mozilla-lockwise.github.io icon indicating copy to clipboard operation
mozilla-lockwise.github.io copied to clipboard

Published 20 hours ago verified publisher icon mozilla-lockwise

FAQ: Add clarifications about where data is stored

Open VichoReyes opened this issue 6 years ago • 4 comments
trafficstars

What happens if I lose all my devices simultaneously (for example, if I'm carrying all of them in the same bag)? Do I lose access to all my passwords? Or are they backed up in the cloud (assuming I remember my firefox account credentials)?

These kind of questions should be answered in the FAQ, I think.

VichoReyes avatar Jun 30 '19 18:06 VichoReyes

It's stored "in the cloud". But that's an extremely vague term. I want to know exactly what is stored, how, and where. Both for educational and trust purposes. All I could find in the faq was

What security technologies does Firefox Lockwise use?

That doesn't really tell me much. It's like saying "I'm using blue ink, so you can trust me not making any spelling errors."

I went searching for an answer. I couldn't find the source for the server, or an API for 3rd parties to use. I tried reading the lockwise-addon source, but the closest I came was background/datastore.js and the call to browser.experiments.logins.add. But I couldn't find it's implementation.

CharString avatar Jul 11 '19 07:07 CharString

It's stored "in the cloud". But that's an extremely vague term. I want to know exactly what is stored, how, and where.

The addon simply uses the browser.logins API, keeping in mind the FAQ you're reading is largely aimed towards the mobile apps and not the addon (as the addon is basically improved UX/UI on top of what's already well documented about how the browser works). This may be a better place to start: https://support.mozilla.org/en-US/kb/where-are-my-logins-stored

And sorry if it's not obvious but Firefox Sync is the product name of the technology that's always been used to synchronize your passwords between Firefox browsers and other products such as Lockwise. I think you'll find many of these questions and much more about the Sync technology itself but this may also be helpful: https://support.mozilla.org/en-US/products/firefox/sync

Adding references to other related documentation such as these is certainly a good idea. Thanks for suggesting this @esclerofilo @CharString. 👍

devinreams avatar Jul 11 '19 17:07 devinreams

@devinreams Thanks. Now that I know it's name I found this gem of information https://mozilla-services.readthedocs.io/en/latest/sync/overview.html

CharString avatar Jul 15 '19 12:07 CharString

More reason to be very thorough when explaining how firefox interacts with lockwise, specially if you claim a firefox without sync will show "lockwise" on the UI when it actually isn't using it at all (which is different to having the data pass-through lockwise, which is still a security issue), the faqs are extremely vague.

gia257 avatar Dec 30 '20 10:12 gia257