I see this as a reaction to the competition they're facing with Google Chrome.
With Google Chrome you log into your Google account. email + password and all is good. It's simple, but fundamentally insecure. Google, NSA and whoever else they partner with can poke at all your data without restriction because it is based on a centralized authentication model.
Firefox always based its sync on a secure model where no data was stored unencrypted at Mozilla's sync-servers. There was no traditional "account" which Mozilla had to validate. You could also chose to use your own sync server. Either way, they can not peek at your data.
You gave Firefox your email and a "password" and from that it generated some private keys used to encrypt the data sent to Mozilla. Private keys which you then had to distribute to other Firefox'es one way or another.
They attempted to ease the pain by having some "pair this device" wizards with 3 simple values you could copy from device A to device B, but in the end it still meant that the superior security came at a cost.
No non-technical people I know use Firefox's sync, but everyone I know who use Chrome also use its sync feature.
When comparing browser, some people literally list out "sync" as thing Chrome does and Firefox doesn't. That tells you a lot about how a simple and in your face implementation can drive adaptation. (I think Chrome's approach is too in-your-face, but that's another discussion.)
I honestly believe Firefox's original model is superior once you get past the initial warts, but I can see why they are making the changes they do.
The problem with Firefox's current/old sync model is recovery. I.e., users think they're getting their stuff (history, passwords, etc) backed up, but when they lose their device, their data is gone forever, because almost none of them will have bothered to write down the long random string that functioned as their sync key. Also, the pairing was relatively hard to use for "normal" users.
In the newer Firefox Accounts model, yes, Mozilla will use a username/password model for users. However, the password is never sent to Mozilla in the clear, and data is still encrypted with a password-derived key before being sent to Mozilla. However, users can still recover their data because they know (something that can be used to generate) the key used to encrypt their data.
I do think Mozilla would have promoted Sync more if it didn't have the recovery/UX issues I mentioned, so in that sense it might be a response to Google's model, but Mozilla's model still has a very well thought-out privacy strategy.
For those who actually liked the previous random key model + pairing, I think they might reinstate that as an option within the newer protocol/implementation at some point.
I really hate that this new model requires trust, whereas the old one did not. Even if I trust Mozilla not to peek, I have to accept that all my data, including all my passwords, now become subpoenable.
I get that the old model is too complicated for most people, but I really like it and am able to handle it just fine. I don't want to trust the NSA, damnit.
This is incorrect. Both in the new scheme and the old, sensitive data is encrypted. In the old scheme, this key was randomly generated, while in the new, it is derived from a password. Either way, you do not need to trust Mozilla.
The main security concern (as far as I can tell, and I'm far from an expert) seems to be that the KDF used in the new protocol is not as strong as the one used in the current Sync protocol.
You should read the link posted in the post you replied to, especially the security analysis. It is quite readable and might allay some of your fears.
Can you still host your own easily under the new model? That aspect of Firefox Sync was already deemphasized before, and that this is lost is what I fear the most with such changes.
My data silo is a box 80cm to my right. No need to start a new one at Mozilla Inc/Org.
All the software for running a server is open source, I think, so in that sense it should be possible. Whether there will still be enough prefs such that you can get Firefox to sync against a different host, I'm not sure, but it seems likely that that will be possible.
> ut when they lose their device, their data is gone forever, because almost none of them will have bothered to write down the long random string that functioned as their sync key. Al
This hasn't been true in my experience. I can initiate a sync from any previously synced device, so as long as I have one sync'd device available I can still get my data back.
Agreed. I don't use either sync, but I know Firefox's is secure (at least, the old private key one - not sure if that's about to be removed) and would consider it if I had a use case of many browsers, while Google's probably just dumps all my bookmarks etc (even saved passwords, if I saved them in the browser...) onto a google/NSA server.
Will Mozilla be removing the secure sync option or having this one in parallel?
