🆕 Software Suggestion | xBrowserSync bookmarks synchronization between devices #1735

New Issue

2020-02-23T13:22:37Z

lrq3000 commented

2020-02-23 13:22:37 +00:00

(Migrated from github.com)

Basic Information

Name: xBrowserSync
Category: Not sure, could be in File Sync or Browser Extensions as a mention?
URL: https://www.xbrowsersync.org/ (sourcecode for both the client app and server: https://github.com/xbrowsersync)

Description

xBrowserSync is a free, open-source and end-to-end encrypted alternative to synchronize bookmarks across your devices. Your data is encrypted and decrypted on your device, no one but you can read it. There is no registration needed, all is needed is to enter a randomly generated id on all devices. Different servers are available, and it can also be self-hosted.

Why I am making the suggestion

Synchronizing browsing between devices is a common need nowadays, and this solution is E2EE, opensource and free. I know it since years but before it was very cumbersome to use, but recently the bookmark sharing has gotten a lot better and is transparent on the most common browsers (Firefox, Chrome, Opera, works on Android smartphones too by sharing links to the app), so I've restarted using it and I can recommend it as it is simple enough to use now IMHO.

In the future, they plan to synchronize open tabs and history too, but for the moment I did not see these features implemented.

My connection with the software

Just a (recent) user.

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Basic Information **Name:** xBrowserSync **Category:** Not sure, could be in File Sync or Browser Extensions as a mention? **URL:** https://www.xbrowsersync.org/ (sourcecode for both the client app and server: https://github.com/xbrowsersync) ## Description xBrowserSync is a free, open-source and end-to-end encrypted alternative to synchronize bookmarks across your devices. Your data is encrypted and decrypted on your device, no one but you can read it. There is no registration needed, all is needed is to enter a randomly generated id on all devices. [Different servers](https://www.xbrowsersync.org/#status) are available, and it can also be [self-hosted](https://github.com/xbrowsersync/api-docker). ## Why I am making the suggestion  Synchronizing browsing between devices is a common need nowadays, and this solution is E2EE, opensource and free. I know it since years but before it was very cumbersome to use, but recently the bookmark sharing has gotten a lot better and is transparent on the most common browsers (Firefox, Chrome, Opera, works on Android smartphones too by sharing links to the app), so I've restarted using it and I can recommend it as it is simple enough to use now IMHO. In the future, they plan to synchronize open tabs and history too, but for the moment I did not see these features implemented. ## My connection with the software  Just a (recent) user. - [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

lrq3000 commented

2020-02-23 13:30:34 +00:00

(Migrated from github.com)

To clarify how it works in practice:

install the browser extension on your computer (Chrome, Firefox, Opera)
install the XBrowserSync app on your smartphone
configure both with the same password and randomly generated id (a QR code is generated to more easily share between devices)
add bookmarks as usual on your computer, they will appear automatically on other computers with the browser extension, and on Android smartphones you can find them in the XBrowserSync app.
from the Android smartphone, when browsing a website with any browser, share the link to the XBrowserSync app (do not bookmark, it does not work yet in my experience). The XBrowserSync app will automatically fetch the title and a description if possible, and it's possible to add tags. Saved links in the Android app will be automatically synchronized to the computers with the browser extension, directly in the browser's bookmarks.

Note it's not made for offline browsing (unlike Wallabag for instance, BTW this app being not E2EE), it's really just for bookmarks synchronization, the content of the links (apart from the title and a description, both being editable by user) are not stored.

To clarify how it works in practice: * install the browser extension on your computer (Chrome, Firefox, Opera) * install the XBrowserSync app on your smartphone * configure both with the same password and randomly generated id (a QR code is generated to more easily share between devices) * add bookmarks as usual on your computer, they will appear automatically on other computers with the browser extension, and on Android smartphones you can find them in the XBrowserSync app. * from the Android smartphone, when browsing a website with any browser, share the link to the XBrowserSync app (do not bookmark, it does not work yet in my experience). The XBrowserSync app will automatically fetch the title and a description if possible, and it's possible to add tags. Saved links in the Android app will be automatically synchronized to the computers with the browser extension, directly in the browser's bookmarks. Note it's not made for offline browsing (unlike [Wallabag](https://github.com/wallabag/wallabag) for instance, BTW this app being [not E2EE](https://github.com/wallabag/wallabag/issues/3339)), it's really just for bookmarks synchronization, the content of the links (apart from the title and a description, both being editable by user) are not stored.

hugoncosta commented

2020-02-23 17:15:08 +00:00

(Migrated from github.com)

Interesting add-on and certainly a must. Firefox provides bookmark sync out of the box, but I believe it doesn't let you host the data yourself, no idea on encryption.
I'd propose adding this one to the Recommended Add-ons.

