User Messages received when Firefox Sync is in progress? / Ability to disable Firefox Sync fully?
Hello
I searched and could not find any information about what messages the user receives during Firefox Sync Process / When a sync is taking place. What are user confirmation messages does Firefox Sync provide?
- I would like to be notified when a sync is taking place e.g. started and finished
- I would like to be notified a new Firefox Account has been created
- I would like to be notified when Sync has been activated
I searched and could not find what Firefox Sync setup looks like when activated. I only know what it looks like when it is not activated. e.g. see my screenshot. Can you please post a screenshot of what it looks like setup. Thankyou
I do not have Firefox Sync activated and am nervous having this feature readily available under Firefox Preferences and requires no passcode to activate on my computer. I could not find anyway to disable this feature completly. Can it be done?
Firefox 47.0.1 Yosemite 10.10.5
Thankyou for your help in advance
Edeziri
All Replies (13)
Firefox Sync -- screenshot -- not enabled
Sync is built in to Firefox and not designed to be removed but can be turned off and cleared.
I am not certain what info is going to be useful but here are a few of my observations.
With Sync active you will be able to look for a Sync Log key in to the address bar about:sync-log and press enter. Also see answers in your related question
- View Firefox Sync history? /questions/1137367
I can see circumstances where this is not the case but normally (I am actually checking in Nightly rather than Release) but when Sync is active the menu from the threebar menu button changes and mentions Sync History, and if you use Alt + T to open the tools option you see a different message also.
Probably one obvious change you see the email address that Sync is using, that is visible in your prefs even if you have not got as far as confirming that by answering the email that will be sent. In the example I use I can not start sync I used a fictitious email address. Note if you set up sync and use an email address you no longer have access to you can not reset that sync, because you will not be able to confirm the reset from the email address but you can disconnect it from the computer.
All the user friendly Sync help articles are here: /products/firefox/sync ( I hope that does not move when the forum migrates to new software, it should not do as it will be linked from Firefox's GUI) and current titles
- How do I set up Sync on my computer?
- I'm having problems confirming my Mozilla account
- I've lost my Firefox Sync account information - What to do
- How to sync your add-ons with another copy of Firefox
- Disable Firefox Sync on a lost phone or tablet
- Firefox Sync troubleshooting and tips
More techie stuff, in a more to less user friendly order, only likely to be of interest if you wish to know the background or the deeper security aspects.
- Firefox Sync’s New Security Model
https://blog.mozilla.org/services/2014/04/30/firefox-syncs-new-security-model/ - Pairing Problems
https://blog.mozilla.org/warner/2014/04/02/pairing-problems/ - https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
There is no point in me repeating details and screenshots from those articles but here are some that could be of interest
Prefs in about:config filtered on s.sync highlighting an email address
Forgetting an email address. Note this one was never even confirmed so it is not going to be used to Sync
If you try to use an existing email address already in use on Firefox Accounts Sync
Thankyou john99, Things have gotten worse not better in last week.
Good news, at no time did I see an "email address" appear under "Sync" feature on preferences. I put a watch on that page and no times was alerted.
However, on my macbook, I discovered 2 sync.logs. Both .logs have been created on same day, recently, and 2hr apart. AND I have not had sync feature activated ever.
So this observation -- is unnerving to someone like me.
Both logs say sync did not take place because username / passcode not there. So that is good. But I can see in the log the "thing" is gathering information about my Firefox profile. How could this happen as I have never activated sync on my macbook. I do see under Greasemonkey, sync checkbox on. Maybe this is how the "thing" gathers information. I do not know.
Now I have 5 questions:
1) Under greasemonkey, there is an option I can see that says Sync Greasemonkey scripts. Is this standard or something this "thing" has added?
2) If this feature is standard, (greasemonkey script sync checkbox) is the default ON or OFF? I was thinking it best default as OFF and require a passcode or user notification that it is turned on.
3) When "Sync" happens, what is the Firefox Connection / Port that is used? I was thinking the most 'peace of mind method' would be to block this using an app like Little Snitch -- until Firefox updates how sync can be manipulated without the computer user knowing.
4) I created a new Fx Profile, and only loaded 2 addons (GM was not added). To my surprise, Firefox was trying to connect to several sites I have no idea why, or what is causing it to connect. I blocked them now using Little Snitch where before I never used Little Snitch on a site by site basis with Firefox as never felt I had too. To reiterate -- this is a brand new profile. I tried to search the web to find out but failed (e.g. no intelligent answer could be found).
The sites were port 443 -- www.malwaredomainlist.com port 443 -- raw.githubusercontent.com port 443 -- shavar.services.mozilla.com port 443 -- normandy.cdn.mozilla.net port 80 -- download.cdn.mozilla.net port 80 -- download.mozilla.org and then port 443 -- connect.facebook.net (why is mozilla trying to connect me to facebook???)
