Firefox is not secure!
Firefox releases email addresses and our data to third parties!
I installed the Arc browser and Arc offered to load my bookmarks from mozilla. Out of curiosity, I let it, and it loaded my bookmarks and folders smoothly. Arc didn't navigate Firefox to the login page, so Firefox released my information without asking me.
What probably happened in the background was that the Arc browser told Firefox which email address it was requesting data from, and Firefox handed over the data to it "on notice". Firefox was not even convinced that the real owner of the email address asked the Arc browser to synchronize the folders.
Is it the famous Firefox reliability?
الحل المُختار
Paul said
Hi Just to clarify: You asked another browser to import your data from Firefox, and it imported the data from Firefox. I am struggling to see what the problem is here.
1. The browser saw my folders before I asked it to sync. 2. I thought that no other application could access my data, because it is protected by Mozilla.
I thought you had to ask permission from mozilla, but I was wrong. Mozilla stores the data on my computer unprotected.
I create any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.
I have already realized that this is not only Mozilla's fault, but also Microsoft's.
Read this answer in context 👍 0All Replies (16)
Well, that's a nice conspiracy theory.
Did you get all those badges by writing foolishness?
If you ask me for my email address, I will give it to you. So, for example, will Apple release my data to you if you ask Apple to release the data associated with the email address to you? Never! If you can't think logically, don't write stupid things!
TyDraniu írta
Well, that's a nice conspiracy theory.
Even simpler for you to understand.
How did the Arc browser get my data from Firefox if Arc only knew my email address?
It's even worse! It doesn't work the way I thought it would. After I deleted the Arc browser, I downloaded it again and registered with a different email address. And when I clicked on the Firefox logo, Arc displayed my folders and bookmarks in the same way. I didn't even accept the synchronization yet, I just chose from the offered browsers. Firefox transfers the data to third parties without restriction, who can browse the data freely.
Arc will have read the information from your Firefox Profile folder on your hard disk — it won't have needed to access Mozilla's server, nor would it have needed to access Google's had you been moving from Chrome or MicroSoft's if moving from Internet Explorer/Edge.
Modified
thepillenwerfer said
Arc will have read the information from your Firefox Profile folder on your hard disk — it won't have needed to access Mozilla's server, nor would it have needed to access Google's had you been moving from Chrome or MicroSoft's if moving from Internet Explorer/Edge.
Bad example and wrong approach. I haven't moved from anywhere, I've always been a Firefox user. Why should any software developer just have access to my data for a third party? It handles data very loosely.
Wonderful world... People found TyDraniu's post helpful... ? :)) Nobody cares about privacy. No one even knows what a private sphere is. For example, today's young people don't even know what a letter secret is. Everyone takes it for granted that Google reads emails.
Only Apple takes privacy seriously, no one else. I only use Safari on iOS.
info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them.
Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords.
So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information.
Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying.
One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time?
Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link.
However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?
Modified
TechHorse said
info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them. Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords. So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information. Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying. One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time? Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link. However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?
I don't use a primary password, I didn't even know one existed. I think firefox should do something to prevent this from happening. Because we expect this from Microsoft in vain, Microsoft is just as curious as Google's spy software these days.
On the Apple operating system, the system itself asks me for all access permissions. It's a nightmare that any software can scan all the folders on my computer during installation, even though I only give it permission to install.
As I wrote, the Arc browser saw my folders before I gave permission to sync. After the first installation, I basically deleted all related files. Although it was not easy to search for the word "Arc" on my computer.
Anyway, thanks for your comment. I still don't think this is how it should work, but I'll take the chance and set a primary password.
TechHorse said
info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them. Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords. So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information. Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying. One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time? Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link. However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?
Well, I checked what the primary password is good for, but it doesn't provide protection for the problem mentioned above. I don't store passwords anywhere, I haven't saved any passwords in the browser, I use my computer alone, so it's almost an unnecessary procedure. And I can even lose my data if I don't remember the primary password. It's not worth the risk because it doesn't provide you with extra security.
Hi
Just to clarify:
You asked another browser to import your data from Firefox, and it imported the data from Firefox.
I am struggling to see what the problem is here.
الحل المُختار
Paul said
Hi Just to clarify: You asked another browser to import your data from Firefox, and it imported the data from Firefox. I am struggling to see what the problem is here.
1. The browser saw my folders before I asked it to sync. 2. I thought that no other application could access my data, because it is protected by Mozilla.
I thought you had to ask permission from mozilla, but I was wrong. Mozilla stores the data on my computer unprotected.
I create any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.
I have already realized that this is not only Mozilla's fault, but also Microsoft's.
Modified
info11727 said
any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.
And they can view all your documents and photos and any file too!
Yes, you are responsible for what software you install on your system. What you described is a malicious program, there's many out there on the internet, it's why you don't just randomly click links or install stuff.
Modified
Jared said
info11727 said
any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.
And they can view all your documents and photos and any file too!
Yes, you are responsible for what software you install on your system. What you described is a malicious program, there's many out there on the internet, it's why you don't just randomly click links or install stuff.
This is a Microsoft problem.
I will try to write to them about this, but I am 100 percent sure that they are not interested.
Especially since they have been collaborating with Google, since then Microsoft has also been spying on its users.
They will not be interested in a secure installation.
info11727 said
This is a Microsoft problem.
Sorta, it's just how the operating system works. You can view the file system on macOS and Linux from a program too. But it's definitely not a Firefox problem.
Note that MS may also store sensitive data like websites you visited and files saved/loaded from removable devices in the registry without you being aware of. The icon cache also can store thumbnails that were ever shown on the task bar by some application.