CCing also sync-dev... On Mon, Sep 7, 2015 at 11:01 PM, Domenico Andreoli < [email protected]> wrote:
> On Mon, Sep 7, 2015 at 1:14 AM, Ryan Kelly <[email protected]> wrote: > >> On 4/09/2015 02:37, Domenico Andreoli wrote: >> > Hi sync-dev, >> > >> > I'm here to manifest my total disappointment in the New Firefox Sync. >> >> Thanks for reaching out, Domenico. Feedback is always valuable, both >> positive and negative, and we do take all feedback to heart - even if we >> can't always give people what they want. >> > > thanks for replying. > > >> >> > What I dislike of it? The usage of the email to create an account in the >> > cloud. I will _never_ do a thing like saving my bookmarks in the cloud >> > using an account linked to an email. >> > >> > I was so happy that Firefox found the way to use the cloud safely and >> > anonymously. It was fantastic. Firefox was the only to get this thing >> right. >> >> The previous version of sync *did* require you to create an account. It >> was a lot less noisy about it though - for example, I don't believe the >> old sync system ever required you to verify ownership of the email >> address you entered at signup. >> > > then I completely removed the email fact, which says how much I am truly > in the details... > > what I wanted (and still would like) to see is a system that allows me to > anonymously store my data online, using some random data as identification > token. every time I want to connect a new device to my synched devices, I > just need one of them to create some challange that is then entered into > the new one. a kind of generalized pairing inspired to the BT one. > > you know, the mechanism used in what I recall was the old firefox sync > (but without email, that I still don't remember to have entered) maybe I > just saw (or remember) what I wanted to see. > > > It was not the easiest. It was not possible to recover lost credentials. >> > There were for sure other unpleasant consequences in making it private >> > thanks to maths but I felt it safe. >> >> If you're willing to share, I'd love to hear more about your view on the >> differences between the two systems, and why the new sync feels less >> safe than the old. >> > > I explained above what I suppose to remember about the previous sync > mechanism. it looks carefully avoiding emails and other personal data as > identification token. > > so the main difference between it and another using email as identifier > would be exactly... the usage of the email as identifier (assuming that the > new one use the email as identifier, of course) instead of a safer "random > data of the day". > > >> Is it just the requirement of a verified email address that bothers you, >> making the system less anonymous? Or are you also concerned that e.g. >> the encryption in the new system may not be providing as much protection >> as it did in the old? >> > > email addresses bother me a lot, they are the true online identities. > whatever points to the same email address, it points to the same person. > the only way I see to restore anonymity when an email is involved is by > using random emails but they don't exist (disposable email are not > suitable) and would be rather difficult to anonymously maintain them. > > >> Cheers, >> Ryan >> > > cheers, > Domenico > >
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
