
A Better Firefox Sync - lelf
https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/
======
mikegioia
Just today I reinstalled Ubuntu on a laptop and the sync completely borked.

What I don't understand is why does it first ask you for a pair code from
another device? My only other device was a desktop far away. After I logged in
and clicked "reset sync key" it apparently lost all of the synced data!

I seriously hope this solves the currently heinous sync process. Just let me
log in an authorize myself for goodness sake.

~~~
kevingadd
Aside from the fact that yes, pair codes are annoying - it sounds like you
didn't understand Sync at all and were upset that it wouldn't compromise basic
security guarantees for ease of use?

In the old system, the pair code was effectively a password. It's obvious that
resetting the sync key wiped out your synced data; the synced data was
encrypted with the old key and generating a new one obviously wouldn't let you
decrypt it. (It's possible the old key can still be used to recover the data,
but I'm not sure).

Complaining that it demanded a pair code is like complaining that gmail asks
you for a 2fa code after you've turned on 2fa. Of _course_ it does, that's how
the security works.

Of course, the pair code system is kind of a pain, so they introduced
passwords. But the pair code system _does_ work if you use it correctly. I
don't think it's fair to call it 'completely borked' when your problems are
entirely down to user error.

Keep in mind that Firefox Sync always protects all your profile data; Mozilla
can't access it because _your_ machines encrypt it. This is unlike Chrome's
profile sync where all the data lives on Google's servers and is accessible to
them. As a result the authentication can't be as simple as 'sign in with your
gmail account' or something like that.

~~~
mikegioia
This is a ridiculous and rather arrogant response. First off, if the user
doesn't understand something, you can't just always blame the user. It in fact
did completely bork my synced data. I don't care what you want to call it, if
user's lose data there's a problem somewhere in the design of the sync system.

No where in the user-flow did it say anything about losing data if you reset
the recovery key. These confusions are why they're changing the FF sync
system!

~~~
zobzu
there is no recovery key in old sync AFAIK. you delete the single, only mail
key. (also, that's why old sync is "not a backup system")

the new sync actually seems to have plans for a recovery key and be a "backup
system", which seems more inline with users expectations

~~~
mikegioia
Ah I see. I'm looking forward to the new system. Chrome's sync was easy and
worked well and it's the one thing I really miss.

------
magicalist
The Sync protocol document is (linked in the article) has a lot of interesting
details about the new system: [https://github.com/mozilla/fxa-auth-
server/wiki/onepw-protoc...](https://github.com/mozilla/fxa-auth-
server/wiki/onepw-protocol)

------
seanieb
On Password reuse - Implementing a one factor, password based auth puts the
accounts security in the users hands. There are lots of email, password lists
from hacked web services (Linkedin,Yahoo Voices, Gawker, etc.) in the wild and
users all too commonly reuse their weak passwords across multiple services.

If a user couldn’t figure out how to set up Firefox Sync previously by
following the instructions and taking a set of digits from one device and
entering them into another, what hope have they of picking a strong and unique
password?

------
agumonkey
I enjoyed the extremly minimal cost of entry in terms of UX. But it's just a
little bit too ~naked. I don't know when or if the sync has been done (maybe
my system lacks some DE notification) and I have no other way to see what has
been synced, I can' t find a browser based interface for the account.
account.mozilla.... restricts itself as a login form.

------
antonio0
Finally! The tedious way Firefox Sync used to work is the main reason I use
Google Chrome.

------
ubojan
good news. I hope that new sync feature will work seamlessly and efficiently -
I disabled sync about a year ago because browser became sluggish with large
number of bookmarks.

~~~
codygman
Interesting, I've been using Firefox sync since it was released on Iceweasel
(Debian Firefox) and had absolutely 0 problems.

------
ParkerK
I wish they'd port some form of the sync to iOS. Syncing between my phone and
my laptop is the only reason I'm still on Chrome

~~~
JohnTHaller
Mozilla would love to have Firefox on iOS. You just need to convince Apple to
change their terms of service to allow real 3rd party browsers (as opposed to
UI skins atop the slower version of Safari).

~~~
ParkerK
What chrome did is fine for me. I don't need a super snappy web browser for
mobile sites. I'd be fine with a UI that syncs with Firefox on top of WebKit

~~~
JohnTHaller
I don't think Firefox would be keen on (1) having a webkit-based browser with
the name Firefox and (2) having it be an intentionally-hobbled browser
compared to Safari so Apple can ensure its browser is the 'fastest' on iOS.
Google made the decision with Chrome, since it is also webkit, but it will
likely bite them in the ass later as blink continues to be improved and webkit
begins to stagnate more. And as they begin to have differing rendering bugs.

------
Siecje
Can you sync add-on settings?

~~~
KORraN
In theory - yes. I checked option "Use Weave/Firefox to sync white list" in
Flash Block. Recently I was playing with VM and I synced Iceweasel on Debian
(remembering about marking option to remove local data and use synced data).
It got everything except white list. Sadly, white list from original Firefox
has been also lost :(

------
ubercow13
Doesn't seem to be working very well on Nightly for me

~~~
ack
Works ok on nightly for me. I'm just waiting for this to be implemented on
Firefox Mobile so I can continue to actually sync between all my machines
again.

