Hacker News new | past | comments | ask | show | jobs | submit login

Meanwhile, Firefox Sync encrypts your data with a password-derived key so that Mozilla can't even see your browsing history.

Consider your choices.

With Firefox, you can also self-host the sync server on your machines, which is totally awesome.


> Firefox Sync encrypts your data with a password-derived key so that Mozilla can't even see your browsing history.

Not quite true: the JavaScript (!) that derives the key is served from mozilla.org; at any time they could choose or be compelled to alter it so that all users' passwords, or a single targeted user's password, is sent to Mozilla or anywhere else.

The new Sync protocol is an abomination; the old one was actually secure; the new one is snake oil.

You can still use the old, self-hosted one but it's inconvenient to set up with the latest builds of Firefox. I just install version 28, sync it and then let Firefox update to the latest version. Hopefully they don't kill (the semi-hidden) legacy support for the old protocol.

I didn't realize how much data Google had on me until my search terms I used on my laptop was almost immediately available on my smartphone. I felt shocked and kind of stalked as well.

The data especially on Android can easily be hacked if someone has the expertise. This made me think how easy it would be for stranger to learn everything about me through my data.

I like that very much.

Whenever i'm doing something with my normal chrome -> I'm part of the system and look / am normal.

Whenever i wanna do something little bit different, i use incognito mode and a different browser.

Same here. It's basically splitting up internet usage between a 'sync browser' and an 'incognito browser'.

I search my porn in incognito mode too

IIRC chrome sync data is separate from google data and you can encrypt it by adding a password which Google claims makes it so they don't read your data


>how easy it would be for stranger to learn everything about me through my data.

Isn't that pretty much what's happening with your data at google?

Yup. And all it takes is for one mistake/button for my data to be shared with other people.

Expect it more in the future. Continuum and Continuity are just those very small attempts at bringing more data portability across technologies.

To be fair, Chrome has exactly that feature to, and let's the user choose what they want.

But Google has created a perverse incentive here. They give me a ton of choices, so many and so vaguely explained that I couldn't possibly understand what they really mean and I get suspicous of everything they offer me.

So what I do is disable everything without even thinking. Later when something isn't working as expected and it turns out it's because of one of those privacy settings, I start to think about whether or not I really need it.

So effectively, they give me an incentive to summarily reverse their opt-out strategy into an opt-in one. I suppose that's fine with them because most people won't do even that.

However, they should be aware of the fact that this is the second easiest thing to do after leaving everything enabled.

Over time, they may be creating a popular culture of "disable everything" just like they created a culture of ad-blocking (where "they" is the whole advertising industry in this case, not so much Google itself)

Google also has an obnoxious "if we can't keep it, you can't either" approach to user data. For example, I have location history turned off for obvious reasons and tried using the Google Maps app. I wound up having to re-enter my destination several times due to accidentally doing something that cancelled the navigation and caused it to instantly forget the destination. As another example, Google's new Allo messaging app supports end-to-end encryption but it's not on by default and activating it blocks local logging - if they can't get a copy of your chat history and use it to work out stuff about you, they won't let you have one either.

If they did support keeping the history but only using it for you, it would be even harder for them to credibly prove that they are not keeping the history for advertisement purposes ("I have disabled you keeping any location history and still you list the places I have been to? How dare you??").

I can understand your point about allo more, though of course storing the local history unencrypted also means that it's going to be accessible to interested third parties in one way or another. If they don't keep it at all, it means that it won't be.

I have location history turned off, yet it still shows me previous destinations (thankfully, I like that one).

Is Chrome's sync not a blob?

I tried to find information about it online, but the official documentation [0] is less than helpful to say the least. I'm guessing when they say "stuff", that's a euphemism for blob, but fuck if I know, maybe they are just trying to be hip in their documentation. After all, it's also business time, in case you didn't know.

Currently downloading the Chromium source code, to see if that's more helpful, but I kind of doubt it...

[0]: https://www.chromium.org/developers/design-documents/sync

Alright, status report.

The official documentation talks about the folders /chrome/browser/sync/engine, /chrome/browser/sync/syncable and /chrome/browser/sync/protocol.

These folders are missing from the source tree, as you can see here: https://chromium.googlesource.com/chromium/src.git/+/master/...

However, I decided to give the benefit of the doubt and did a few file-searches, in case the files were moved at some point and the documentation was just not updated.

And it seems like that's actually the case. The folder /sync contains all three missing folders (engine, syncable, protocol) and more: https://chromium.googlesource.com/chromium/src.git/+/master/...

I think the official documentation is what's found in the help center; this page contains a lot more information about using a custom passphrase for your sync data: https://support.google.com/chrome/answer/1181035?hl=en (top result when searching for "chrome sync encrypted").

At least in the Debian builds of Chromium the sync component is included. So I guess it's open source?

Chrome does not have self-hosted server feature.

It does, but it's poorly documented and quite difficult to use. Use the flag --sync-url="" when launching Chrome, and I believe the server is run through chromiumsync.py.

Does that also work for the Android build? Sounds like an incentive to finally try out sync...

It looks like it's doable with a rooted device. See section "Setting Flags for Chrome on Android".


A successful experiment may be deserving of a blog post.

> Meanwhile, Firefox Sync encrypts your data with a password-derived key

Didn't they drop it like 9months ago and moved to Firefox Sync?

