Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync trusted websites #1153

Open
szl1973 opened this issue May 10, 2023 · 3 comments
Open

Sync trusted websites #1153

szl1973 opened this issue May 10, 2023 · 3 comments
Assignees
@smalluban
Labels
Needs investigation

Comments

@szl1973
Copy link

szl1973 commented May 10, 2023

Description

Paused website list not synced between devices

Expected Behavior

I’d like to see on any Apple device the same list of paused webpages.

Actual Behavior

Not the same list on all devices

Versions

  • Browser: Safari (latest)
  • OS: iOS, iPadOS, MacOS (latest)
  • Node:
  • NPM:
@smalluban
Copy link
Collaborator

Hi @szl1973! Thanks for the proposal. We are already investigating the feature, and we are in the development process of generally a syncing feature (for now not private data) for Safari (#1161).

However, as paused domains are strictly private data, we are figuring out how to implement syncing them in a private way (like encryption with a passcode only set on the client, and not saved anywhere).

@smalluban smalluban self-assigned this Jul 12, 2023
@smalluban smalluban changed the title Sync paused websites list on Apple devices Sync paused websites May 23, 2024
@smalluban smalluban removed the v10 label Jun 18, 2024
@smalluban
Copy link
Collaborator

For myself: investigate https://web.dev/articles/passkey-registration for authentication.

@smalluban smalluban changed the title Sync paused websites Sync trusted websites Aug 21, 2024
@smalluban smalluban mentioned this issue Aug 21, 2024
Closed
@philipp-classen
Copy link
Member

The type of problem, where clients store data on a server, but the server cannot read it, is called "Zero knowledge encryption". (An alternative would be a P2P approach, but it has different trade-offs: the biggest drawback is that there is no single source of truth, but also establishing P2P communication is hard. Overall, I do not think it would make sense here.)

The idea with a server is conceptually simple: the data that is stored on the server is always encrypted by the clients using symmetric encryption. As often, the practical problem is the key management.

All clients need to share the secret. Either they generate a random value and the user has to copy it over somehow. Or you can to derive it from the password, but then the problem is what happens if you change the password (they need to migrate it once, having to know the old and new password).

Another practical issue is what happens if the user loses access to the secret (or to the password if it was derived)? In general, the data is then lost (unless there is some extra mechanism like a recovery key).

All in all, it is possible; but there are some practical challenges.

(Some background: https://security.stackexchange.com/questions/236686/recovery-possibilities-with-zero-knowledge-encryption)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smalluban smalluban

Labels
Needs investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philipp-classen @smalluban @szl1973