We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Does modzilla save passwords/bookmarks etc on their servers ?

  • 7 replies
  • 3 have this problem
  • 13 views
  • Last reply by capcomnz

more options

After the Opera "breach" http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/

Does Modzilla save bookmarks and/or passwords on its servers when sync is activated ? Are these secure? Can these be viewed (apart from viewing under Options->Security->Saved Logins) I know Chrome has a option of opening up Google Dashboard where it will advise of all saved data on its servers, under Google Sync. Is there a similar option for Firefox ??

I have deleted my old account and created a new on but only syn'd the bookmarks due to this Opera incident.

After the Opera "breach" http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Does Modzilla save bookmarks and/or passwords on its servers when sync is activated ? Are these secure? Can these be viewed (apart from viewing under Options->Security->Saved Logins) I know Chrome has a option of opening up Google Dashboard where it will advise of all saved data on its servers, under Google Sync. Is there a similar option for Firefox ?? I have deleted my old account and created a new on but only syn'd the bookmarks due to this Opera incident.

All Replies (7)

more options

hi capcomnz, if you are using firefox sync, your data will be encrypted locally on your device with a key derived from your firefox account password before it is sent to mozilla's servers - your account password is the only way to decrypt that data. if you want to learn more about the technical details about the sync protocol you can refer to its documentation at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol (in particular the section about "security analysis").

more options

Thanks for the reply Philipp but the technical stuff was way over my head. You said "that the data is encrypted locally on device .....before it is sent to Mozillas servers." So in theory the same thing that happened at Opera could happen here. The account passwords were possibly compromised, which lead to 3rd party site passwords being possibly compromised as well, through their sync system. Does that mean that when I deleted my old account all information was deleted and now I have setup a new account and only syncing bookmarks no 3rd party site passwords should be on Mozillas servers.

more options

hey again, i am not sure what kind of attack exactly happened with opera or what kind of security safeguards they are using, so i cannot comment on that.

but yes, what's cryptographically protecting your sync data is in essence your firefox account password, so we advise to pick a strong and unique password for that purpose. if i'm not mistaken we also recently introduced some form of 2-factor authentication so that when a new device wants to connect to your sync account you not only have to provide a password but also demonstrate control over your email account (by clicking a link on a confirmation mail).

i don't think that after closing an account the data is purged immediately (this happens on something like a daily interval) - but deleting an account destroys its encryption keys, so the encrypted blobs on the server become meaningless.

more options

capcomnz said

Does that mean that when I deleted my old account all information was deleted and now I have setup a new account and only syncing bookmarks no 3rd party site passwords should be on Mozillas servers.

How did you "delete" your old account? What exactly did you do?

more options

Hi jscher2000 I simply went under Options -> Sync and clicked on Manage Account That opened a website which gave several options like changing picture, display name, password but also Delete Account.

more options

That sounds conclusive to me. Especially if you were able to create a new account using the same email address.

more options

Actually i created a new account under a different email address and only syn'd bookmarks. That way I get them on my iPad as well.