39 votes

Private by design: How we built Firefox Sync

23 comments

  1. [9]
    666
    Link
    I've never tried Firefox Sync because I used to think it stored unencrypted data or to be able to read it (pretty much what I expect Google, Opera and other companies to be doing). Thanks for...

    I've never tried Firefox Sync because I used to think it stored unencrypted data or to be able to read it (pretty much what I expect Google, Opera and other companies to be doing). Thanks for posting this article, now I have a good reason to start using it, keeping things in sync manually was definitely not a fun thing to do.

    Edit: just a quick question, could this in theory be used by third party apps to store random data encrypted on Mozilla's servers? Kind of like a private Google Drive or Dropbox.

    16 votes
    1. [4]
      teaearlgraycold
      Link Parent
      If you also set a master password (which requires a password before password fields will auto-fill) then Firefox works pretty well as a distributed password manager. I wish they'd also let me...

      If you also set a master password (which requires a password before password fields will auto-fill) then Firefox works pretty well as a distributed password manager.

      I wish they'd also let me encrypt my cookies and session data with the master password. It seems like an obvious security feature to me.

      6 votes
      1. [3]
        frickindeal
        Link Parent
        Can you use Face ID or a fingerprint reader as your master password? I'm a recent iOS convert, and I've been pretty impressed with how you can tie banking logins and the like directly to your Face...

        Can you use Face ID or a fingerprint reader as your master password? I'm a recent iOS convert, and I've been pretty impressed with how you can tie banking logins and the like directly to your Face ID, so that without your face and your attention to the phone, the login, although already stored, cannot be used.

        1. [2]
          teaearlgraycold
          Link Parent
          All I know is they don't support anything like that on Android.

          All I know is they don't support anything like that on Android.

          1 vote
          1. Devin
            Link Parent
            Firefox was the only one that allowed me to put ublock origins through add ons in android. Why every other browser in android has to be a closed garden is beyond me.

            Firefox was the only one that allowed me to put ublock origins through add ons in android.

            Why every other browser in android has to be a closed garden is beyond me.

            5 votes
    2. [4]
      Soptik
      Link Parent
      It doesn't store extensions storage, but it does save cookies (not sure about local storage). So you should be able to make a website that would save files into cookies or local storage.

      It doesn't store extensions storage, but it does save cookies (not sure about local storage). So you should be able to make a website that would save files into cookies or local storage.

      2 votes
      1. [3]
        666
        Link Parent
        I was thinking about creating a script in Python (or another language) that does the same process of encrypting data as Firefox does and then sends it to Mozilla servers using their API, but...

        I was thinking about creating a script in Python (or another language) that does the same process of encrypting data as Firefox does and then sends it to Mozilla servers using their API, but instead of encrypting browser data it'd encrypt files. Since Mozilla receives encrypted data they can't tell whether this is real browser data or something else so their servers would probably accept it.

        1. [2]
          Deimos
          Link Parent
          I'd assume they have a limit on size, or at least monitoring to notice if a particular account starts using an unreasonable amount of storage space. The data that Firefox Sync stores is pretty...

          I'd assume they have a limit on size, or at least monitoring to notice if a particular account starts using an unreasonable amount of storage space. The data that Firefox Sync stores is pretty much just a small amount of text, I highly doubt you're going to be able to store any significant amount of data without hitting a limit or having them cut your account off.

          There are tons of options for storing data for free or extremely cheap, I think it's extremely unlikely to be worth the effort of trying to abuse Firefox Sync for free storage.

          3 votes
          1. 666
            Link Parent
            I know this and I won't abuse their service, I won't even use it for what I suggested. But I love testing software and I'm always thinking about ways it can be misused or ways to trigger bugs.

            There are tons of options for storing data for free or extremely cheap, I think it's extremely unlikely to be worth the effort of trying to abuse Firefox Sync for free storage.

            I know this and I won't abuse their service, I won't even use it for what I suggested. But I love testing software and I'm always thinking about ways it can be misused or ways to trigger bugs.

  2. [14]
    Suppercutz
    Link
    I wish that chrome sucked enough that switching was a no brainer. I will, but it kills me since chrome is so full featured.

    I wish that chrome sucked enough that switching was a no brainer. I will, but it kills me since chrome is so full featured.

    2 votes
    1. [9]
      Deimos
      Link Parent
      What does Chrome have that Firefox doesn't? I don't know of anything that isn't available in Firefox either natively or through an extension.

      What does Chrome have that Firefox doesn't? I don't know of anything that isn't available in Firefox either natively or through an extension.

      21 votes
      1. [6]
        TheJorro
        (edited )
        Link Parent
        Something I haven't managed to figure out yet is how to have two Firefox instances logged into separate accounts, like Chrome does. I know Firefox has Multi-Account Containers but it requires far...

        Something I haven't managed to figure out yet is how to have two Firefox instances logged into separate accounts, like Chrome does.

