I'm really disappointed this doesn't authenticate against Persona. Supporting Persona in Firefox seems to be pretty slow coming, and this seems like a big blow against having that smoothly integrating it.
Persona is an awesome way to verify email address ownership, but that's only part of what Sync and the Firefox Marketplace need. For instance, Sync needs a user-memorable password for client-side encryption, and Marketplace needs the ability to force users to re-authenticate before a purchase, which is only feasible in a centralized system. Then there are COPPA concerns: We don't want to build an age gate into Persona, but we need one on Sync and Marketplace. Firefox Accounts lets us do that once, up front, and be on our merry way.
Nevertheless, I'm hopeful that we'll integrate Persona into the Firefox Accounts workflow, but that's still only part of the problem that Firefox Accounts is trying to solve. :)
(Why wasn't it there at first? We were still working out protocol / data format details, and sticking with a known username/password system reduced the number of variables while reinventing Sync.)
Would seem to make sense to take a step back and look at what Persona and Accounts can/should be good at. Persona could/should be an awesome single sign on service that doesn't leak personal data all over the place and provides good security. Unfortunately it seems doomed to failure because the operating model chosen relies on competitive services to adopt it. In other words why would Google become an IdP for Persona when it competes with Google Sign On?
Firefox Accounts, in addition to Persona, could actually move the needle. If Mozilla would drop the idea that email providers should be IdP and instead step into the role themselves (like they kinda are with Accounts) this could all work.
More simply put why not do Persona as an SSO solution independent of email providers (Mozilla or a partner is the single IdP). Optionally attach data to that identity (several technical ways to do this) to hold more data such as that envisioned by Firefox Accounts (email, TOS acceptance, ...).
You do understand how it seems that this is just cannibalizing Persona and Persona will end up with none of the browser support it needs to fulfill its vision?
That's not quite accurate; Firefox Accounts uses the BrowserID Protocol, of which Persona is an implementation. That is to say, it authenticates using BrowserID assertions, but does not directly tie in to Persona accounts. Yet.
"Today, we’re introducing Firefox Accounts as a safe and easy way for you to create an account. With Firefox Account can integrate services, like Firefox Sync.
Firefox Sync enables syncing of passwords, bookmarks, history, and open tabs across devices, now even easier to setup the service and add multiple devices"
> Last year, we created a new team at Mozilla to explore one specific area of the Web that’s grown with the explosion of mobile devices — the cloud (sometimes called Internet servers).
Hey Mozilla, you are too honest about the cloud thing. :)
I wouldn't mind the server side component to this. I'd like to run my own server so that my devices can use. You'd imagine it would be available with it being Mozilla, right?
Thanks! Glad you liked it! I plan to do a proper brown-bag Air-Mozilla presentation of it soon, so we'll have a video recording available online (and not just the slides).
FYI, I showed three different designs in that presentation, to compare/contrast 1: original J-PAKE, 2: intermediate not-used SRP thing, 3: final non-SRP "onepw" design. More than one audience member was left confused about which one we're using for Sync. Tell your friends: we're deploying the last one, nicknamed "onepw", from page 20 of that slide deck:
New Sync has been development for about a quarter. Right now all effort on the Sync project is to get the basic workflows finished and testing the various Sync clients (Fx Desktop/Fx Android).
The team is looking to have a more understandable self deployment strategy by the time this ships in Firefox release ~12 weeks. This is not a promise though. Engineering work is tricky to estimate.
While they can, of course, do whatever they want, I am disappointed by the development of unnecessary peripheral functionality such as this.
I think that the resources put toward this endeavor could have been better spent on improving the performance of Firefox, or perhaps reducing its memory usage, or even fixing the numerous bugs that affect it. Firefox isn't as bad as it once was with respect to those things, but there's still much room for improvement.
Functionality that's useful to a comparatively small number of users should be prioritized well behind core functionality that affects basically all Firefox users.
Engineers aren't just resources to be allocated. Quality isn't a zero-sum game. If a manager said "all of you should only be working on performance", it would be a waste of a lot of people's time who aren't performance engineers.
> I am disappointed by the development of unnecessary peripheral functionality such as this.
users expect their browser preferences, history, bookmarks, and passwords to be synced across devices. for a significant chunk of ff users, this is in no sense "unnecessary peripheral functionality"
Of course those are priorities. That's why it says right at the top that one team has been working on this. It's not like all developers need to be doing the same thing all the time.
