Consider your choices.
The new Sync protocol is an abomination; the old one was actually secure; the new one is snake oil.
The data especially on Android can easily be hacked if someone has the expertise. This made me think how easy it would be for stranger to learn everything about me through my data.
Whenever i'm doing something with my normal chrome -> I'm part of the system and look / am normal.
Whenever i wanna do something little bit different, i use incognito mode and a different browser.
Isn't that pretty much what's happening with your data at google?
So what I do is disable everything without even thinking. Later when something isn't working as expected and it turns out it's because of one of those privacy settings, I start to think about whether or not I really need it.
So effectively, they give me an incentive to summarily reverse their opt-out strategy into an opt-in one. I suppose that's fine with them because most people won't do even that.
However, they should be aware of the fact that this is the second easiest thing to do after leaving everything enabled.
Over time, they may be creating a popular culture of "disable everything" just like they created a culture of ad-blocking (where "they" is the whole advertising industry in this case, not so much Google itself)
I can understand your point about allo more, though of course storing the local history unencrypted also means that it's going to be accessible to interested third parties in one way or another. If they don't keep it at all, it means that it won't be.
I tried to find information about it online, but the official documentation  is less than helpful to say the least. I'm guessing when they say "stuff", that's a euphemism for blob, but fuck if I know, maybe they are just trying to be hip in their documentation. After all, it's also business time, in case you didn't know.
Currently downloading the Chromium source code, to see if that's more helpful, but I kind of doubt it...
The official documentation talks about the folders /chrome/browser/sync/engine, /chrome/browser/sync/syncable and /chrome/browser/sync/protocol.
These folders are missing from the source tree, as you can see here: https://chromium.googlesource.com/chromium/src.git/+/master/...
However, I decided to give the benefit of the doubt and did a few file-searches, in case the files were moved at some point and the documentation was just not updated.
And it seems like that's actually the case. The folder /sync contains all three missing folders (engine, syncable, protocol) and more: https://chromium.googlesource.com/chromium/src.git/+/master/...
A successful experiment may be deserving of a blog post.
Didn't they drop it like 9months ago and moved to Firefox Sync?
The new system is still end-to-end-encrypted, though...
The system is still end-to-end encrypted, if you reset your password it will also reset the storage (by definition).
Does that mean you lose your history when you change your password? Or just that you need to use the new password to access (old and new) data?
Firefox Sync is unacceptable for password — or any other private data — storage. This is a pity, since the old protocol was very suitable.
It wasn't, because I've managed to lose my history with it. I very much prefer my history to be synchronized to a server I cannot lose.
> you download the browser once
That's not true. Modern browsers are set to upgrade automatically in the background, without notifying the user.
If you're paranoid, you can self-host your own Sync server, but then if you don't trust the vendor of your browser, then you've got bigger problems and I hope you're compiling your own binaries.
My browser isn't; I use the Debian Firefox package and update it on my schedule.
> If you're paranoid, you can self-host your own Sync server
Only if you host it locally; if you host it at a VPS/dedicated-system provider then you're trusting that provider never to break into your system.
It's bad social hygiene to develop systems which are breakable.
The problem with that is that if the auth server is on a machine you don't have complete control over (e.g. one hosted by a dedicated-system or VPS provider) then you are trusting that provider to never break into your machine; you are also trusting that machine never to be broken into via some remote exploit.
That's far too much trust for a system hosting sensitive data like passwords. The only secure thing is to deploy a system with as little trust as possible.
The great thing about the self-hosted sync server is, the storage and auth components are separated, and the storage one just stores encrypted blobs.
I do not appreciate this change, however, and I hope that they reconsider it.
> firefox is really sluggish
But I wouldn't go so far as to suggest that one browser is sluggish -- there are too many environmental variables to have a good discussion on this subject.
Could you ELI5 Chromium's license to me? Is the whole thing open source, or just part? Can I build the whole thing myself, or does it rely on Google's magical binaries?
EDIT: also, smooth scrolling. If there's something that ruins my day is going on a browser with smooth scrolling. First world problems.
EDIT2: also, I'm struggling to remove add-ons. I know I have pocket installed because I see its icon on the top right, but it's showing up neither on Extensions nor on Plugins. Proof: http://i.imgur.com/ShUW5CK.png
EDIT3: manage to turn off smooth scrolling. Firefox is now skipping frames. Some times there's no difference (for example in google.com Firefox scrolls as well as Chrome.) Some times there's is a clear difference (for example, http://en.flossmanuals.net/chromium/ch008_installing-chromiu... Chrome is really smooth, while in Firefox there's noticeable jerking). Some times the experience is really REALLY bad (example, imgur)
I'm curious about the frame skipping is caused by -- I've never seen that problem. I'm wondering if maybe it's video card related? Might be worth asking someone involved in the project about to see if it's a known issue.