On 8/20/13 9:29 AM, Deb Richardson wrote:
Did you mean "those changes will apply to all of my *devices*"? So,
like, if I go into prefs on my phone and turn on "sync bookmarks"
(assuming it was was turned off before), my desktop will start
syncing bookmarks too?
Exactly. We discussed the options (universal sync settings vs
device-specific settings) in the Product meeting last week, and the
product owners (Asa, Karen, Clee) all agreed that this is the desired
behaviour for MVP.
Yeah, that sounds easier to understand than separate per-device
settings.
One thing to be aware of: this increase the amount of power that our
server has over the clients. Each client will be listening to the server
for changes to the sync settings. Those changes are *supposed* to come
from other clients, but the server could fake them.
Somebody may not want to sync, say, bookmarks, so they leave that turned
off. But then a bad guy breaks into our servers, or some MIB compels us
to make some changes, and we have the ability to push down a fake
message that turns bookmark syncing back on. If the choice between
class-A and class-B is similarly synchronized (and server-controlled)
too, then we lose a lot of our "your data is protected even against us"
security properties, because we can forcibly downgrade the security mode
to one that leaves the data visible to our keyserver.
cheers,
-Brian
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
