Why I Created Bookmarx - The Encrypted Bookmark Manager
A brief introduction to why and a little bit of information on how I created the encrypted bookmark management extension
As a tech professional I use bookmarks constantly. Be it for links to documentation, links to project pages, links to video tutorials, etc. I live on the internet. As do most other technology professionals. Here is a brief introduction to why and a little bit of information on how I created the encrypted bookmark management extension.
As a software developer, and avid user of the internet in general, I probably click through hundreds of links per day. In my daily work I will research documentation, read forums and find tutorial videos. Keeping track of all of this isn't manageable without a bookmark manager. It's obviously the reason that every major browser has bookmarks built-in. But, those bookmark features have never been powerful enough for the way I use them.
For years I used a custom bookmark management extension I'd found after doing some Googling, but after beginning work in a field with a much higher need for being security conscious I found a need for something with just that - more security. The bookmark manager I'd been using for years, after doing some close inspection, stored all of my bookmarks and data in plain text. This isn't that big of a deal if all you're storing are links that only contain popular website URLs and that also do not contain any URL parameters or additional data on them. To review just how much data is stored in my bookmarks I decided to do a full export of my data. I was quite surprised to see what metadata was actually attached to some of these links and the story the links themselves told.
The data that I'd exported contained everything from which banks I go through, which insurance I used, which college I attended, the timestamps and IDs of some user accounts and the list goes on and on. If someone were to get ahold of all of this data, pair it with whatever data that is already floating out there in a data breach, and then begin trying any exposed username and password combinations on all of the URLs they just gathered, the possibility of a data breach would probably be quite high.
In addition to data exposure, if a bad actor were to get this data and it contained all manner of URLs to internal network resources, like database URLs, server URLs, network path locations, you name it - that too would be extremely unfortunate. After some Googling I couldn't find an alternative that was as security forward as I'd like it to be. So, like any developer does when a need arises, I built the tool myself.
I won't go too in-depth into the technical workings in this post, but I do plan to discuss the strategy and implementation around how I encrypt the data of your bookmarks and how I utilize a zero-knowledge system, similar to what you would find with the open-source email provider ProtonMail in another blog post. For now, just know that all data stored within the Bookmarx system cannot be accessed, unless the would-be attacker knows your password. And I do not store passwords on my servers, or anywhere in my own system. So, not even I can decrypt the data you save to my servers.
I've got a lot of future enhancements planned for Bookmarx and I try to get to them when I have the time. But for now it does what it needs to in allowing you to save and sync bookmarks across different browsers and devices. I am an open book in my design and if anyone is curious about my strategy I'd love to hear from you. Please visit the Reddit forum I've created with exactly that in mind. I want to make this tool based on both my own needs as well as input from other users. I'm open to suggestions and feedback and look forward to continuing to work on Bookmarx.
~ Charles, The Nerd Who Created This Thing