I've opened a bug to discuss what we should do when a user logs into one
Firefox Account, successfully syncs, then logs into a different Firefox
account. There are a number of complications in this scenario; as
rnewman puts it: "Failure mode: my passwords end up in my friend's
password manager". Clearly this would be bad.
The bug is https://bugzilla.mozilla.org/show_bug.cgi?id=958927. I've
copied a comment from this bug below to whet your appetite for some of
the issues we face. In the 29 timeframe, I'm not sure we can do better
than simply refuse to sync with a different Fxa account, but I invite
everyone with any thoughts on this to contribute in the bug.
An excerpt from a comment from rnewman in that bug:
"""
But wrt the broader point: this has been an under-designed area of
original Sync, too. And I've seen pained user reports of data merging in
Chrome.
The issue is that when a user starts thinking in terms of "signing in",
rather than "setting up Sync", their expectations about data going away
and coming back change. E.g.,
* Should you wipe this profile when you sign out? When you sign in?
* If not, should you merge the contents, or prompt differently if this
is the second account you sign in to? Failure mode: my passwords end up
in my friend's password manager.
* What happens if a first sync isn't finished when I sign out? Is that a
problem? (With the Sync codebase it certainly is from a protocol
standpoint, but it's a different kind of problem if you're about to wipe
the profile!)
In Sync we avoided this by not strongly phrasing things in terms of
signing in to an account -- e.g., "unlinking" rather than "signing out".
The solution in terms of Accounts is probably SITB with profile
switching (Bug 749195).
"""
Mark
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
