Hi Stefan, On Fri, Mar 6, 2015 at 10:03 AM, Stefan Gofferje <[email protected]> wrote:
> Hi, > > after following the discussion for a couple of months, I have decided to > pulish a security warning concerning Firefox sync. > > > http://stefan.gofferje.net/it-stuff/blog/170-security-warning-firefox-force-upgrade-to-new-sync-system-imminent > > In my opinion, it's absolute unacceptable and not understandable, given > the recent past's many privacy scandals, that Firefox is forcing users > to upgrade to a system which effectively makes using the Mozilla > infrastructure mandatory. As Richard points out, this just isn't true. There's nothing hidden about the FxA stack; you've been able to self-host Desktop since about Firefox 33, and Android since about Firefox 35. It's complicated because Mozilla is trying to run an extensible service for 100 million users! An ambitious OwnCloud and Firefox add-on developer could arrange to simplify the FxA stack for self-hosters. It's a reflection of how little value that project has that it hasn't happened yet. Encryption is no argument here because any > encryption can be broken and it's simply a matter of principle. > I think this is moot. I am not saying it's easy. > Through this actions, the Mozilla Foundation has moved itself onto the > same level as Google, Apple, facebook and other well known megacorps > which continuosly try coerce users into using their infrastructure to > get access to their data. > This is just not true. Yes, Mozilla is trying to compete with Google, Apple, and Facebook. The big identity and sync systems are extremely popular *because they provide a huge amount of user value*. The Old Sync system was providing a small amount of user value to a very small number of users. You're just wrong that our goal is to get access to the data of Mozilla users, but I doubt I or anyone else will convince you otherwise. > I will personally stop using all Mozilla products and make sure that > they are also not used anymore in my professional area of influence. > You are looking at a system explicitly designed to protect the privacy of hundreds of millions of users and saying it's not good enough. A tiny fraction of those millions will self-host. We can protect the privacy of the many by competing with Google, Apple, and Facebook, or we can protect the privacy of a tiny population by focusing on self-hosting. For me, that choice is clear: we are market driven and must go to where our users are. Nick Full disclosure: I am a Mozilla Corporation employee and speak for what I believe Mozilla has done, is doing, and will do. I may, of course, be wrong. > Kind regards / ystävällisin terveisin, > Stefan Gofferje > ______________________________________ > > Haukantie 2 B 5 > FIN-37600 Valkeakoski > Suomi / Finland > GSM: +358 (41) 7290730 > Aus Deutschland: (02151) 7476231 > http://stefan.gofferje.net/ > mailto: [email protected] > > This email is signed with a qualified certificate according to the > Finnish Act on Digital Signatures (14/2003) and the Finnish Act on > Strong Electronic Identification and Electronic Signatures (617/2009) as > well as EU directive 1999/93/EC and EU Commission decision 2003/511/EC. > It is as such legally binding and equal to a personally signed paper > document. > For more information on Finnish qualified certificates for citizens, > please check http://fineid.fi/default.aspx?id=487 > > > > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev > >
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
