Destroy data (passwords) from unsynced brave from chain

Whether personal information will be destroyed from unsynced brave browser (win11 x64, sync v2) from chain?
Trget device is lost and not connected to the internet.

#destroy_data_on_unsynced_brave

?? Umm, not quite sure I understand you.
What do you want, that data to be erased or not ?

Yes. I want that data to be erased.

Okay. well, I dont think that can be done until you access it manually.
Also did you have a sync chain active on it ?

Yes, but I removed that computer from the chain remotely.
It would probably be better to wait until it appears on the network, remove all data from the chain, wait for synchronization, and then start a new chain.

Maybe its time to start use keepass…

Maybe it is a good idea to add future in brave - delete all data from unsynced browser.

You have to manually remove the information that was previously synched, it is a risk to let people remotely remove anything just because they had access to your sync-code just not good, because you have to think someone might have access to one of your devices or sync-code and then they can do anything to your computer.
Also, I don’t think Chromium can remotely do it anyway, because it sounds like a huge security risk, to allow something like that.

And Brave sync works just like Chrome, same system, which you can see the internal information here brave://sync-internals, and see all the information there and see what is being synched or not, to have an idea if you deleted what you wanted.

But Brave doesn’t remove sync-chains from their server yet either, they are working on it, which means that your information will not be stored in the server ever, and that’s good. It is encrypted and all, so there is no risk of course, but Brave has found sync-codes on random places on the internet, so it is always a risk to have something like that living forever on servers, especially if they are unused.

But think about this, if you remove the sync-chain from their servers, why would it make sense to destroy your whole data like passwords? maybe in some situations it would but minimal cases, and in most cases it is more of a security risk, that browsers will not do it, if you have access to your devices, then you can manually do it, and that’s the point, if you lose access to your device, you can take measures to remove the data, at least so it syncs and removes it from other devices, but making sure you keep it.

Anyway, what I do is I have an independent new User Data to have a fresh Browser I can do whatever I want with it, which I do by starting Brave with --user-data-dir=, join my old sync code (I have two), and then I clear all my information and even reset the browser so settings also get reset and synched, then make sure brave://sync-internals shows my sync-chain is almost at a default state and then remove the sync-chain from my browser and keep the code until I am allowed to remove it from Brave’s server, but at least if someone had access to that sync code, they will not get anything.

I just press ctrl+shift+del and select advanced, select everything with all the time and done. mostly.

There are some things I don’t sync like history, because it adds a ‘sessions’ sync, so you have to always like… clear history and all that to make sure old devices will not show in the sync-chain.

I would think Brave adding a notification if a device was added to sync chain is a more likely feature to be implemented, because at least you can take measures if somehow you see a device was joined and you didn’t do it, than expecting the browser to have the power to remotely remove anything it wants just like Google does with extensions.

1 Like

@Shkur777 Not sure what you’re referencing. If it had been synced, then all the data is on your device anyway. So even if sync chain was removed, all the data would persist.

Your best bet if you encounter an issue where you believe your sync code to be compromised, such as you think they can access the browser on the missing device, then you’ll need to do both of the following:

  • Contact Brave to request the sync chain be deleted. You can do that by contacting privacy@brave.com or you can do it by submitting a Support Ticket. If you go this route, Brave will need a screenshot of brave://sync-internals/ showing the Sync username.

  • Remove all current devices from the sync chain and then change all your passwords. Create a new chain between existing devices.

NOTE
I just want to emphasize once more that data is stored in your browser. So this means once you lose access to a device, all existing information will be saved and accessible. Simple removing the sync chain is not enough to secure anything, it just will prevent any new information from being shared.

Also, there is a Github where they are working on allowing Users to permanently delete their sync accounts rather than having to contact support. It looks like it may not be much longer until it’s released. You can follow that at https://github.com/brave/brave-core/pull/13562

And I’m going to tag @Alexey to see if he has any idea on an ETA for that. Not sure if it will jump right to Release, if it is going to go to Nightly first, or what?

1 Like