I hope Firefox will implement multiple accounts within the browser, similar to Chrome multiple accounts. If it is backed by Persona, then I will be able to have web sessions based on email accounts from different providers.
Trust is such a poor and overloaded word. What is Mozilla "trusted" to do? That's a very difficult question to answer.
Perhaps thinking in terms of expectations would be better: My expectation is that Mozilla will produce a decent browser, with occasional bumps and steps backwards in response to some flavour du jour, most notably in the area of wouldn't it be cools that break usability. Not to mention the mobile browser considering my tablet and phone to be the "same type of device", when my tablet is much closer to my computer - and it's the computer's UX I want everywhere, not the phone's.
My expectation is that Mozilla will produce a half-decent email client that I have no real reason to use.
My expectation is that in doing these things Mozilla software will mostly stay out of my way, mostly work as I expect (sync the function works pretty much as expected, sync the UX is awful - I still need all manner of extension and app to get the "move easily from one device to another" experience I really want).
My expectation is that Mozilla will occasionally cook up something new, e.g., Persona, that I really don't see a need for, and that Mozilla will be unable to articulate why that new thing is needed, cool, or anything else.
If Mozilla disappeared tomorrow, I would be quite upset, because FF sucks far less than every other browser - maybe that's because I am so used to it, that I've made it work for me, but moving to anything else would be painful. My expectation is that they will continue to deliver excellent B+ software that is adequate to my needs and wants.
But why on earth would I expect that I could trust Mozilla with anything more than my sync information?
I trust Mozilla about as much as I trust my bank, as much as I trust Google, and, to be fair, more than I trust facebook. But again, trust is the wrong word: I expect Google to mine my information, make the occasional misstep, but to by and large attempt to keep my information safe and secure, because if they don't, it ain't just mine they release, it's millions of ours, and they cannot afford that.
I expect my bank to mess up UX occasionally, but to do security reasonably well, and to not share my personal overmuch, because of the regulatory framework in Canada: They just cannot mess this up without serious consequence.
I expect facebook to mine, share, intrude, mess around, and generally do stupid things. I am never disappointed.
What should I expect of Mozilla Accounts?
Nothing. Nothing at all, because "Accounts" is so not what I think of when I think "Mozilla". I hear "Mozilla" I think "FireFox", I think half-decent browser, better than others, adequate email client, neither better nor worse, I think confusing cross-device UX...
...but do I think trust?
Nope.
And the "occasional bump in response to something shiny" mentioned above means I never will - at least not without major public rebranding.
If I am going to trust you, you need to convince me you are rock-steady reliable, and never prone to blowing with the wind.
Mozilla is the most trusted Internet company, and you can see the methodology here http://www.ponemon.org/local/upload/file/2012%20MTC%20Report... I trust Mozilla to keep my data safe, not mine it or sell it for profit. I trust Mozilla to give me control over my data. I trust Mozilla to publish an open API to access my data from other programs. Those are important things when I'm considering a cloud storage provider.
Disclaimer: my opinion is entirely MY OWN OPINION and does not reflect Mozilla's opinion or anyone I have worked with in the past. I also acknowledge my lack of deep understanding/insight of any sort but just a tiny bit of what I think I know, so feel free to correct me.
I agree with many of your points because they are in fact excellent arguments. Trust can mean various of things. But in this context, trusting Mozilla is merely trusting Mozilla based on its reputation. Mozilla does not log your password and does not sell you to an advertizing agency so your new shiny Fx Account is really to be used for Mozilla service. At least as far as we know at this point. Mozilla was named #1 most trusted organization [1] but that doesn't mean we should say Mozilla is more trustworthy than Google without considering the context in which the trust is placed in.
The first thing I want to echo is expectation. We expect so and so to do such job and deliver such promises. We expect that when we first sign up the password I pass to Firefox Account and Google Account, my password is hashed and salted with strong hashing algorithm. We expect Mozilla engineers and Google engineers to be honest and professional, so they won't be use MD5 or SHA1 to keep our passwords. But are they? We have to put a bet on Mozilla.
