn't used to sync this stuff, and now they are, but they're not encrypting it like they said they would and, more importantly, like they currently say they are. Yes, the current version of the client -- not some 2 year old FAQ from before the sync feature was anywhere close to complete -- says that all sync data will be encrpyted using the passphrase. Furthermore, it didn't always say this. When version 32 was released 9 months ago, the first version to support passwords syncing, the setup said that only passwords would be encrypted. http://betanews.com/2015/09/15/opera-32-adds-password-sync-improved-bookmarks-view/

In the time since then, there was a change made to the setup, and they now say that they are encrypting everything, but they are not actually doing it. So, if they are not encrypting everything, then why did the update the wording within the sync UI to say that they are? Was it simply to mislead users into enabling the insecure sync feature? Was this done so that Opera's new Chinese masters could gather all that data? Is there some other explanation?

leocg

leocg Moderator Volunteer last edited by

there was a change made to the setup, and they now say that they are encrypting everything, but they are not actually doing it.

As he FAQ says, data is not encrypted on the server, but only during the transfer between the computer and the server:

Everything is encrypted in transit between client and server. However, non-login data is not stored encrypted on the >servers. If we later decide to sync sensitive private data, such as passwords, we will encrypt that as well.

On opera://sync-internals/, if you go to the tab 'Sync node browser' you may see what is encrypted.

So, if they are not encrypting everything, then why did the update the wording within the sync UI to say that they are?

Maybe something inherited from Chromium? Maybe a fault in the UI like i said? Or maybe it's being encrypted but only during the transfer like the FAQ says?

mikecerm

mikecerm last edited by

As he FAQ says,

That 2-year-old FAQ is has nothing to say about the current state of sync.

You can't be serious if you think that it's okay that Opera is saying that data will be encrypted and then not doing it. You can't seriously think that it's okay that Opera copied the sync feature wholesale from Chromium, and removed all of the privacy and security, but left in place the the claims about privacy and security.

leocg

leocg Moderator Volunteer last edited by

That 2-year-old FAQ is has nothing to say about the current state of sync.

Well, this is your opinion. I think that many of what is written there is still valid.

ou can't be serious if you think that it's okay that Opera is saying that data will be encrypted and then not doing it.

Is that so difficult for you to understand that sync data is encrypted during its tranfer between the computer and the sync server but it's not stored encrypted on the server except for passwords?

Btw, found a newer comment from a former Opera employee regarding sync and security of data: http://www.opera.com/blogs/desktop/2015/09/opera-32-privacy-is-a-universal-right-2/#comment-2256300376

jryc

jryc Opera last edited by

Hey mikecerm!
There was bug in "Advanced configuration" dialog, wrong string/information about encryption. It has been fixed. Now there are two options named: "Encrypt synchronized passwords with you Opera credentials." and "Encrypt synchronized passwords with your own passphrase." Only passwords are encrypted. If you are using Opera 39 or later you have it fixed. If you have older Opera version, please upgrade to newest, Opera Stable 39, Opera Beta 40, Opera Developer 41.
Cheers!

mikecerm

mikecerm last edited by

I'm glad to hear that the "bug" has been fixed, but it is unfortunate that Opera has elected to fix it by leaving so much data unencrypted, rather than enabling full sync encryption as Google and Firefox have done. With Opera's sync servers having been recently compromised, it goes without saying that Opera's sync model is horribly insecure, and should be avoided completely. Had Google or Firefox's servers been compromised, no user data would have been put at risk.

black-955-tiger

black-955-tiger last edited by

Stupid question alert?????
What is the passphrase and where does one get it from? I tried to set up this sync thing a couple of days ago and was never asked to create a passphrase. Now in the sync button, top right of the screen I'm being told that I need to enter my passphrase to complete the sync process. Can anyone help please?

leocg

leocg Moderator Volunteer last edited by

What is the passphrase and where does one get it from?

The passphrase is set up by the user itself.

I tried to set up this sync thing a couple of days ago and was never asked to create a passphrase

Then you shouldn't need to use one.

Now in the sync button, top right of the screen I'm being told that I need to enter my passphrase to complete the sync process.

So you login into Sync and it asks you for a passphrase?

Deleted User

Deleted User last edited by

As of today (version 40) the "Advanced Synchronisation Settings" dialog gives you two choices: "Encrypt synchronised password with your Opera credentials" or "Encrypt all synced data with your own sync passphrase".

Does option two (ALL SYNCED DATA) really mean that I'm the only one who can access my data?