How private and secure is Brave Sync?

I am currently using Brave and am willing to sync bookmarks across devices. How private and secure is it?

Tl;dr: @InconspicuousEntity is right: it uses a sync chain to transfer sensitive data, using zero-access E2EE. I think it’s a great option.

Details

Brave Sync claims that it

  1. enforce[s] client side encryption;
  2. doesn’t require sign-in to use sync; […]
  3. [and] uses a Brave-operated sync server so no data is sent to Google servers.

To circumvent weak passphrases, it uses Chromium’s built-in custom passphrase feature to provide authenticated key-pair encryption.

  • The first client generates a random, encoded seed.
  • A new client enters the keyphrase (e.g. manual entry or QR code).
  • The server authenticates the exchange.
  • The keyphrase is stretched, and a salt is stored by the server.
  • Future clients receive the salt and can derive the stretched keyphrase, which is used as the encryption key!

GitHub Wiki | Source Code | FAQ | Help Article

Based on the sync design and my inspection (2022.10.04) of the source code (primarily the authentication of keyphrase exchange, scrypt stretch and salt transmission, and the client-side AES128-CTR-HMAC encryption), I think there’s good evidence for those claims. :smile:

3 Likes

As I understand the service, it’s end-to-end zero access encrypted. It’s only someone with the key that can access the data, and it’s only readable on a device with the key.