cancel
Showing results for 
Search instead for 
Did you mean: 

Firefox Sync - Take your bookmarks, tabs and personal information with you

Customize this article

Firefox

Firefox for Android

Firefox for iOS

Firefox OS

Thunderbird

Version History
Revision #:
3 of 3
Last update:
3 weeks ago
Updated by:
 
Comments

Based on http://blog.mozilla.com/services/2011.../enabling-quotas-for-firefox-sync/, Kadir Topal added a section on the amount of the synced data: 60 days, 25MB. It needs review.

I found one typo: 99,9 instead of 99.9.

I approved the edit as a level 2 revision. I then fixed the typo and approved it myself, as a minor revision.

Michael, ready for localization?

Some people use Firefox Sync to get friend's bookmarks without knowing the consequences (access to all his passwords from his friend's computer). We should add a warning about that.

I did some cleanup and clarification in this section, it needs review.

Thanks, Michelle

Approved. Thanks!

sertinho85

Hello. Do we need to set up different account for every profile or we can use one for all of our profiles.

Hmm... so this is an article that currently has 2 approved edits generating revisions not ready for l10n, and thus not showing up in the dashboard.

I’m confused and not sure what to do. Is this a bug?

olafk

The article states that "we generate a [key]". As this is a no-no in encryption (you never want the key to leave the computer without actively doing so yourself - especially you don't want to generate it on a third-party system) I'm questioning either the documentation or the feature.

I know that this is not the place to discuss the feature itself, but *if* Sync fulfills the TNO ("trust no one") principle, it should be stated here. If the key is not generated on mozilla's server (as is implied by "we generate") it should be stated so.

Some more details on my problems with the quoted part of the article here: http://www.olafkock.de/ok/2011/09/11/tno_trust_no_one.html

Olaf

I don't know how keys are generated but maybe keeping it secret is part of the trust as the credit card number generation works.

More generally, according to your TNO principle:

  • If one certificate is fraudulent or stolen as some were with Comodo and DigiNotar, you no longer use secure connections for your bank accounts, your bill payments or your email.
  • If one bank is in bankruptcy as Lehman Brother was, you no longer trust banks and hide your savings under your mattress.

The sync key is generated on the client that sets up your Sync account. It's stored in Password Manager, and it's never transferred across the wire in cleartext by code within Firefox.

Some more details for the technically minded.

UI code is in control of generating a sync key (still called "passphrase" in the code):

 http://hg.mozilla.org/mozilla-central/file/default/browser/base/content/syncGenericChange.js#l187

This is a base32 encoding of 16 random bytes:

 http://hg.mozilla.org/mozilla-central/file/default/services/sync/modules/util.js#l943

Credentials are persisted by ID objects:

 http://hg.mozilla.org/mozilla-central/file/default/services/sync/modules/identity.js#l86

pushed around by the Service object:

 http://hg.mozilla.org/mozilla-central/file/default/services/sync/modules/service.js#l138

(and search the rest of the file for where those get created and wiped).

The password manager deliberately doesn't sync these credentials:

 http://hg.mozilla.org/mozilla-central/file/default/services/sync/modules/engines/passwords.js#l186

The only way your sync key ever travels across the network is if you use Easy Setup to set up a new device. In this case it travels in an encrypted form, over a secure channel, and isn't persisted anywhere.

Based on rnewman's comment, I updated the article with a small sentence. If there was a web page for technical things, we could link to it.

scoobidiver said

Based on rnewman's comment, I updated the article with a small sentence. If there was a web page for technical things, we could link to it.

I'm aiming to produce a "how does Sync work" overview doc over the coming weeks, as soon as my travel and work schedule gets less hectic!

I removed words that inferred this is a secure backup. See Sync is not a backup tool but it is a good sync/transfer/move tool /forums/contributors/707681

gzsorc added again "Fire​fox ​data​ will​ be securely​ stored on our ​servers".

See this thread for some background.

I'm wondering if its a good idea to remove any type of reference to our servers. Whenever people read that, we end up having users understanding that our servers are backing up their data...and that's just partially true.

Have you got suggestions for the proposed re-wording ?

From a privacy point of view we need to be able to reassure the user the data is safe and admit it is stored on a server, but we could do that by linking to the privacy policy rather than having an inline explanation.

Then form a point of view of enabling the user to understand Syncs function and options do we need to include mention of the sever copy?
It could confuse users if we fail to mention that and somehow instead vaguely refer to a master or up-to-date copy.

