The Brave team is treating security as a joke

The Brave team is treating security as a joke. Anyone who manages to get access to or borrow our devices for a few minutes can simply sync their Brave browser with our account to steal saved passwords. Today, I deleted Chrome and installed Brave. When connecting Brave with my laptops and mobile devices, I realized that if I use Brave, I could lose access to several accounts if I leave the device unlocked for few minutes. This is because Brave does not ask for the system password on Mac, Windows, or Android when syncing the device with another one. This is terrible.

My words may be harsh, but nobody is talking about this. They are only discussing unsupported Brave rewards and adblocker features, but the main issue is security when syncing devices. It’s better to use Brave as an ad blocker for YouTube mobile without saving passwords in Brave. Otherwise, I cannot find anything useful.

Then this is where the user would be taking security as a joke. You should NEVER be leaving things unlocked when not in use. If ever having someone needing to use something like a computer, you should have a guest account for them and/or monitor to see what they are doing.

Letting someone use your device is like giving someone the keys to your house. And leaving your device unlocked is akin to leaving the door wide open. Neither of those are good. That said, I get that you are saying you’d like to think of your web browser as a safe that can be locked. This would at least keep some of your things safe even if someone gets into your home.

I know Brave is working on things and eventually will launch Sync V3, but for now it’s primarily on us to keep things in order.

1 Like

A bad actor can do a lot of things if they somehow gain access to your unlocked device. You seem pretty concerned with security, so as your first line of defense, I would suggest you don’t “borrow” your phone to someone who would steal your passwords and don’t walk away from your unlocked device in public spaces.

I actually don’t think that requiring a password before adding a new device to a Sync chain wherein passwords are being shared is a bad idea, it looks like this has already been mentioned even:

But saying that we “treat security is a joke” is needlessly inflammatory and obviously not true. I will try and get more eyes on this issue from our devs.

2 Likes

Also want to show that I’ve tagged in before to try to get things moving, such as existing comment on one of the Github as seen in screenshot below.

In addition to Github linked by Mattched, figured I’d share the ones below (They probably should close/merge a lot of those requests as there are duplicates.):

@Saoiray ah thanks for that first one — that was what I was looking for but it wasn’t showing up in my search for some reason. Thank you for finding it.

1 Like