I don't use it myself, but it's definitely worrying to see a secure option being potentially removed in favour of plaintext storage on servers outside the user's control.
Historically, all data was encrypted locally before being sent to the other device. Now, by default, some data will be local-only encrypted, and some won't (the motivation being recovery services). There are plans though to have an option to locally encrypt all data.
https://wiki.mozilla.org/Identity/AttachedServices/Architect...
If it's a username/password pair, either the data has to be stored in plaintext, or with a key escrowed using the user password, which are not as secure as a private key only known to the user.
No, you can use a different system: don't send the password to the server, instead create a private/public key pair from the password (deterministically) and send only the public key to the server.
When you want to authenticate, just have the client sign something with the private key. If you want to encrypt on the client, it can just do PGP-like encryption (encrypt data with random AES key, encrypt that key with public key, send all to the server).
Considering the average user's password choice tendencies, that's still weaker than a key from a proper source of entropy, then password reuse on top of that.
That plus IIRC, RSA isn't deterministic even with the same seed. Not sure about generators for elliptic curve though.
Not true, there are plenty of key-derivation schemes. Basic idea for how one may work (not necessarily the one they will use, I'm still reading the wiki pages): data is encrypted locally with a hash of the user's passphrase, then that hash is hashed again and sent to the server as a login credential. The server never sees the original passphrase, nor the encryption key, nor the contents of the material uploaded.
Yeah, i wonder the same, but maybe there are technical issues that made decide not to use Persona.Anyway it's a very usefull feature, congrats to Mozilla.
What is the 'Firefox Account' the new sync system uses and how does it differ from Persona? Will I need a 'Firefox Account' for other Mozilla services? What about Firefox OS? It seems bizarre to me to have this additional account system while promoting Persona as the system for other people to use. Is Persona abandoned?
Edit: the article mentions a Firefox Account is needed to use the Firefox Marketplace too. That's a webapp which I thought would have suited Persona.
Firefox Accounts is a centralized authentication system based on email addresses and passwords. Persona is a decentralized authentication system based on proof of email address ownership.
For Sync, Persona isn't the right tool for the job. Specifically, Sync needs a human-memorable source of entropy (password), and minimal external dependencies so that recovery meets user expectations. It's possible that Accounts will eventually use Persona for email verification, but the centralized password is unlikely to go away.
Marketplace is in a similar situation, and actually uses a centralized, friendly fork of Persona so that it can proactively force users to re-authenticate before purchases and allow people to use the site before they complete their email verification. Those features might make their way into Persona in the future, but for now it felt better to trim them from Persona and switch Marketplace over to Firefox Accounts.
I always emailed and copy-pasted, but yeah. If you didn't have a device you could "pair" with, it was definitely not user-friendly or accessible to non-technical people.
With Google Chrome you log into your Google account. email + password and all is good. It's simple, but fundamentally insecure. Google, NSA and whoever else they partner with can poke at all your data without restriction because it is based on a centralized authentication model.
Firefox always based its sync on a secure model where no data was stored unencrypted at Mozilla's sync-servers. There was no traditional "account" which Mozilla had to validate. You could also chose to use your own sync server. Either way, they can not peek at your data.
You gave Firefox your email and a "password" and from that it generated some private keys used to encrypt the data sent to Mozilla. Private keys which you then had to distribute to other Firefox'es one way or another.
They attempted to ease the pain by having some "pair this device" wizards with 3 simple values you could copy from device A to device B, but in the end it still meant that the superior security came at a cost.
No non-technical people I know use Firefox's sync, but everyone I know who use Chrome also use its sync feature.
When comparing browser, some people literally list out "sync" as thing Chrome does and Firefox doesn't. That tells you a lot about how a simple and in your face implementation can drive adaptation. (I think Chrome's approach is too in-your-face, but that's another discussion.)
I honestly believe Firefox's original model is superior once you get past the initial warts, but I can see why they are making the changes they do.