Hacker News new | past | comments | ask | show | jobs | submit login

The new system, Firefox Sync, is the one that encrypts your history with a password-derived key, by means of HKDF. Mozilla cannot decrypt and read your data.



> Mozilla cannot decrypt and read your data.

Completely false: they can if they want to. All they have to do is serve a new login page to you which transmits your password as well as the derived key. They control the login page, they control the JavaScript which derives the key. They can do it at any time, invisibly.

This is different from trusting them to make a trustworthy browser, because you download the browser once, while you may download the login page and associated JavaScript every time you login. They could target you, or all of their users, just once, or for a limited amount of time; unless you inspect the HTML & JavaScript source every single time you use your Firefox account you cannot be certain that they aren't being evil.

Firefox Sync is unacceptable for password — or any other private data — storage. This is a pity, since the old protocol was very suitable.


> the old protocol was very suitable

It wasn't, because I've managed to lose my history with it. I very much prefer my history to be synchronized to a server I cannot lose.

If your objection is not about cloud storage, then your objection isn't about the protocol, but its implementation (e.g. usage of HTML/Javascript): https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc...

> you download the browser once

That's not true. Modern browsers are set to upgrade automatically in the background, without notifying the user.

If you're paranoid, you can self-host your own Sync server, but then if you don't trust the vendor of your browser, then you've got bigger problems and I hope you're compiling your own binaries.


> Modern browsers are set to upgrade automatically in the background, without notifying the user.

My browser isn't; I use the Debian Firefox package and update it on my schedule.

> If you're paranoid, you can self-host your own Sync server

Only if you host it locally; if you host it at a VPS/dedicated-system provider then you're trusting that provider never to break into your system.

It's bad social hygiene to develop systems which are breakable.


You can also use your own auth server if you want... Just host it on your machines and change the URL in about:config.


> You can also use your own auth server if you want

The problem with that is that if the auth server is on a machine you don't have complete control over (e.g. one hosted by a dedicated-system or VPS provider) then you are trusting that provider to never break into your machine; you are also trusting that machine never to be broken into via some remote exploit.

That's far too much trust for a system hosting sensitive data like passwords. The only secure thing is to deploy a system with as little trust as possible.


Then host the auth server locally on your device.

The great thing about the self-hosted sync server is, the storage and auth components are separated, and the storage one just stores encrypted blobs.

If you want you can trust Mozilla with the authentication part while storing everything where you prefer, but if you're worried about a javascript change set up an auth server locally, create an account in it and copy it on every device you own: since it stores only account details which doesn't change, you don't have to worry about replication.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: