Developers

Google Gives Chrome Users Bookmarks to Go

Google on Tuesday announced a new feature that will let users of its Chrome browser sync bookmarks on multiple computers.

Announced only a few weeks after its developers began working on the project, sync is yet another round fired in a browser war that appears to be drawing in even more players.

However, it has also drawn some early criticism. A number of user complaints have sprung up, and there is some concern that the Sync feature could cause security problems.

Who’s Got the Sync?

In announcing bookmark sync on its Chromium blog, Google explained that many users have several machines, and the new feature makes it easy to keep the same set of bookmarks on all of them.

The bookmarks are stored in the cloud with the user’s Google Docs for easy access over the Web.

To activate the feature, users launch Google Chrome with the “-enable-sync” command-line flag, then set up sync from the Tools menu. Chrome will then upload and store bookmarks in the user’s Google Account.

Sync will send added or changed bookmarks to the cloud and immediately broadcast them to all other computers for which the user has activated the bookmark feature.

The Sync Protocols

Sync uses XMPP, the eXtensible Messaging and Presence Protocol. An open, XML-based protocol originally aimed at instant messaging and buddy lists, it is the core protocol of the Jabber instant messaging and presence technology.

XMPP is used in Google Talk and free clients offered by Google, Nimbuzz and the Gismo project. It is also used in multiprotocol instant messengers such as iChat and Pidgin, and free dedicated clients such as Psi and Gajim. Google Wave’s federation protocol is an open extension to the XMPP protocol.

Here’s how Chome’s sync feature uses XMPP: When a change occurs on one Google Chrome client, the infrastructure sends a tiny XMPP message to other clients on the Internet telling them to sync.

Sync Project Technical Details

Developers built a library that implements the client side of the sync protocol, as well as the Google server-side infrastructure for Chrome users. They had to use proprietary code from internal libraries that Google is beginning to open source.

Sync may be extended to other data types in the future.

Changes users make to their bookmarks while offline will be reflected on all of their sync-enabled computers when the computer used to make the adjustments goes online again.

The feature will be able to resolve bookmark data conflicts on the client without prompting the user.

Early Sync Users Comments

Firing up the sync feature is not quite as simple as Google makes it out to be, according to several users who have reported problems.

The Chromium project Web site displayed two complaints on Issue #19573, about errors signing in, when checked for this story.

“My Google password is obviously correct as I sign in with Gmail etc. without a problem,” a poster going by the name of “kaushikgopal” wrote. “I am, however, behind a proxy server in my office, and just wondering out loud if this new feature doesn’t play nice with the whole auto authentication thing (NTLM)?”

“The same happens to me!” wrote parosa. “Chrome Sync Bookmarks gives me the error ‘username and password incorrect.’ I am behind a proxy. This proxy blocks Google Talk. I have read somewhere that Sync Bookmarks uses the same technology as Google Talk.”

Logging issue #19590, Forster Michael wrote that nothing happened when he followed the steps outlined by Google to sync his bookmarks. He was one of three people affected by this problem at this story’s writing.

“I can confirm this on Windows XP and Vista, Chromium version 23600,” wrote Dan Burd, another user.

“It’s broken in 4e.0.202.0 (23619) too,” munouzin wrote. Munouzin enabled logging and “–enable-sync,” but the system reports a line at startup and reports an error whenever the sync feature is triggered, the user wrote.

Is Sync Safe?

While the sync feature is an interesting concept, it also raises several questions about security.

This feature embodies one of the most compelling aspects of the thin client idea — that users can work on multiple devices simultaneously and access their work on any of them without losing their place in an application or project, said Rob Enderle, principal analyst at the Enderle Group.

However, that is a security problem.

“With this method, Google or someone else could log in as you and stay resident, watching everything you’re doing, and you’d never know it,” Enderle told TechNewsWorld. “With single log-on, no one else can be active while you are, or you’d know about it.”

Sync’s ability to update bookmarks on other clients without prompting the user for permission was criticized by both Enderle and Randy Abrams, director of technical education at security vendor ESET.

It’s unsafe not let users have the option of being prompted to sync the bookmarks every time a change is made, he told TechNewsWorld. “That tells me Google can do their times tables a million times and not figure out that one times one equals one.”

Google would not comment on the security issues.

“I’m not sure if you saw our announcement on the Chromium blog, but that should give you some more information about the feature,” spokesperson Eitan Bencuya told TechNewsWorld.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Developers

Technewsworld Channels