Do you trust Firefox's sync feature?

As you know Firefox has a feature called sync which let’s you backup your Firefox profile.

But do you trust it ? I mean you are trusting Mozilla with your not only your browsing history, bookmarks, addon list but also all your login credentials.

Its the login data which I worry about. Do you use Firefox Sync ?

Absolutely not.
That’s one of the reasons i use LibreWolf, where it’s disabled from code entirely :laughing:

1 Like

I had enabled the Sync feature some 6-7 months ago & then after reading some articles on the web I deleted my sync account. Do you think the damage was already done ?

That’s the problem - who knows.

When dealing with possible leaks / backdoors good opsec = always assume worst case :upside_down_face:

Are you using Netflix with Librewolf? It is not working out of the box.

No, but it’s easy to fix by enabling DRM in override config (which will probably compromise privacy / security by definition)

They’re working on more user-firendly GUI preferences for common stuff like that, by my suggestion though

1 Like

https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords

Mozilla says its Sync feature is 100% safe. After reading that I had enabled that feature.
Note: Mozilla claim that even they have no access to user’s data.

Yeah…A salesman tells you that his product is best in the world. No way! :rofl:
Don’t trust no one.
There’s no need to put more trust than you need to, when it comes to your personal data.

Especially ones who technically almost owned by Google (most of money coming from Google deal) and directly advocating for internet censorship (i don’t care who or why they advocate to censor, it’s not Tool’s job to tell us what to do or read, tools should be tools.)

If I switch to LibreWolf can I expect timely security updates ? I must say Firefox is very nice in that department.

Salesmen (or women) haven’t changed since medieval times: they will tell you anything to sell you their product. The big issue with Mozilla Sync (it seems to me) is the login credentials, eg the passwords. If anyone has access to those then that is trouble! However I do currently use Sync because it is SO convenient.

Yeah, try it maybe you’ll like it - but note that it’s by default aimed towards security and privacy if something doesn’t work like DRM just see FAQ how to enable it or ask in their gitter chat you’ll get help pretty quick

In terms of updates it’s pretty much in sync with Firefox stable (+/- day), available in AUR either by source code librewolf (don’t recommend coz it’s very long compilation, hours) or librewolf-bin where you grab their binaries directly from GiLab (if you trust devs it should be fine, but that’s your choice of course :slight_smile: )

OK, so add-ons, they have their own risks. I’ve recently cut down to using only a few. Can you run them on Libre-wolf? I already have the -bin version installed but have yet to use it as my “daily browser driver”.

Personally I always avoid addons which are not verified by Mozilla.

Sure, but by default they completely disable home-calling in browser itself, so to install addon:

  1. Use Mozilla url https://addons.mozilla.org/en-US/firefox/extensions/
  2. Manually update them, coz reasons :upside_down_face: although you can enable addons / plugins auto-update (see FAQ) - but that would be again privacy risk.

P.S. They pre-install ublock origins btw :upside_down_face:

Uhuh, so disable addons auto updates when using Libre-wolf? It sounds like a plan. I have two very old MacBooks running OS-X which are not eligible to receiving updates from Apple any more. Also I have disabled them from talking to Apple (the Borg, Seven of Nine :rofl:). They still work. As long as this does not destroy functions within the browser everything should still operate, no or yes?

That was conscious decision given the default focus of browser, you can update manually or re-enable auto-updates…They always thinking of ways for possibility to implement safe auto-updates, non so far.

I don’t store my passwords in a web browser.

2 Likes

Yep manual is good. Tbh auto anything usually makes me wary/suspicious.

I store some but not my banking details, they are just in my head. But maybe some details are just too much. I will have to review just how much is in my browser. Some stuff matters, other stuff not so much.

keepassc in a cli environment and then store the data file where you prefer, online or offline, your choice.