[conspire] no privacy

Don Marti dmarti at zgp.org
Wed Feb 13 21:22:32 PST 2019


On 2/13/19 12:27 PM, Rick Moen wrote:
> Quoting Paul Zander (paulz at ieee.org):
> 
>> One a related matter, Firefox is now suggesting creating an account
>> with them.  Any thoughts?
> 
> My thought is that, when a corporation like Mozilla Corporation[1] says
> 'Store your tab links, browser history, passwords, bookmarks, cached
> copies of articles, and notes with us, and we'll make them available to
> all your devices', my reaction is that I have no reason to want that,
> that I have a large number of reasons to not want it, and that if they
> released open source code for doing such things on my own self-hosted
> computing resources, I'd at least consider running a code instance, but
> probably wouldn't because I have no use-case requiring that.

(disclaimer: I work at Mozilla now but not on this stuff.)

Firefox Sync is a Python application using WSGI, which makes it not too 
hard to run on your own web server.
https://mozilla-services.readthedocs.io/en/latest/howtos/run-sync-1.5.html

But if you want the whole stack self-hosted, and not use Mozilla servers 
at all, then you would also need to run a Firefox Accounts server, which 
is more work (not really documented for self hosting, you have to 
replace the trademarked images yourself, there are multiple config items 
you have to set to get your browser to use it...)
https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html

The good news is that even if you use the Mozilla-hosted version, all 
your actual data is encrypted with a passphrase that the server doesn't 
get, so they can see who you are and when and how much you use the 
service, but not actually what you synced.
https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

> The natural audience for a Firefox Account is the hordes of people who
> are heavily dependent on smartphones, and are already habituated to
> outsourcing everything they do to strangers, i.e., to 'the Cloud', with
> zero concern for security or privacy (and who cannot even spell
> 'computing autonomy').

Two use cases for this that I find useful.

  * click through to a web page on my phone, find that it's a PDF or a 
layout that doesn't work well on a narrow screen, "send tab to device" 
to read it on my laptop later.

  * send a long article to my phone to read on the bus.

> [1] They would doubtless object that Firefox Cloud Services is actually
> an effort from Mozilla Foundation, which in turn is a non-profit
> appendage of Mozilla Corporation.  There are certainly far, far, worse
> people to outsource your passwords and browser metadata to, and I have
> fond regard and admiration for the Mozilla folks, but personally I'd
> prefer that my stuff remain my stuff.  I'd rather swim than sync.  ;->

$ host accounts.firefox.com
accounts.firefox.com has address 35.167.222.89
...snip more addresses...
$ host 35.167.222.89
89.222.167.35.in-addr.arpa domain name pointer 
ec2-35-167-222-89.us-west-2.compute.amazonaws.com.




More information about the conspire mailing list