Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Does modzilla save passwords/bookmarks etc on their servers ?

  • 7 回覆
  • 3 有這個問題
  • 13 次檢視
  • 最近回覆由 capcomnz

more options

After the Opera "breach" http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/

Does Modzilla save bookmarks and/or passwords on its servers when sync is activated ? Are these secure? Can these be viewed (apart from viewing under Options->Security->Saved Logins) I know Chrome has a option of opening up Google Dashboard where it will advise of all saved data on its servers, under Google Sync. Is there a similar option for Firefox ??

I have deleted my old account and created a new on but only syn'd the bookmarks due to this Opera incident.

After the Opera "breach" http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Does Modzilla save bookmarks and/or passwords on its servers when sync is activated ? Are these secure? Can these be viewed (apart from viewing under Options->Security->Saved Logins) I know Chrome has a option of opening up Google Dashboard where it will advise of all saved data on its servers, under Google Sync. Is there a similar option for Firefox ?? I have deleted my old account and created a new on but only syn'd the bookmarks due to this Opera incident.

所有回覆 (7)

more options

hi capcomnz, if you are using firefox sync, your data will be encrypted locally on your device with a key derived from your firefox account password before it is sent to mozilla's servers - your account password is the only way to decrypt that data. if you want to learn more about the technical details about the sync protocol you can refer to its documentation at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol (in particular the section about "security analysis").

more options

Thanks for the reply Philipp but the technical stuff was way over my head. You said "that the data is encrypted locally on device .....before it is sent to Mozillas servers." So in theory the same thing that happened at Opera could happen here. The account passwords were possibly compromised, which lead to 3rd party site passwords being possibly compromised as well, through their sync system. Does that mean that when I deleted my old account all information was deleted and now I have setup a new account and only syncing bookmarks no 3rd party site passwords should be on Mozillas servers.

more options

hey again, i am not sure what kind of attack exactly happened with opera or what kind of security safeguards they are using, so i cannot comment on that.

but yes, what's cryptographically protecting your sync data is in essence your firefox account password, so we advise to pick a strong and unique password for that purpose. if i'm not mistaken we also recently introduced some form of 2-factor authentication so that when a new device wants to connect to your sync account you not only have to provide a password but also demonstrate control over your email account (by clicking a link on a confirmation mail).

i don't think that after closing an account the data is purged immediately (this happens on something like a daily interval) - but deleting an account destroys its encryption keys, so the encrypted blobs on the server become meaningless.

more options

capcomnz said

Does that mean that when I deleted my old account all information was deleted and now I have setup a new account and only syncing bookmarks no 3rd party site passwords should be on Mozillas servers.

How did you "delete" your old account? What exactly did you do?

more options

Hi jscher2000 I simply went under Options -> Sync and clicked on Manage Account That opened a website which gave several options like changing picture, display name, password but also Delete Account.

more options

That sounds conclusive to me. Especially if you were able to create a new account using the same email address.

more options

Actually i created a new account under a different email address and only syn'd bookmarks. That way I get them on my iPad as well.