Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

Privacy reduced with new Firefox Sync?

  • 2 valiny
  • 8 manana an'ity olana ity
  • 1 view
  • Valiny farany nomen'i DB

more options

The old Firefox Sync (before Firefox 29.0) came with end-to-end encryption. This technical limitation prevented Mozilla from reading the contents of users' browsing history and passwords.

If I understand correctly, the new Firefox Sync stores the encryption keys on their own servers (instead of the users' browser). Does this mean that Mozilla is now required to pass on this private information to police, NSA, and other government agencies when required, and is susceptible to mass data breaches from bad actors?

If true, are there any alternatives to the new Firefox Sync (short of hosting my own Sync service) that continue to use end-to-end encryption?

The old Firefox Sync (before Firefox 29.0) came with end-to-end encryption. This technical limitation prevented Mozilla from reading the contents of users' browsing history and passwords. If I understand correctly, the new Firefox Sync stores the encryption keys on their own servers (instead of the users' browser). Does this mean that Mozilla is now required to pass on this private information to police, NSA, and other government agencies when required, and is susceptible to mass data breaches from bad actors? If true, are there any alternatives to the new Firefox Sync (short of hosting my own Sync service) that continue to use end-to-end encryption?

Novain'i DB t@

All Replies (2)

more options

I can not fully answer this but please follow

  • /questions/993302#answer-571374 are bookmarks encrypted?
    I have cross linked some other threads in that post and some of the user facing documentation I could find.
  • /questions/999581#answer-571391 If I disable my master password and enable sync of my passwords, how are they encrypted? What is my encryption key?
    I have escalated that post to try to get a proper answer, (and also start up discussion about the documentation -we maintain some documents ourselves).
more options

Brian Warner's blog post seems to address the question: "Sync will still provide end-to-end encryption, but accessed by a password instead of pairing." https://blog.mozilla.org/warner/2014/04/02/pairing-problems/

The first comment on that blog post mentions the new password method is one-factor authentication rather than two-factor authentication of the original "pair devices" method.