I'm aware of the Chrome sync passphrase. If I used Chrome on Android (I don't—I use Firefox), would Chrome back my passphrase up to Google's systems? I dunno.
Is the crypto behind Chrome's sync anywhere near as good as that behind Firefox's? Not last time I looked.
I'm also aware that email often travels via SSL—but it's always cleartext to the sending and receiving hosts. I don't see that I'm suffering an especial risk with Gmail, since someone will always have plaintext versions of all mail I receive; I would be were I backing up data to them which I would never back up to anyone.
> I'm aware of the Chrome sync passphrase. If I used Chrome on Android (I don't—I use Firefox), would Chrome back my passphrase up to Google's systems? I dunno.
At least the docs claim that it's only saved on your device. You can believe it or not. There may be a way to verify that it's not being backed up with your normal Android data, but I'm not sure.
> Is the crypto behind Chrome's sync anywhere near as good as that behind Firefox's? Not last time I looked.
It's never been not good. Maybe you're thinking of back when they didn't have the option to encrypt all your sync data locally, just your passwords? It uses Nigori[1] and the source is all available[2].
Is the crypto behind Chrome's sync anywhere near as good as that behind Firefox's? Not last time I looked.
I'm also aware that email often travels via SSL—but it's always cleartext to the sending and receiving hosts. I don't see that I'm suffering an especial risk with Gmail, since someone will always have plaintext versions of all mail I receive; I would be were I backing up data to them which I would never back up to anyone.