the user has to know, that Mozilla is very much (still) dependant on Google’s money.

Mozilla 2 Harrison St. #175, San Francisco, California 94105 USA

Mozilla 2 Harrison St. #175, San Francisco, California 94105 USA

in 2021 wrote

this article. “Open Letter to Mozilla – Google’s Browser dominance – is Firefox not listening to user’s needs/requests?”

They at least – pretend to.

Google says: Thank You Mrs Baker – you successfully destroyed the Firefox browser! – Alternatives to Chrome and Firefox?

No participation withour registration, right?

But in this case it goes further, like syncing ALL your bookmarks and passwords with a central Mozilla-maybe-Google-controled-central server.

 

https://connect.mozilla.org/

https://accounts.firefox.com/settings

might be used in the process: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/sync

https://oauth.accounts.firefox.com/v1 -> https://mozilla.github.io/ecosystem-platform/api#section/Response-format

How to signup? There is no register button?

Yes another “clever” feature, just type in some mail address, if it does not know the address, it will automatically switch to registration mode.

Does the user want automatic sync with central servers? Surely not.

But this article is “tricking” users, by saying, if the user want’s to submit ideas, how to improve Thunderbird, the user will have to go to https://connect.mozilla.org/ and signup.

What the user realizes later: What’s happening in the background of Firefox.

Firefox automatically activates the sync process.

Not amused, not at all.

What if Mozilla (almost 100% sure) will pass on all that data to Google, without your consent? (Because Google has become the de-factor 99% sponsor of Mozilla).

What does Thunderbird have to do with it?

Thunderbird was “outsourced” long ago.

“MZLA Technologies Corporation. Thunderbird is an independent, community-driven project that is managed and overseen by the Thunderbird Council” (src)

All centralized sync services have to be regarded as “evil” for reasons:

  1. sooner or later the data WILL be shared with 3rd parties “sold” or hacked

    • if the user does not pay for the service, the data is sold
    • imagine this ransome note: “we have all your firefox passwords, if you do not send this amount of Etherum, we will post all your passwords to the internet”
  2. what if it is hacked?
    • storing all user passwords will make it a prime-target for hackers

What would be a “good” sync service?

A good sync service would be Computer A, syncing to Computer B without a central server, or if the central server only responsible for transmitting (known-to-work encryption) without storing the data.

The Future of Sync: data echos

2020 Mozilla blog article: “Sync’s job is to make sure that the bookmarks, passwords, history, extensions and other bits you want to synchronize between one copy of Firefox gets to your other copies of Firefox.”

“Those different copies of Firefox could be different profiles, or be on different devices.”

“Not all of your copies of Firefox may be online or accessible all the time, though, so sync has to do is keep a temporary, encrypted copy on some backend servers which it can use to coordinate later.”

“Since it’s encrypted, Mozilla can’t read that data, we just know it belongs to you.”

But with WHAT algorythm the passwords are encrypted and stored, Mozilla won’t tell.

So the user can not be sure if it’s savely encrypted. No matter the intentions, storing all passwords of all users on one central server is just a bad idea as it WILL become the PRIME target for hackers.

“use a distributed database to store your data securely, so we no longer lose databases”

“were able to rewrite the service in Rust, a more efficient programming language that lets us run on less machines”

“It needs to continue to be at least as secure as before”

“We picked Google Cloud’s Spanner database for its own pile of reasons, some technical, some non-technical”

This is totally fitting, because a “Spanner” in German, is someone who is spying on others (mostly naked girls).

“We then picked Rust as our development platform and Actix as the web base because we had pretty good experience with moving other Python projects to them”

“Some folks who run stand-alone servers are well aware that Python 2.7 officially reached “end of life”, meaning no further updates or support is coming from the Python developers, however, we have a bit of leeway here.”

Wow there was the option to run de-centralized stand alone servers? Why not keep it that way?

src: https://blog.mozilla.org/services/2020/09/15/the-future-of-sync/

https://github.com/mozilla-services/syncstorage-rs/ https://github.com/mozilla-services

from the comments section:

I’m not so sure… Sync is end-to-end encrypted, meaning that the server can not (and really does not) want to read any of your info.”

while this is surely correct, even the developers MIGHT be unaware of data collection going on inside Google’s “Spanner” db X-D

“I mean, you’re absolutely free to export your bookmarks to a file and publish them how you see fit”

Why publish? Store offline & encrypted!

“but trying to sift out “Well, this bookmark is public” vs. “This bookmark contains personal info I may be unaware is being disclosed” is not something anyone who works on back-end systems ever wants to deal with. Privacy scales remarkably well in that respect.”

“Plus, competing against pinboard doesn’t have the greatest record.” (src)

GDPRs cookie-popups suck but… how to delete all Mozilla Sync data?

This is probably just a “marking this account disabled” but can try anyway:

Yes the GDPR (“General Data Protection Regulation“) at least it tries to regain control over the user’s data as the law says: the data of the user BELONGS to the user, NOT the company collecting it (as it is in the US, still?).

