|
|
|
|
|
|
by zeveb
2779 days ago
|
|
|
> Our experience with Sync 1.1 taught us that this does not work with real people at scale; people often lost data as a consequence of this design. Far better to lose passwords, bookmarks & history than to have them exposed — which is what the current design does (because the user's password can be stolen if the users logs in to his Firefox Account via the HTML page). There are reasonable countermeasures I can take against losing my passwords: I can record them elsewhere; I can reset them if I lose them. But the only reasonable countermeasure I can take against Mozilla stealing my password is to never login to a Firefox Account (the alternative, hand-verifying HTML and a JavaScript bundle myself on every login attempt, is patently unreasonable). So that's what I do: I don't use the Firefox Sync functionality, because the security of the system is broken. |
|
|