Almost all the Mozilla projects are open-source, meaning they exist somewhere on mozilla-central or on Github. But we can't verify that a server is actually running the code the service provider claims to be using. How can I trust them? I can't. I challenge anyone out there to propose a way to verify server, the same goal we want to have for deterministic build.
Unlike some startup which claim to be secured, Mozilla does not brag about security without hard work. They don't come up with their own new crypto and ask the community to challenge them. They are careful about code changes. With that, we say Mozilla is trusted. Google is therefore also trusted.
There are two kinds of trust:
First, people with first-hand access. They have access to some part, if not, all parts of the infrastructure. If you are running your own Persona identity bridge [2], you can verify yourself that the password you enter is hashed and salted with strong hashing algorithm and iteration. This is a great news for people who are paranoid about a particular website not handling your password properly -- provided that Mozilla sends your data over TLS channel and does not log your encrypted password in the middle.
Second type is based on experience, based on reputation. Google and Facebook employed thousands of engineers. If either is evil, then we would have heard a whistleblower gone on public already. Because there is none (or little) we expect them executing my expectation: my password is hashed and handled properly. So I am happy to stay as a Gmail user and authenticate my Gmail as Persona account. I know both Mozilla and Google will do the communication properly.
I am not an expert in either privacy or security, but I feel like people forget about the mission of the organization. Is Google bad? Is Google evil? The #1 argument is Google is for-profit and Mozilla is non-profit (yes, there is a business entity called Mozilla Corp which exists to handle business contracts like search engine option in Firefox), so Mozilla is more trustworthy, right? Since Mozilla is non-profit and it doesn't talk to advertiser or does not customized your search experience, there is little to no incentive for Mozilla to sell your data and have an advertising agency to customize your experience. With that, Mozilla's reputation is not touched.
Mozilla doesn't about your search query or activity EXCEPT metrics. How many users are experiencing such and such crash? Who is adopting such option and such. How many web servers are still negotiating RC4 cipher? Is Firefox stable? Is people happy with the security and privacy controls?
They don't care if you are bidding a cat on the Internet or voting Doge to be the next President of United States. The expectation of Mozilla is to make good things. For example, Mozilla Firefox should provide Do-Not-Track and private browsing (e.g. search record is not logged in the user's browser history). And Firefox does it. Unfortunately, there are issues but Mozilla are committed to resolve them in the best manner as possible. For example, should the default option for DNT be "tells site I don't want to be tracked" or "don't tell site about my DNT preference?" Currently the latter is the default option. Good or bad? One hand Fx is used by all sorts of users and many sees DNT and DT makes no difference and they might prefer to be tracked. This is why metric is important to a browser vendor like Mozilla. If 90% of the users are aware of DNT, if 90% are adopting DNT and "Tell sites I do not want to be tracked" is high and more and more sites are honoring DNT header, then the default would of course be "tell site DNT." [3] Are there information Mozilla should not be collecting? Probably. And you should challenge Mozilla if you are concerned. While not all Mozillians are created equally - they don't all think alike or agree on everything, one voice can have a snowball effect.
So in terms of interests, Mozilla has a much lower interests in anything else but the number of users able to use Firefox and its related services. After all, Mozilla wants to be the browser that everyone can trust and use. But it doesn't mean Mozilla can override everyone. Some of the proposal Mozilla makes are excellent but often rejected because other vendors proposed something else. Mozilla will have to decide how to resolve such challenge.
So why should you or me trust Mozilla alone?
Mozilla is an open-source organization and therefore almost everything they do is publicly listed. Many project meetings are open and publicly documented (but of course there are exceptions -- sometimes people don't remember they can make such meeting public, or because it's security/corporation/business confidential). But eventually, Mozilla releases notice about decisions they are making. This is not something Google or Facebook is likely going to do. But that's fine. Google and Facebook are much much larger than Mozilla and are entirely for-profit. Take Chrome vs Firefox. Yes, not Chromium. Chrome is closed-source, building upon Chromium. There is no closed-source Firefox releases by Mozilla. Since Firefox code can be viewed publicly, anyone can audited the code. I believe gps is working on deterministic build [4]. Since Fx Account is also publicly readable on Github and mozilla-central, the security of Fx account is both theoretically and practically more trustworthy than Chrome's Google Account implementation (though I believe Chromium users can connect to Google services the same way Google Chrome allows) -- provided that you put a bet on Mozilla's ability to take care of the infrastructure and is actually hosting the version it claims to use. If Persona is ever integrated into Fx Account, then it would be much nicer than Google Account in Chrome, since one can authenticate against one's own identity provider, not Google's or Mozilla's.