        I know Firefox has Multi-Account Containers but it requires far too much micromanagement regularly, and isn't quite as simple to use when you have a site you use separately on both accounts. MAC doesn't seem to have enough customization to make up for these gaps. Also it doesn't seem to recognize long URL strings properly and will sometimes open pages in the default container.

        I've been using Firefox with MAC since Quantum came out and I still sometimes have to manually tell it to open some tabs in my Work container because I went to a different page on a site I already told it to open only in my Work Container.

        8 votes
        1. [5]
          Akir
          Link Parent
          Separate Google accounts? Google lets you stay logged under different accounts regardless of what browser you are using.

          Separate Google accounts? Google lets you stay logged under different accounts regardless of what browser you are using.

          1. [4]
            TheJorro
            Link Parent
            It goes beyond just the GSuite accounts. My work and personal Chrome windows had very different setups in terms of extensions, bookmarks, and even cookies.

            It goes beyond just the GSuite accounts. My work and personal Chrome windows had very different setups in terms of extensions, bookmarks, and even cookies.

            6 votes
            1. [4]
              Comment deleted by author
              Link Parent
              1. [2]
                TheJorro
                Link Parent
                Oh jeez, it takes a launch command? No wonder I couldn't find it anywhere in the settings. Thanks! I'll give this a shot.

                Oh jeez, it takes a launch command? No wonder I couldn't find it anywhere in the settings. Thanks! I'll give this a shot.

                5 votes
                1. unknown user
                  Link Parent
                  Seconding what Bauke said, you can bookmark about:profiles like any other page. I have it on my bookmarks bar along with some other stuff that I like to keep handy (mainly folders). I have a...

                  Seconding what Bauke said, you can bookmark about:profiles like any other page. I have it on my bookmarks bar along with some other stuff that I like to keep handy (mainly folders). I have a couple other profiles, e.g. one for shopping (too hard to do with UBlock Dynamic mode enabled), and also an "empty" profile that forgets everything on quit which I use for testing stuff in a clean profile.

                  1 vote
              2. Akir
                Link Parent
                Firefox profiles are a lifesaver. If you can restore a profile from a dead PC, that's as good as restoring everything for some users. Profiles are also cross platform, so it's great if you are...

                Firefox profiles are a lifesaver. If you can restore a profile from a dead PC, that's as good as restoring everything for some users. Profiles are also cross platform, so it's great if you are migrating to a different OS.

                1 vote
      2. [2]
        agentseven
        (edited )
        Link Parent
        I'm a dyed-in-the-wool Firefox user and I despise Chrome, but it has way more extensions. Particularly since Firefox's rewrite last year basically dumped out all the legacy extensions and if the...

        I'm a dyed-in-the-wool Firefox user and I despise Chrome, but it has way more extensions. Particularly since Firefox's rewrite last year basically dumped out all the legacy extensions and if the authors wouldn't rewrite them, they died on the vine. Lots died. It will recover, but for now, I frequently look for shit that I find results for on Chrome only. Most recent example, I was looking for an extension that would capture audio in the browser. Chrome has a great one, Chrome Audio Capture, precisely what I was looking for. Firefox had no analog.

        For the record, it doesn't matter. I love FF. But I keep Chrome around - just in case I need something unusual.

        6 votes
        1. frickindeal
          Link Parent
          Also screen capture for in-browser video, for tutorials and the like. I know you can do that within the computer itself, but having it as an extension on a portable version of FF meant you didn't...

          Also screen capture for in-browser video, for tutorials and the like. I know you can do that within the computer itself, but having it as an extension on a portable version of FF meant you didn't have to do any sort of install on a computer that isn't yours. Screencastify on Chrome works brilliantly and has a ten-minute limit on the free version (plenty for most of my uses), but I've yet to find a suitable replacement on FF.

          3 votes
    2. clone1
      Link Parent
      Have you tried firefox? chrome used to be better, but now they are the same or firefox is ahead imo.

      Have you tried firefox? chrome used to be better, but now they are the same or firefox is ahead imo.

      7 votes
    3. [2]
      Diff
      Link Parent
      If Chrome doesn't suck enough, are any of Firefox's features tempting? I've personally enjoyed the heck out of Container Tabs in all their forms.

      If Chrome doesn't suck enough, are any of Firefox's features tempting? I've personally enjoyed the heck out of Container Tabs in all their forms.

      4 votes
      1. SammyP6
        Link Parent
        i really like how you can customize the entire ui through css, I like the containers feature, I like the rss feature

        i really like how you can customize the entire ui through css, I like the containers feature, I like the rss feature

        1 vote
    4. unknown user
      Link Parent
      If grabbing your login on a cetain web page and using it itself for sending your data to a third party doesn't make it suck enough, I don't know what else might. Or maybe I'm a bit obsessed with...

      If grabbing your login on a cetain web page and using it itself for sending your data to a third party doesn't make it suck enough, I don't know what else might. Or maybe I'm a bit obsessed with browsing privacy, IDK.