The other sites Firefox (brand new profile) wanted to connect with are, that looked OK to me: port 443 -- addons.cdn.mozilla.net port 443 -- versioncheck-bg.addons.mozilla.org port 443 -- services.addons.mozilla.org port 443 -- ssl.google-analytics.com port 80 -- clients1.google.com port 80 -- ocsp.digicert.com port 443 -- safebrowsing.google.com port 443 -- self-repair.mozilla.org
5) Why are any of these sites coming up to be connect to on a brand new profile of Firefox? I do not understand the logic or the feature. And if it is a feature (maybe tiles??) I am wondering why is the default to allow rather than disallow. Is there some logic I am missing.
FYI -- After finding these 2 sync.logs on my macbook under the Fx Profile, I have run 2 mac virus/trojan/malware scanners and only 1 thing found. And this thing was not rated as a big nasty. I did scan the culprit file I loaded under app, Parallels opened for 1 minute max and this file had 37 nasties (first scanned 2013, last scanned by another 2 weeks ago (30 nasties), and still growing). This file was rated very very bad, almost the worse you can get. I used the online scanner service called "virustotal"
Thankyou for your help in advance.
Edeziri
I will try to check some of the facts relating to your questions, and see if others know more than I do, which is highly likely. Meanwhile initial thoughts The domains including Mozilla in the name are probably nothing to worry about. Also even using a brand new profile
- You will presumably have used it for browsing and so visited sites
- Did you actually create a new profile, or did you only use the Firefox Refresh ?
I am not aware of Sync logs being created unless you use Sync, Or possibly try to register for a Firefox account. I note a new profile I created has an empty weave folder in the profile.
A clean profile may still use plugins, so do you have any other software that may contact facebook or whatever the www.malwaredomainlist.com is?
You mention www.malwaredomainlist.com as being unexpected, but in your other thread you were using github to post a support question about an addon. That MDL site may not be malicious in itself, but I am suspicious as to why Firefox should try to connect with that.
This is a general, and apparently slightly out of date help article
Ordinarily there is no reason to try to stop the connections Firefox tries to make automatically.
I note you are using a Mac. They do not have malware issues as often as do Windows machines. Some official sites suggest they need no AntiVirus or AntiMalware software other than what is already built in. Obviously from your comments you have found malware, maybe that is not all removed yet.
- What is the link you got back from virustotal.com when you submitted the file for scanning please ?
What anti virus etc programs are you using by the way. For Mac s I am only aware of Clam { wikipedia.org/wiki/Clam_AntiVirus ) & Malwarebytes { malwarebytes.com/antimalware/mac/ ) .
I have only rarely tried using Greasmonkey, and not for some years. I see no reason that will be involved with Firefox Accounts|Firefox Sync other than as is anything else once you run Sync and then select what is being Synced.
Thankyou for taking the time to read my reply and help me John99
- I will try to check some of the facts relating to your questions, and see if others know more than I do, which is highly likely
Thankyou
- You will presumably have used it for browsing and so visited sites
- Did you actually create a new profile, or did you only use the Firefox Refresh ?
- I dont believe I did any browsing first. That is why I am thinking it is something in a brand new profile (? tiles all came up so maybe its this. I dont use tiles normally so not familiar with this feature). I note, I still has the old FX on the HD just was in teh new FX profile.
- Brand new Fx profile created. No, I did not use Firefox "Refresh" feature. Created a new profile using "profile manager". Choose this new profile on login. Then a day later, the OLD fx profile was removed from my mac.
- I am not aware of Sync logs being created unless you use Sync, Or possibly try to register for a Firefox account.
- I note a new profile I created has an empty weave folder in the profile.
- Never done either action - a)use Sync Log or b) register for a Firefox Account.
- I note the timeframe of the logs was about when I went back into Parallels Application on my mac, to get the file to do upload it to the online virus scanner I mentioned. It was after that I noticed these 2 sync.logs as I was starting to prepare my backup so going thru each folder to make sure I did not miss any data to backup. That is when I noticed a directory called "weave" under my then Fx Profile (I now call my old Fx Profile). I had never seen a directory called that before so I looked into it and saw these 2 sync.logs. I cannot remember checking for these sync.logs before then.
- I note, in my new Fx profile (47.0.1 on yosemite osx), no weave folder created.
- but in your other thread you were using github to post a support question about an addon
- My post to github was when I was on my old Fx Profile. Not the brand newly created Fx Profile
- A clean profile may still use plugins, so do you have any other software that may contact facebook or whatever the www.malwaredomainlist.com is?
- I don't believe I have added any plugins to the new profile.
- I never use facebook. I dont even have an account.
- To the new Fx profile, I have added 2 addons but even these I am pretty sure I added after I saw new Fx Profile trying to connect to these sites.
- I originally allowed all automatic connections via Firefox. Then in new Fx Profile when I saw "raw.githubusercontent.com" I was suspicious then I saw this malware site and was on red alert, something not right.
- I went to the malware site and it said only go here if you know what your doing. I don't know what I am doing, so I got out of there. So then I blocked all the sites, and removed the old Fx Profile. Just in case something in there was causing it. I have no idea.
- I had the same reaction as you state "That MDL site may not be malicious in itself but I am suspicious as to why Firefox should try to connect with that."
- Obviously from your comments you have found malware, maybe that is not all removed yet.
