[conspire] no privacy
Rick Moen
rick at linuxmafia.com
Wed Feb 13 21:56:45 PST 2019
Quoting Don Marti (dmarti at zgp.org):
> (disclaimer: I work at Mozilla now but not on this stuff.)
Your insights are deeply appreciated.
[snip]
> The good news is that even if you use the Mozilla-hosted version,
> all your actual data is encrypted with a passphrase that the server
> doesn't get, so they can see who you are and when and how much you
> use the service, but not actually what you synced.
> https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
Excellent point, and I hadn't known that detail. (TBH, all I did was
ten minutes of reading based on Paul asking his quesiton.)
Your posting and that page clarifies that 'Firefox Sync' is the proper
name for the online service, and Firefox Account obviously is the
authentication feature associated with that service.
> But if you want the whole stack self-hosted, and not use Mozilla
> servers at all, then you would also need to run a Firefox Accounts
> server, which is more work (not really documented for self hosting,
> you have to replace the trademarked images yourself, there are
> multiple config items you have to set to get your browser to use
> it...)
> https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html
I've seen a fairly consistent pattern in other areas of software, where
open source works best for those inclined towards autonomy in computtng
(e.g., self-hoting) when it doesn't try to match big-business offerings
feature-for-feature, but rather targets core requirements only. For
example, the history of calendar/scheduling software on Linux made
depressing reading for a long time (even when you include proprietary
options such as Sun Java System Calendar Server, which Oracle has now
hidden inside something even more monstrous). That was at least in part
because of whole-brass-band feature sets. The open source offerings
tended to be buggy as hell not to mention regrettable choices of
platform (e.g., Nextcloud being PHP. And somewhere I have nots on Save
Sifry's colossal bellyflop of an effort to implement the IETF scheduling
protocols: Suffice to say it died before it lived.
But then, someone had the inspired idea of _not_ doing an all-features
competitor to Google Calendar, but instead write a limited-scope daemon
in Python that _only_ implemented CalDAV (calendars, todo-lists) and
CardDAV (contacts) -- nothing else. What resulted was Radicale, a
GPLv3 daemon requiring only Python3, able to happily do full public
service on a RPi.
So, I would _not_ be looking for an 'open source equivalent to Mozilla
Sync suitable for autonomous hosting'. I'd be hoping for, say, a little
daemon with an open API for sharing tab URLs that has matching
extensions for popular Web browsers to talk to it in some well-defined
way. Or things like that -- assuming I had a great urge to share those
or similar objects off a server to multiple client hosts, which I
actually don't.
More information about the conspire
mailing list