Should I use firefox sync in librewolf, Is it private enough?
from checksout@piefed.social to privacy@lemmy.ml on 17 Mar 2025 08:01
https://piefed.social/post/549199
from checksout@piefed.social to privacy@lemmy.ml on 17 Mar 2025 08:01
https://piefed.social/post/549199
Following video of thelinuxexperiment and all the news against mozilla.
I finally switched to librewolf completely.
I exported and imported all kind of data too.
But I want to use ffsync only to keep my mobile (android) in sync with my pc (want to sync history also so flocuss etc will not work)
So I want to enable ffsync in librewolf
I have seen faq but as mozilla recently introduced their terms of usage (and all the hate against it)
Is it still private enough to use ffsync? what can be downsides?
threaded - newest
The same that pushed you to stop using FF the browser to begin with?
I mean, if you worry about FF/Mozilla doing naughty things with your browsing data, should you not worry as much if not more about the data you ask them to sync for you and save on their very own servers?
For the time being, it’s not a definitive decision as I’m waiting to see what they will do next, I’ve quit using FF (using Waterfox instead) and for me not using FF obviously also meant to stop using their sync feature.
But i heard
Sync feature encrypts data on client side
And it is end to end encrypt
You still need to log into their servers and thus provide them a lot of meta-data, like IP addresses, when and approximatly where you are using your browser, on how many devices etc.
Hmm,
Will self hosting sync solve the problem??
Btw this metadat collection will happen anyway if you use addons (though not linked to your account)?
Yes, in theory, but in praxis no because self-hosting the sync server alone still depends on the centralized auth server from Mozilla, and self-hosting that as well is possible but complicated. It’s sadly a mess, and you might be better off not using Firefox sync at all.
As for your other question, depends on the specific addon, but usually no.
You can self-host Firefox sync
Last time I heard about the possibility it seemed a bit hacky, did it get easier by now?
Have a look at YunoHost.
No idea - this is my firefox sync NixOS config, in its entirety:
age.secrets.ffsync.rekeyFile = secrets.ffsync; services.firefox-syncserver = { enable = true; secrets = config.age.secrets.ffsync.path; settings.hostname = "localhost"; singleNode = { enable = true; hostname = "0.0.0.0"; capacity = 2; }; };I wonder if it still needs account management on Mozilla server or on your own. May I?
Yeaaaaaaahh the auth thing is really, really complicated to selfhost. There’s a docker project out there that apparently makes it possible, but… No idea. FOr the time being I still use FF’s auth - that’s still an improvement though: Mozilla knows that I am logging in / from what kind of device, but not the content or amount of what I sync.
Can I self host it from termux for localhost only??
Without need of domain and other resources??
Probably… I mean, I’d at least start it in a systemd service, but sure, you don’t need a domain.
But of course your mobile won’t be able to access that domain outside your network
You say you’ve already read Librewolf’s FAQ, so I can skip over what they’ve provided in their response.
The only possible downside I could see would be that your encrypted data is stored on Mozilla servers. Which isn’t a very major downside–it’s properly end-to-end-encrypted. This is mentioned both by Mozilla themselves, as well as in the Librewolf docs. This is the only downside I can see right now, but for the paranoid, it might be worth looking toward the future; who knows, maybe some day, Firefox will randomly decide to disable E2EE for Firefox sync. That could be a potential downside down the road. But I find that to be pretty unrealistic… I honestly can’t see a lot of ways for Mozilla to screw this up.
If the prospect of relying on Mozilla servers still makes you uncomfortable, then you can self-host a sync server, but it’s not exactly a quick setup. They do provide a Docker method of installation, at least. The sync server code is found here, along with installation instructions for self-hosting and how to connect it to Firefox/Librewolf/other derivatives: github.com/mozilla-services/syncstorage-rs
So I should use ffsync for now i guess.
Is there any info regarding what unencrypted metadata they can link to me i use ff account?
I’ve set up the sync server but it is definitely a pain in the ass.
The alternative to Mozilla sync is eg. Filen, an German Opensource encrypted, no knowledge cloud service. 10GB for free forever, for more see pricing
github.com/FilenCloudDienste
I use filen actively
But, how to use it as an Alternative to firefox sync??
Firefox, same as any other Browser, has a local folder with all the settings, bookmarks and passwords, this is the folder which you have to sync with your other devices. Firefox sync don’t do other thing, but with Mozilla and not with Filen.
But I cannot access this folder on Android?
Otherwise I had used Syncthing.
In this case the only alternative is to use Vivaldi instead of FF forks, it has an own EE2E no knowledge sync in all devices.
Wont work if its PC Smartphone combo
Shameless plug about my own lemmy post about filebased FF sync: lemmy.ml/post/27254722
That’s like not using Google but using drive
Is not ffsync encrypted??
I guess the downside is
1. Unencrypted metadata
2. Projected future
It’s nothing at all like using Drive, because the payload is encrypted.
I just set up my own sync server. It is dead simple with docker compose and pretty well described on their git page.
Getting my own auth server up and running was a bit more difficult, but it is absolutely doable. There a a few ppl who have made scripts to ease the task. You can find them on github.