Deleting a reference to servers may mislead users into thinking it is a requirement that both devices must be online simultaneously to sync, something that may be an impossible requirement with certain use cases e.g.
sync Work desktop with Home desktop.

John99 said

Have you got suggestions for the proposed re-wording ? From a privacy point of view we need to be able to reassure the user the data is safe and admit it is stored on a server, but we could do that by linking to the privacy policy rather than having an inline explanation. Then form a point of view of enabling the user to understand Syncs function and options do we need to include mention of the sever copy?
It could confuse users if we fail to mention that and somehow instead vaguely refer to a master or up-to-date copy. Deleting a reference to servers may mislead users into thinking it is a requirement that both devices must be online simultaneously to sync, something that may be an impossible requirement with certain use cases e.g.
sync Work desktop with Home desktop.

Basically that's the compromise: Do we confuse non savvy users that could potentially think this is yet another profile backup tool? Or do we confuse tech savvy users who understand why a server is necessary?

I'm not sure which is better-worse...that's why I'm asking for opinions here.

As much as I'd like it to be true that you can "take your data with you wherever you go" we don't support all platforms. Sync is available on Firefox and Firefox is available on desktop platforms X, Y and Z and on mobile it's just Android until FxOS can get in users' hands.

I found this article linked to from the chosen answer for "how can I get Firefox on iphone." Sync isn't going to help this person and we should make that clear.

https://support.mozilla.org/en-US/questions/936259

See this forum thread for related discussion on updates to this article:

To eddyc:

I think you misunderstood my comment to the-edmeister in the above thread, where I wrote,

The Restore bookmarks from backup or move them to another computer article has a Moving bookmarks to another computer section that says this:

Using Firefox Sync

You can use Firefox Sync to move your bookmarks from one computer to another.

Note: Firefox Sync continuously updates itself as you change bookmarks, so it does not provide a true backup service, nor is it intended to be used as one.

<snip>


I wrote that you could add something about Sync not being a backup service to this article. I don't use Firefox Sync myself so I'm not the best person to review the other changes you are making to this article but regarding the following addition:

== Can I use Firefox Sync to backup my data? ==
In short: 'No'. Firefox Sync is designed for moving your bookmarks from one computer to another. The data is continuously updated as you change bookmarks, so it does not provide a true backup service, nor is it intended to be used as one. For information on backing up your personal data see the following article: Back up and restore information in Firefox profiles

You should change that to something like,

In short: 'No'. Firefox Sync is designed for synchronizing data (such as your bookmarks, history, passwords, and open tabs) when you use Firefox on different computers or mobile devices. The data is continuously updated so it does not provide a true backup service, nor is it intended to be used as one. For information on backing up the Firefox data that you have stored on your computer, see the article Back up and restore information in Firefox profiles.

Ah yes you are right. I didn't realise how bookmark specific that sounds.

I think your edit looks perfect. I've dropped that in and submitted again.

Thanks

On the new Where can I find my synced tabs? section:

Assuming the content is OK (and I would rather have someone else look it over who actually uses Sync) you'll still need to make another edit based on your last revision. I see you left out {for mac} here:

This can be accessed from {for linux}the History Menu{/for}{for win}Firefox > History{/for}

What I always do when making an edit that involves {for} markup is to switch to the different versions using the version picker. In this case, choosing Mac OS X you'll see right away that there is something missing after "from". In this case, you're missing the History menu when you check the article content for Mac. However, WinXP also accesses the History menu from the Menu bar by default. See Display the Firefox button menu instead of the menu toolbar for details.

What I would do is to simply say, This can be accessed from the {menu History} menu.

If you want to explain how to get to the History menu in different OS's there's actually a template that you can "steal from". If you check the source of /kb/templateopenhistorylibrary you can use this code:

{for win7,win8}At the top of the Firefox window, click the {button Firefox} button and go over to the {menu History} menu.{/for}{for mac}On the menu bar, click the {menu History} menu .{/for}{for linux,winxp}At the top of the Firefox window, click the {menu History} menu.{/for}

Sync can successfully be used to back-up data on one PC prior to a reformat or the installation of a new operating system. but it seems that users we see in SUMO had no concept of the importance of the Sync / Recovery Key and didn't Print a copy of the final Sync Set Up dialog box. Without a copy of that Key or them using Sync on another device they are SOL as far as recovering their data.

Mozilla Sync seems to be unique among the "clouds" and browser data synchronizing services out there by having a third security credential to access their data on the Sync Servers and to connect to those servers. A credential that they don't "make up them self", one that is auto-generated by the Sync system. And one that is far from the usual "first pet's name", "mother's maiden", etc that might be able to be retrieved from online social networking data. IMO, the concept is sound, but the implementation leaves much to be desired.