Interesting add-on and certainly a must. Firefox provides bookmark sync out of the box, but I believe it doesn't let you host the data yourself, no idea on encryption. I'd propose adding this one to the [Recommended Add-ons](https://www.privacytools.io/browsers/#addons).

blacklight447 commented

2020-03-02 12:42:05 +00:00

(Migrated from github.com)

Does the end to end encryption that is utilized by the addon have an audit?

👍 1

lrq3000 commented

2020-03-02 15:06:29 +00:00

(Migrated from github.com)

No 3rd-party audit of xBrowserSync specifically, but all crypto is done using the Web Crypto API in the client's browser, which itself should be audited.

Also some more details from the FAQ:

How is my data encrypted? I’m concerned about submitting it to unknown and untrusted servers. Can it really not be decrypted by anyone but me?

xBrowserSync utilises the browser’s native Web Crypto library to encrypt your browser data client-side before it is transmitted over the internet. For key derivation, xBrowserSync uses PBKDF2 with 250,000 rounds of SHA-256 (as a comparison, LastPass’ key derivation uses a similar approach but with only 100,100 rounds by default). The data is then encrypted using AES-GCM with a random 16 byte IV and the user’s random 32 char sync ID as a salt. This approach ensures your data cannot be decrypted without your sync password (which is never transmitted) so please ensure you use a strong password! If you would like to review the encryption code, the relevant functions are getPasswordHash and encryptData.

[No 3rd-party audit of xBrowserSync specifically](https://github.com/xbrowsersync/app/issues/129), but [all crypto is done using the Web Crypto API in the client's browser](https://github.com/xbrowsersync/app/issues/129), which itself should be audited. Also some more details from the FAQ: > How is my data encrypted? I’m concerned about submitting it to unknown and untrusted servers. Can it really not be decrypted by anyone but me? > > xBrowserSync utilises the browser’s native Web Crypto library to encrypt your browser data client-side before it is transmitted over the internet. For key derivation, xBrowserSync uses PBKDF2 with 250,000 rounds of SHA-256 (as a comparison, LastPass’ key derivation uses a similar approach but with only 100,100 rounds by default). The data is then encrypted using AES-GCM with a random 16 byte IV and the user’s random 32 char sync ID as a salt. This approach ensures your data cannot be decrypted without your sync password (which is never transmitted) so please ensure you use a strong password! If you would like to review the encryption code, the relevant functions are getPasswordHash and encryptData.

👍 1

lrq3000 commented

2020-03-03 13:14:48 +00:00

(Migrated from github.com)

Just edited my posts and title to respect the x in lowercase (XBrowserSync -> xBrowserSync)

DJCrashdummy commented

2020-04-13 06:20:20 +00:00

(Migrated from github.com)

perhaps with adding xBrowserSync (thanks for bringing this up 👍), it will be also worth mentioning floccus (https://github.com/marcelklehr/floccus) for those who don't want to setup an own dedicated service for bookmark-syncing but already have a trusted sync-service.
i really like its approach to support different sync-backends like nextcloud-bookmarks, a generic WebDAV-server or any other file-storage.

perhaps with adding xBrowserSync (thanks for bringing this up :+1:), it will be also worth mentioning [floccus](https://floccus.org/) (https://github.com/marcelklehr/floccus) for those who don't want to setup an own dedicated service for bookmark-syncing but already have a trusted sync-service. i really like its approach to support different sync-backends like nextcloud-bookmarks, a generic WebDAV-server or any other file-storage.

👍 3

This repo is archived. You cannot comment on issues.

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1735