Introducing Firefox Sync centered around user privacy

by Melisha Dsouza on November 14, 2018

“Ensure the Internet is a global public resource… where individuals can shape their own experience and are empowered, safe and independent.”
-Team Mozilla

Yesterday, Firefox explained the idea behind Firefox Sync as well as how the tool was built keeping in mind user’s privacy. Because sharing data with a provider is a norm, the team found it important to highlight the privacy aspects of Firefox Sync.

What is Firefox Sync?

Firefox Sync lets a user share their bookmarks, browsing history, passwords and other browser data between different devices, and send tabs from one device to another. This feature re-defines how users interact with the web. Users can log on to Firefox with Firefox sync, using the same account across multiple devices. They can even access the same sessions on swapping devices.

With one easy sign-in, Firefox sync helps users access their bookmarks, tabs, and passwords. Sync allows users logged on from one device to be simultaneously logged on to other devices. Which means that tasks that started on a user’s laptop in the morning can be picked up on their phone even later in the day.

Why is Firefox Sync Secure?

By default, Firefox Sync protects all user synced data so Mozilla can’t read it.

When a user signs up for sync with a strong passphrase, their data is protected from both attackers and from Mozilla. Mozilla encrypts all of a user’s synced data so that it is entirely unreadable without the key used to encrypt it. Ideally, even a service provider must never receive a user’s key. Firefox takes care of this aspect when a user signs into their Firefox account with a username and passphrase which are sent to the server.

Sponsorships Available

Traditionally, on receiving the username and passphrase at the server, it is hashed and compared with a stored hash. If a match is found, the server sends the user his data.

While using Firefox, a user never sends over their passphrase. Mozilla transforms a user’s passphrase on their computer into two different, unrelated values such that the two values are independent of each other. Mozilla sends an authentication token, derived from the passphrase, to the server which serves as the password-equivalent. This means that the encryption key derived from the passphrase never leaves a user’s computer.

In more technical terms, 1000 rounds of PBKDF2 is used to derive a user’s passphrase into the authentication token. On the server size, this token is hashed with scrypt so that the database of authentication tokens is even more difficult to crack.

The passphrase is then derived into an encryption key using the same 1000 rounds of PBKDF2. It is domain-separated from the previously generated authentication token by using HKDF with separate info values. This key is used to unwrap an encryption key (obtained during setup and which Mozilla never see unwrapped), and that encryption key is used to protect a user data. The key is used to encrypt user data using AES-256 in CBC mode, protected with an HMAC.

Source: Mozilla Hacks

How are people reacting to this feature?

Sync has been well received by customers. A user on Hacker news commented how this feature makes “Firefox important”. Sync has also been compared to Google Chrome since Chrome’s sync feature collects their users’ complete browsing histories.
One user commented on how Mozilla’s privacy tools will make him “chose over chrome”.
And since this approach is relatively simple to implement, users are also exploring the possibility of “implement a similar encryption system as a proof of concept”.

In a time where respecting the privacy of a user is so unusual, Mozilla sure has caught our attention with its approach to be more “user privacy-centric”.

You can head over to Mozilla’s Blog to know other approaches to building a sync feature for a browser and how Sync protects user data.