|
|
|
|
|
|
by rfk
4429 days ago
|
|
|
> The old one let you run your own server. This is still possible with the new system, although I'll admit the ease and usability of such a setup needs work (and IIRC there are some changes required before android devices can properly use a third-party server; it may take a few releases before this become as easy as it was with the old system). > As it is, it's possible the new sync has a backdoor,
> even one many people at Mozilla don't know. Both the client and server are open-source, and you can verify that the client follows the protocol [1] and doesn't leak anything more than a PBKDF2-stretched password derivative to the server. It's about as backdoor-proof as any client/server system is likely to get. But yes, it is more dependent on the strength of your password than the previous sync system. [1] https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc... |
|
|