That is where users are having a problem, way too often. And I suspected that this was going to be a problem in Nov / Dec 2010 when a new version of Weave / Sync was introduced that eliminated the original "passphrase" as the 3rd credential, and started using the current 26 character auto-generated Sync / Recovery Key.
https://wiki.mozilla.org/Labs/Weave/Crypto
How many people can remember their own drivers license number? Or SS#? How many can remember their 16 digit debit / credit card number (that they routinely type into online order forms)?
I can remember all three. Being that my SS# was also my military service ID number, that I have had a drivers license for 48 years, and I have been doing phone and online purchasing for over thirty years - but I still can't remember the CV# that changes every 3 to 4 years, when the card is renewed.
From the number of people I have watched incorrectly copy those numbers down on a form that they were filing out when I was applying for something, and I told them that they transposed a pair of numbers or skipped a digit in the one triple number sequence I have in one of those sets of numbers. They always express surprise that I "know" those ID numbers, so I know that I am far from average with remembering those numbers.

State of the art, industrial-strength security credentials is good in theory, but when your average-user has so little knowledge of the operating system they are using, that they can't even print anything without having a Print button or a contextual-menu Print item in a program, the developers are setting things up for massive misunderstandings or for complete failure, IMO.

I was collecting screenshots and had started a "how-to" to guide users thru the use of Sync up until that change of the 3rd credential, but decided not to follow thru on the completion of that guide because I lost faith in the Weave / Sync project with that change.

IMO, under - What does it do? - I feel at the end of that paragraph there should be a specific message that Sync isn't intended to be a "cloud" or a service to be used for backing up their data for purposes of reformatting or installing a new operating system.
Two common mis-uses if Sync.
And I think that message needs to be on every Sync support article, maybe at the bottom of the other Sync support articles as a disclaimer, of sorts.

Yes, that is a negative "feature" and support articles inform the user of features, how different features work, etc; generally all positive, reinforcing descriptions. But Sync doesn't work as users "expect" or as other seemingly similar services work, so I think this "warning" or disclaimer is very important.

AliceWyman said

If you want to explain how to get to the History menu in different OS's there's actually a template that you can "steal from". If you check the source of /kb/templateopenhistorylibrary you can use this code: {for win7,win8}At the top of the Firefox window, click the {button Firefox} button and go over to the {menu History} menu.{/for}{for mac}On the menu bar, click the {menu History} menu .{/for}{for linux,winxp}At the top of the Firefox window, click the {menu History} menu.{/for}

Thanks. I've added that code in.

I still don't have access to a Mac for taking screenshots of the 'Tabs from Other Devices' page or the Sync Preferences page. But I can take a screenshot for Windows tonight.

Would either of you be able to take the Mac screenshots? If not I've got a friend with a Mac. I can ask him to do them.

the-edmeister said

Sync can successfully be used to back-up data on one PC prior to a reformat or the installation of a new operating system. but it seems that users we see in SUMO had no concept of the importance of the Sync / Recovery Key and didn't Print a copy of the final Sync Set Up dialog box. Without a copy of that Key or them using Sync on another device they are SOL as far as recovering their data. ... IMO, under - What does it do? - I feel at the end of that paragraph there should be a specific message that Sync isn't intended to be a "cloud" or a service to be used for backing up their data for purposes of reformatting or installing a new operating system.
Two common mis-uses if Sync.
And I think that message needs to be on every Sync support article, maybe at the bottom of the other Sync support articles as a disclaimer, of sorts.

I also had no idea that you could do that (or really any idea of what the recovery key was for). Interesting thanks.

Agreed about the disclaimer. I've answered several forum support requests asking about how to get their data back after wiping a hard drive etc. People seem to expect it to be a backup service and don't realise their mistake until it is too late.

We need to make it very clear in any and all Sync support articles that Sync isn't intended to be used as a backup service for the purpose of storing data while the user reformats the only device they are using Sync with. We have had far too many postings about Sync being used for that purpose, and the user didn't have their Sync Key / Recovery Key. IMO, that is a fatal flaw with Sync!

A negative statement or not, we need to make users aware of this, because it is an unrealistic expectation that users will understand the importance of saving their Sync Key / Recovery Key when they first setup Sync.


Yes, it is possible to use it in that manner, but without the Recovery Key / Sync Key their data is worthless, and the Sync server wipes their data when they request a new Sync Key because it is worthless without the correct encryption key.


Ed