We’re pleased to announce that the new version of Firefox Sync is available to test in Firefox Aurora. Current Firefox Sync users love the service, but have given us feedback that it wasn’t easy enough to setup or add devices, and in particular recover from a lost device. We listened to this feedback and built an easier way to safely synchronize data between the desktop and mobile versions of Firefox.
The new Firefox Sync makes it much easier to do initial setup and to add multiple devices. To test the new Firefox Sync you can simply enter an email address and choose a strong, memorable password in Firefox for Windows, Mac or Linux. Then you can easily add more computers or Android devices to sync.
How do I use the new Firefox Sync?
The new Firefox Sync feature is available in Firefox Aurora. For more details on how to test Firefox Sync, read this Sumo article.
We believe in trust through transparency, that’s why we’ve worked in the open to develop a strong security system around the new sync.
In simplifying the Firefox Sync set up and sign in flow, it was important not to compromise on the security of a user’s data. This release brings the same level of end to end encryption our current sync product employs, but is much easier to set up.
The key to improved convenience in the new Firefox Sync is data encryption based on a key that is derived from your password. This means the stronger your password is, the better your protection. We’ve taken this basic approach and hardened it in three ways:
First, client side key stretching is a technique that allows us to protect against man in the middle attacks, even when SSL credentials are compromised.
Second, end to end encryption means even if our servers are compromised, it is extremely difficult to access a user’s data.
And finally, public key cryptography and the BrowserID protocol allow for separation between authentication, authorization, and data storage servers – minimizing the number of servers that handle authentication material, and reducing our attack surface.
You can read a whole lot more about the security architecture of new sync in the technical documentation on github.
As with the previous version of Firefox sync, users still have the option to take their data with them and host their own sync service using the open source server-side software.
As we gain experience with this new security architecture, we’re eager to continue to find the best way to have both convenient data access and whole-system security.
We’re currently in the process of preparing the new Firefox Sync feature to ship to our browser users. After that, we’ll integrate synchronization features into Firefox OS.
Finally, to help build out additional Firefox Sync features more easily, we’ve created a robust account system for Firefox users and for partners to build on our user relationships. We are excited to explore what new services we can build on top of this system, to bring new interesting features to Firefox users. We promise to keep the Mozilla mission goals about putting users first, and advancing the open Web, in all service work we and our partners do.
Mark Mayo and Cloud Services Team