About 2 years ago they started moving from randomly generated keys to the e-mail+password approach. Do you mean that?


The new system is still end-to-end-encrypted, though...

I think that's what I meant. Why is the new system better than the old one? There was a lot of FUD on reddit around it and I stopped following the news. Thanks for update.

The line of thinking was that people are used to email+password (as oppose to what was before). I think that was the right move.

The system is still end-to-end encrypted, if you reset your password it will also reset the storage (by definition).

> reset the storage

Does that mean you lose your history when you change your password? Or just that you need to use the new password to access (old and new) data?

You lose the data that's stored on Mozilla's server, but since it's a synchronization service, you should have a complete local (unencrypted) copy which can then just be encrypted with the new key and re-uploaded to their server.

The new system, Firefox Sync, is the one that encrypts your history with a password-derived key, by means of HKDF. Mozilla cannot decrypt and read your data.

> Mozilla cannot decrypt and read your data.

Completely false: they can if they want to. All they have to do is serve a new login page to you which transmits your password as well as the derived key. They control the login page, they control the JavaScript which derives the key. They can do it at any time, invisibly.

This is different from trusting them to make a trustworthy browser, because you download the browser once, while you may download the login page and associated JavaScript every time you login. They could target you, or all of their users, just once, or for a limited amount of time; unless you inspect the HTML & JavaScript source every single time you use your Firefox account you cannot be certain that they aren't being evil.

Firefox Sync is unacceptable for password — or any other private data — storage. This is a pity, since the old protocol was very suitable.

> the old protocol was very suitable

It wasn't, because I've managed to lose my history with it. I very much prefer my history to be synchronized to a server I cannot lose.

If your objection is not about cloud storage, then your objection isn't about the protocol, but its implementation (e.g. usage of HTML/Javascript): https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc...

> you download the browser once

That's not true. Modern browsers are set to upgrade automatically in the background, without notifying the user.

If you're paranoid, you can self-host your own Sync server, but then if you don't trust the vendor of your browser, then you've got bigger problems and I hope you're compiling your own binaries.

> Modern browsers are set to upgrade automatically in the background, without notifying the user.

My browser isn't; I use the Debian Firefox package and update it on my schedule.

> If you're paranoid, you can self-host your own Sync server

Only if you host it locally; if you host it at a VPS/dedicated-system provider then you're trusting that provider never to break into your system.

It's bad social hygiene to develop systems which are breakable.

You can also use your own auth server if you want... Just host it on your machines and change the URL in about:config.

> You can also use your own auth server if you want

The problem with that is that if the auth server is on a machine you don't have complete control over (e.g. one hosted by a dedicated-system or VPS provider) then you are trusting that provider to never break into your machine; you are also trusting that machine never to be broken into via some remote exploit.

That's far too much trust for a system hosting sensitive data like passwords. The only secure thing is to deploy a system with as little trust as possible.

Then host the auth server locally on your device.

The great thing about the self-hosted sync server is, the storage and auth components are separated, and the storage one just stores encrypted blobs.

If you want you can trust Mozilla with the authentication part while storing everything where you prefer, but if you're worried about a javascript change set up an auth server locally, create an account in it and copy it on every device you own: since it stores only account details which doesn't change, you don't have to worry about replication.

Firefox is significantly less secure though. Chrome has its sandbox and a highly effective XSS auditor. Firefox has neither.

I do not appreciate this change, however, and I hope that they reconsider it.

On the other hand, firefox is really sluggish.

    > firefox is really sluggish
Statements like this are very hard to quantify in a meaningful way. Especially on Windows, over a time interval I can notice a definite performance degradation of programs. Often times, completely deleting all program data and reinstalling seems to fix the problem. On GNU + Linux and macOS systems, I've noticed that Firefox is usually snappier to render pages.

But I wouldn't go so far as to suggest that one browser is sluggish -- there are too many environmental variables to have a good discussion on this subject.

I'm on Ubuntu. The installation isn't really fresh any more, but on a fresh installation, Firefox was sluggish. I only have 4gb RAM, but that seems acceptable for chrome.

Could you ELI5 Chromium's license to me? Is the whole thing open source, or just part? Can I build the whole thing myself, or does it rely on Google's magical binaries?

EDIT: also, smooth scrolling. If there's something that ruins my day is going on a browser with smooth scrolling. First world problems.

EDIT2: also, I'm struggling to remove add-ons. I know I have pocket installed because I see its icon on the top right, but it's showing up neither on Extensions nor on Plugins. Proof: http://i.imgur.com/ShUW5CK.png

EDIT3: manage to turn off smooth scrolling. Firefox is now skipping frames. Some times there's no difference (for example in google.com Firefox scrolls as well as Chrome.) Some times there's is a clear difference (for example, http://en.flossmanuals.net/chromium/ch008_installing-chromiu... Chrome is really smooth, while in Firefox there's noticeable jerking). Some times the experience is really REALLY bad (example, imgur)

Hmmm... can't say I've seen that before. I agree that 4gb of RAM should be more than enough for Firefox. Chromium has a history of fetching and installing binary blobs w/o asking for user permission.

I'm curious about the frame skipping is caused by -- I've never seen that problem. I'm wondering if maybe it's video card related? Might be worth asking someone involved in the project about to see if it's a known issue.

[citation needed]

You can cite me.

and me

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact