Firefox’s password store is something you’d like to share between computers, isn’t it? Save some site’s password on your laptop and have it become available on your desktop, or in your profile on a friend’s machine (don’t forget to set a master password!) . Same with bookmarks. Even if you’re not sharing, it’s nice to have a backup.
There are some issues that need to be resolved if you want to be able to do this:

  • You need central storage — storage reachable anytime, from anywhere.
  • You need intelligent synchronisation software.

Fits right into the cloud meme. Now, who do you trust to store your highly sensitive data? I’d trust no one, really, unless the data is completely useless to them and I have the opportunity to run the ’server side’ of the synchronisation software myself.
And that’s exactly how Weave, Mozilla Lab’s extension for Firefox functions. Your data is being encrypted, not just on the transport level, but more importantly: on the data level and it’s happening on your side of the link. Data is stored on Mozilla’s servers but to anyone but me — the one with the decryption key — it’s just gibberish. If anyone cracks these sync servers my passwords and bookmarks are still safe.

A side effect of the data being useless to anyone but me is that the data itself cannot be ‘monetized’. It cannot be mined. My collection of applepie recipe bookmarks cannot be sold to PieMogul®, Inc.
Equally, a search warrant to get the sync server operator to hand over all account info on users who bookmarked a certain bomb (or pie) recipe site is useless.
I do not have to go through or monitor a ‘Terms of Service’ to establish the fact that my data is safe. It just is, and it is a function of the technical mechanism, not one of competence, contract enforcement and relying on the justice-apparatus-du-jour. No amount of legal wording can change that fact. Paranoia? No! This is sidestepping paranoia. Take the encryption route and the very notion of paranoia becomes null and void — you simply don’t have to care.

Another interesting property is the possibility of running your own sync server because all software involved is free and open source. If for some reason Mozilla would fall into disfavour with me, or the other way around, I can just pack up and simply leave without losing my precious syncing functionality. That’s pretty much in compliance with the autonomo.us Franklin Street Statement — good stuff, check it out.

So what’s the catch? Nothing, for now. And I don’t expect there will be one in the future because of the inherent and self-evident guarantees described above.
Get this Firefox (3.5+) extension now, walk out on the street, and give three cheers to the great (nonprofit!) Mozilla Foundation.

Further reading:


Tags: , , , , ,