Can a rogue employee at Brave access my stored passwords?

Does Brave (company) have access to the passwords I store in the Brave password manager? Is there a way for me to verify that they don’t if they claim they cannot? Thanks

As long as the software is behaving as intended and advertised, then no, they cannot. The data are pre-encrypted locally before storing in the Sync service.

Since the software is open source and fairly mainstream at this point, I think it would have been discovered by now if it were not behaving as intended, but it’s always good to ask these questions.

‘Proving’ it to your own satisfaction is very subjective, but if you want to dive into the code it’s all there for analysis. Or you could probably use an SSL inspecting (‘MITM’) proxy such as Fiddler to examine the traffic to the Sync service, but to human eyes it could be difficult to distinguish ‘properly encrypted’ content vs. simply ‘encoded’ – much less if it were encrypted with a shared key, instead of a local-only private key.

So in short, it can be done, but is non-trivial to most users (myself included).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.