It is like a user-based “freedom of information act” that allows EU citizens to request all stored data from a company and also request the deletion of that data.

that was in 2018, now it works again https://www.chicagotribune.com/

that was in 2018, now it works again https://www.chicagotribune.com/

Some companies in the US are voluntarily complying with the nerve-wrecking time-consuming “warning-popup-privacy-intrusive-cross-platform-tracking-cookie”, while others just block all EU visitors to their website.

Who to contact in order to get all data stored?

Who to contact in order to delete all data? (probably too late after sync anyway)

go to: about:preferences#sync

a try: “Unchecking all of the boxes, then pressing the circle-arrows Sync button appears to delete all of the Sync data. Then, I can set the about:config identity.fxaccounts.enabled value to false to hide the Sync button. Thank you!”

then head to:

If you use these features, Firefox will share data to provide you functionality and help us improve our products and services:

  • Registration data: Mozilla receives your email address and a hash of your password when you create a Firefox Account or sign-up to Join Firefox. You can choose to include a display name or profile image. Your email address is sent to our email vendor, Acoustic, which has its own privacy policy.
  • Location data: For security purposes, we store the IP addresses used to access your Firefox Account in order to approximate your city and country. We use this data to send you email alerts if we detect suspicious activity, such as account logins from other locations.
    • yes neat, indeed right? Sell a surveillance feautre as a security feature
    • that is bulk data gathering and thus MASSIVELY privacy intrusive
  • Interaction data: We receive data such as your visits to the Firefox Accounts website, dashboards and menu preferences, what products and services you use in connection with your Firefox Account, and your interactions with our emails and SMS messages. We use this to understand your use of our products and services and to send you more useful Firefox Account Tips and in-product messages.
  • Technical data: To display which devices are synced to your Firefox Account and for security functionality, we store your device operating system, browser and version, timestamp, locale, and the same information for devices connected to your account. If you use your Firefox Account to log into other websites or services (such as AMO or Pocket), we receive the timestamp of those log-ins.

Read the full documentation or learn more, including how to manage your Firefox Account data or our data practices for websites and email. You can also read the privacy notices for our Firefox Account connected services, which are:

  • Synced data: If you enable Sync, Mozilla receives the information that you sync across devices in encrypted form. This may include Firefox tabs, add-ons, passwords, payment autofill information, bookmarks, history, and preferences.
  • Deleting your Firefox Account will delete related Firefox Sync content. (yeah sure) You can also read the documentation.
  • Technical and Interaction data: If you enable sync, Firefox will periodically send basic information using Telemetry about the most recent attempt to sync your data, such as when it took place, whether it succeeded or failed, and what type of device is attempting to sync. You can also read the documentation.

Learn more, including how to enable or disable sync.

(src)

thanks a lot! will STOP participating at everything Mozilla related!

zig is better than RUST anyway.

in the context of all of this:

Pocket sucks! “Collections” suck!

What is this annoying “Pocket” crap function financed by Google Ventures and why are Bookmarks now stored in “collections”: “social bookmarking service for storing, sharing, and discovering web bookmarks” “was introduced in August 2007 as a Mozilla Firefox browser extension named Read It Later by Nathan (Nate) Weiner.” (Wiki) At least the src is given.

Another #WTF: If the user wants to share a bookmark, it is as easy as Cltr+C and Ctrl+V into the probably-also-make-believe-encryption-because-WhatsApp-is-using-it-too-Signal-Messenger.

Sorry Pinboard.in will also not become a tool that will ever be used here (this user also just uses the service to sync bookmarks between devices)

Firefox sends a “ping” to Amazon AWS after EVERY startup

Another company that Mozilla shares data with: Khoros, LLC 7300 Ranch Road 2222, Building 1, Austin, TX 78730 USA, Telephone: (512) 201-4090, Email: privacy ÄT khoros DOT com

even when said – it is non-malicious – for detecting “if online” on a Hotel Wifi – this is a privacy problem.

“if I block them, firefox says there is no internet connection.”

Yes, because Mozilla claims that it is a feature “required” to detect if Firefox “is online”. #wtf there would be other options.

Also it is important to before doing so, ask the user, “do you want an automatic internet detection?” (aka ping to Amazon) and then let ther user chose the server to ping.

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections explains the categories of automatic connections and how to disable them.

No, that’s not how it should be.

It should not be: “we will do everything hush hush in the background and if you want to opt out, good luck finding that option in our zig-billions-of-options!” 😀

Ask first, then shoot, not the other way around.

but as most users stopped using Firefox long ago… (and moved to Chrome) that privacy problem has shifted from a Alphabet-Google-Proxy to Alphabet-Google directly.

May it go down to 0%!

Congratz! All involved!

PS: If the user manages to export (a feature soon deleted) all bookmarks from Firefox into a file and import on another device, the user is already a h@ackz0r that Alphabet-Google-Mozilla dislikes!

alternatives?

first thanks for taking the stats, but it’s really hard to see in this pie chart what browser has what market share X-D

https://itsfoss.com/open-source-browsers-linux/

 

 

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin