Hacker News new | past | comments | ask | show | jobs | submit login

> Firefox Sync encrypts your data with a password-derived key so that Mozilla can't even see your browsing history.

Not quite true: the JavaScript (!) that derives the key is served from mozilla.org; at any time they could choose or be compelled to alter it so that all users' passwords, or a single targeted user's password, is sent to Mozilla or anywhere else.

The new Sync protocol is an abomination; the old one was actually secure; the new one is snake oil.

You can still use the old, self-hosted one but it's inconvenient to set up with the latest builds of Firefox. I just install version 28, sync it and then let Firefox update to the latest version. Hopefully they don't kill (the semi-hidden) legacy support for the old protocol.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact