Stefan, are you aware that self-hosting Sync 1.5 and the FxA stack is possible?
https://blog.mozilla.org/services/2014/05/08/firefox-accounts-sync-1-5-and-self-hosting/ https://docs.services.mozilla.com/howtos/run-sync-1.5.html https://docs.services.mozilla.com/howtos/run-fxa.html#howto-run-fxa You can even use a custom server in Firefox for Android: https://addons.mozilla.org/en-US/android/addon/fxa-custom-server-addon/ This isn't as easy as self-hosting Sync 1.1, but that's because the overall system is more complicated, not because Mozilla is some nefarious actor that's trying to steal your data. It's also untrue that the NSA has access to your information. It's still encrypted end-to-end, with a key that's derived from your password. Mozilla can't decrypt that data without phishing you, which isn't significantly different from the old Sync system — as a browser vendor we could just as easily push out a hotfix that steals your credentials directly from the browser, so I think your fear is somewhat misplaced. On Fri, Mar 6, 2015 at 10:03 AM, Stefan Gofferje <ste...@gofferje.net> wrote: > Hi, > > after following the discussion for a couple of months, I have decided to > pulish a security warning concerning Firefox sync. > > > http://stefan.gofferje.net/it-stuff/blog/170-security-warning-firefox-force-upgrade-to-new-sync-system-imminent > > In my opinion, it's absolute unacceptable and not understandable, given > the recent past's many privacy scandals, that Firefox is forcing users > to upgrade to a system which effectively makes using the Mozilla > infrastructure mandatory. Encryption is no argument here because any > encryption can be broken and it's simply a matter of principle. > Through this actions, the Mozilla Foundation has moved itself onto the > same level as Google, Apple, facebook and other well known megacorps > which continuosly try coerce users into using their infrastructure to > get access to their data. > > I will personally stop using all Mozilla products and make sure that > they are also not used anymore in my professional area of influence. > > Kind regards / ystävällisin terveisin, > Stefan Gofferje > ______________________________________ > > Haukantie 2 B 5 > FIN-37600 Valkeakoski > Suomi / Finland > GSM: +358 (41) 7290730 > Aus Deutschland: (02151) 7476231 > http://stefan.gofferje.net/ > mailto: ste...@gofferje.net > > This email is signed with a qualified certificate according to the > Finnish Act on Digital Signatures (14/2003) and the Finnish Act on > Strong Electronic Identification and Electronic Signatures (617/2009) as > well as EU directive 1999/93/EC and EU Commission decision 2003/511/EC. > It is as such legally binding and equal to a personally signed paper > document. > For more information on Finnish qualified certificates for citizens, > please check http://fineid.fi/default.aspx?id=487 > > > > _______________________________________________ > Sync-dev mailing list > Sync-dev@mozilla.org > https://mail.mozilla.org/listinfo/sync-dev > >
_______________________________________________ Sync-dev mailing list Sync-dev@mozilla.org https://mail.mozilla.org/listinfo/sync-dev