- Agree with your perspective on virus/malware etc + Mac.
- I refreshed my knowledge and it appears this is current view.
- My silly, is I have Parallels Application installed and Windows then installed in this. I had incorrectly assumed it created a partition but it does not. So the nasty entered this way. But from the sync.logs, (which was in my mac osx/Fx Profile, it tells me this nasty was clever enough to scan my HD and look for "Fx Profiles" and check my settings.
- Your comment "maybe that is not all removed yet". I agree.
- What is the link you got back from virustotal.com when you submitted the file for scanning please ?
- I did not get any link back. When you upload the file, it shows you 2options. The Analysis of the report when this file was last scanned and option to scan your upload. I did both options. Then the Analysis report shows online. I have a cut and paste list of the nasties per report if that helps.
- What anti virus etc programs are you using by the way. For Macs I am only aware of Clam
I used bitdefender first, found 1. Then used Clam and found nothing. Both full scans. Clam took a full day.
- Greasmonkey,
There is a gap then in my opinion. Checkbox option under Greasemonkey "sync scripts". As this way scripts can be unwittingly added to your profile, if a nasty has got your Fx profile unwittingly. I just looked there as the sync.logs inferred to me, the "thing" was gathering information about my profile. It tried twice before I found it. In my friend's window PC, he had 3 sync.logs only, so I assumed the third sync attempt the "thing" has sufficient information to do the damage.
- I note one more thing.I have forgotten the precise as was so shocked on seeing sync.logs and been in preventative mode since. But somewhere in the Fx Profile, the "thing" added something that came from "Thunderbird". I did not know what "Thunderbird" was. Either it was an addon or more likely something to do with Greasemonkey or something... as I had to search what Thunderbird was... etc.. I will try and find my notes. Just make note now, so I dont forget.
- FYI We have verified, the other browsers "Sync" function has the same weakness. But we have not tested yet if the user receives any notification around the Sync function to alert them if its being used unwittingly.
Thankyou again for your time + assistance, John99
Edeziri
Not sure I an think of anything to add at the moment. Thunderbird is other Mozilla software, mozilla.org/thunderbird/ an email client, and uses a similar Mozilla profile to Firefox.
new Firefox Profile created using Profile Manager. I have discovered the new Firefox Profile has all the "plugins" from my old Firefox Profile. I did not add these into the new Fx Profile. Some how Firefox picked them up.
Is this expected behaviour or abnormal behaviour?
FYI - I do not believe any of the activated plugins would cause Firefox to go the above listed sites. Only 3 of these plugins were on "Always Activate". The home page listed for these 3 are not in the above list of sites. The other plugins were on "Ask to Activate".
- Shockwave Flash
- OpenH264 Video Codec provided by Cisco Systems, Inc.
- Widevine Content Decryption Module provided by Google Inc.
Edeziri
This is expected behaviour. Plugins are not installed and controlled by Firefox they are installed on your Operating System, as separate software that has components that Firefox can use. Firefox is moving away from using plugins
- NPAPI Plugins in Firefox https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
> I do see under Greasemonkey, sync checkbox on. > Maybe this is how the "thing" gathers information. I do not know.
I wonder if this is a bug in greasemonkey, causing Firefox to attempt to sync even though you're not signed in to the browser, and hence producing the error logs that you noticed.
I have not used Greasmonkey recently. Does it involve or invoke use of Firefox Sync ? I am not sure why it should. Is the Grease Monkey sync a totally separate service and feature ? For instance I found:
- Sync: Could not get engine #2351
https://github.com/greasemonkey/greasemonkey/issues/2351#issuecomment-193218991
Ryan As a cloud service engineer and involved in answering Sync questions on the forum & on Sync Bugs I hope you can enlighten me.
Do you know are there methods of signing in to and using sync without going through the normal procedures of opening a Firefox Account with for instance
about:preferences?entrypoint=menupanel#sync
I am interested in how Sync would be enabled without a user being explicitly made aware of it being used.
Does Greasmonkey
- enable Sync by some method other than the Firefox standard UI ?
- normally use Firefox Sync when it syncs scripts ?
Thanks
P.S. Maybe it is not best to discuss this here at present if it exposes a weakness in Firefox.
Edeziri
It's possible to enable sync by logging in from web content, for example from the following page:
https://www.mozilla.org/en-US/firefox/accounts/
But it's not automatic, you still have to enter your credentials and sign-in, and we have protections in place against e.g. clickjacking.
In general, I'm not aware of any method by which sync might get enabled without a user explicitly logging in.
> Does Greasmonkey enable Sync by some method > other than the Firefox standard UI ?
No, not that I'm aware of.
> normally use Firefox Sync when it syncs scripts ?
Yes, I believe that greasemonkey's "sync scripts" option uses Firefox Sync, but it should only use it if you've actually signed in to sync in the browser.
> Maybe it is not best to discuss this here at present if it exposes a > weakness in Firefox.
That's also definitely true! If you think you've found a case where any of what I've said above doesn't seem to apply, it's probably prudent to move it into a security-sensitive bugzilla bug.