Furthermore, it is amazing to see how much Mozilla is capable of doing. It doesn't have 30k employees but Mozilla is capable of keeping data safe. I haven't really heard of Mozilla compromised (community servers, yes) yet. Somehow, this is strange to me. I might be too young to remember such incident, but in the recent years, officially? I haven't heard of one. So people at Mozilla are running a nice farm. I can trust the skill these people have.
Lastly, I do agree that UX is important. Google, Facebook and LinkedIn all have some awful UX to control security and privacy. Some features are not opt-out-able easily; some require deleting an account or disabling access to other core products. I urge everyone, including myself, to make the ability to control security and privacy settings as easily as possible. I think such improvement can make any organization more trustworthy - after all, if I can't opt in/out easily, I am locked in with default settings.
With that, I say I can trust Mozilla. I can trust Google, I can trust Facebook. I can trust many websites out there. But if there is an option and if time allowed, I'd work hard to harden my own identity. With that, I think Mozilla is trustworthy. If we continue to make control of privacy and security a priority over complex feature, some people will trust XYZ more.
How is this any better or different than one of the other cloud providers? I read nothing about self-hosting this, nothing about end-to-end encryption, nothing about Persona.
I understand Mozilla is in a tight place with no access to iOS, little market share in mobile in general and the new walled gardens erected by Google, Apple, FB and soon Microsoft. But simply playing copy cat and catchup does not cut it.
Click on "same browser-based encryption". It's a link to an earlier blog post where they explain the encryption methods used in Firefox Sync. It mentions end-to-end encryption, too.
As Mozilla is a US-based organization, is anyone afraid of the NSA/USG commandeering Mozilla to setup pen-register/password-interception a la Lavabit?
Only a couple of months ago comments like mine would have been passed off as tin-foil conspiracy. Now, I think everyone's sense of normal is now tightly wrapped in tin-foil, encased in lead.
Opposite to Lavabit, Mozilla can't decrypt your data, so I can't see this happening, unless they change the open source client code without anyone noticing.
How is Options>Sync>Pair a Device and follow the directions difficult?
I mean, it was definitely too many steps, and it wasn't labelled clearly enough which device was the master and which was the slave, but those are more like "users won't bother to find it" troubles, rather than it actually being difficult if you want to turn it on.
Basically, many assumed it was a backup program. Recovery was painful. There was multiple iterations of enhancement before they decided to roll out Fx Account, it was clear that users didn't like the original Sync.
Fx Account is more than Sync. This is like having a Google account and allows you to connect to Mozilla services like Marketplace and all instances of Firefox a user owns.
Oh yeah, I totally agree the old sync wasn't friendly - but that's something totally different. It wasn't intuitive, and it was surprising in that it really was just a sync, not a backup. Nevertheless, it was still pretty easy to enable if you actually wanted to.
Easy can still be frustrating (as in why all these steps and which machine is which, and why do I even need to look up how to do this?), and it can still be user unfriendly (as in not allowing recovery).
The steps to turn on sync for devices where you don't have access to both at the same time are a bit mangled since you're required to use the recovery key.
I'm hoping with this it will turn into something close to Chrome's sync
Well, minus the need to to have the decrypted/decryptable passwords in the hands of the service provider. I'm not too happy with the way chrome deals with that, it just means that the impact of any hack is going to be much larger than necessary.
Does anyone know if there will be a standalone client library for this API?
I build an iOS browser that works with the old sync api and building a client on my own is probably a bad idea
The storage API is very similar -- a few record extensions, a few headers changed. The auth layer is completely new, and there's no iOS client library for it, nor any plans for one that I know of.
Mozilla Corporation gets paid by Google to offer Google as a search engine to Firefox users. There's no sponsorship relationship — it's a mutual exchange of value.
See the corporation's audited financial statements:
Mozilla has been sponsored by Google since long ago, but they always thought about people first. In fact, if you don't trust them you can run your own sync server in whatever country you like.
