Slashdot Mirror

← Back to Stories (view on slashdot.org)

Weave... Mozilla Is Trying To Be More Social

Posted by CmdrTaco on from the how-about-trying-to-leak-less dept.

Cassanova writes "Weave is the newest Mozilla Labs project. It allows the user to save browser settings on Mozilla servers (Favorites, sessions, passwords, etc.) and load them from anywhere. With this project, Mozilla is trying to be an online services provider, which is an important step. But can Mozilla labs get over the privacy issues?"

32 of 156 comments (clear)

  1. so use encryption. by gbjbaanb · · Score: 4, Insightful

    anyone can get over the privacy issues, Mozilla just needs to encrypt the user's settings with a strong key and store the encrypted data to the server. Only the user can decrypt it (assuming he remembers his passphrase) and you're done.

    If you make this a non-optional feature then it can be touted as a big privacy win and people will surely be happier wit it. If you allow the passphrase to be stored locally then ease of use is solved too (obviously you'd still need to enter it if you used a browser not on your home PC, but that's ok).

    1. Re:so use encryption. by Negatyfus · · Score: 5, Informative
      Actually, that's what they do now. From the article:

      • We currently encrypt on the client all data that gets placed on the server, with an encryption passphrase that only the user knows.
      • We kept the server intentionally dumb and standards-based, so that anyone can set up a server for themselves and/or their friends or company.
    2. Re:so use encryption. by Anonymous Coward · · Score: 2, Insightful

      This is slashdot, don't expect anyone to RTFA.

    3. Re:so use encryption. by Henry+V+.009 · · Score: 3, Interesting

      I've always hoped that Google would make this an option with gmail. Encrypt all data stored on their servers, add encryption on sending, and they'd have a wonder application. Not that Google (owner of Doubleclick) makes any money from user privacy, of course.

    4. Re:so use encryption. by Nullav · · Score: 4, Insightful

      You're right. If only we could force them to release the source code or something, then we could just look.

      --
      I just read Slashdot for the articles.
    5. Re:so use encryption. by JustOK · · Score: 4, Interesting

      look and see the actual source code running, or look at what they say is the source code?

      --
      rewriting history since 2109
    6. Re:so use encryption. by caferace · · Score: 2, Insightful

      Build it yourself from source, and run it on your own server. Gosh.

    7. Re:so use encryption. by xenocide2 · · Score: 2, Informative

      It wouldn't matter. At some point, email is transmitted in the clear. Either you trust Google or you don't. If you don't trust Google, they're receiving all your mail in the clear, so they're already capable of violating your "privacy". If you do trust them and still want your data encrypted, you're not getting much benefit -- the data still goes to recipients in the clear, and they can still receive copies.

      You're probably better off with thunderbird or evolution or something and gmail IMAP, where you can store private keys safely for decryption without Google having access.

      --
      I Browse at +4 Flamebait

      Open Source Sysadmin

    8. Re:so use encryption. by Anonymous Coward · · Score: 5, Funny

      Paranoiaville, here we come! Who told you we were going there? How did they know? You told them, didn't you?!?!?
  2. I don't think they are by johannesg · · Score: 4, Funny

    After all, this is a magnificent opportunity to build the greatest list of porn links the world has ever seen!

    1. Re:I don't think they are by Anonymous Coward · · Score: 2, Funny

      no way, I'm not sharing and I'm responsible for over 30% of internet masturbation!

  3. online, online, and online again by Paolo+DF · · Score: 2, Interesting

    I understand that all this online frenzy hit all major players in the IT field, but I still think that the Internet as it is now is not ready for this, and, in parallel, a lot of people don't feel ready for this.
    By the way, good luck to Mozilla; it is always good to have more than one player.

    --
    Pumbaa! I don't wonder; I know.
    1. Re:online, online, and online again by KlaymenDK · · Score: 2, Insightful

      I think anything that can make a computer workstation as generic as a television is a good idea; the challenge lies in handling the user data/settings. If everything was online and online again, you would not need X-on-a-stick but only to log in to your online profile from any workstation.

      Hm, imagine that. Having a workstation that from the ground up is equipped to handle roaming users, even across the internet. There would be issues with compatibility and installed software, but assuming the basics (OS login, browser bookmarks, yadda yadda) it would be a fair step towards ubiquitous computing. Ah, the future ... are we there yet? Are we there yet? Are we there yet?...

      --
      "Good news, everyone!"
    2. Re:online, online, and online again by Enleth · · Score: 2, Funny

      Well, you can pry my self-contained, customised ultraportable laptop from my dead, cold hands. And only then. I have yet to see a web-based application that is as fast and convenient to use as a native program and doesn't get in the way due to being a slightly overpowered web page. And I have yet to see two (let alone any more) separate web applications that have a consistent look&feel, which is a critical feature of any *work*station, that is, a computer used for doing some kind of *work*, not wasting time on MySpace. I see a very, very long way for this whole "web-based" hype to produce something serious enough...

      --
      This is Slashdot. Common sense is futile. You will be modded down.
    3. Re:online, online, and online again by KlaymenDK · · Score: 2, Insightful

      True, that. The eye candy is always the first thing to go in, and the productivity last (if at all).

      --
      "Good news, everyone!"
  4. Useful enough? by headkase · · Score: 3, Informative

    I think it depends on personal preference. If it was opt-in and encrypted on your end before it was stored on Mozilla servers then they send you the (encrypted) data on local load of Firefox then you enter your secret password/phrase (or have it come out of the wallet or equivalent) to decrypt it, again, locally then there wouldn't be *any* privacy issues. And if you chose to use it it would definately come in handy for those instances where the OS unexpectedly borks itself on you and you have to reinstall. Then install firefox, enter your access code and at least that part it back to pre-bork settings.

    --
    Shh.
  5. I wouldn't use this by caluml · · Score: 2, Insightful

    I wouldn't use this. After all, the bookmarks I have at home are different from the ones I have at work. :)
    I can't envisage a time when I'd need this. Plus it's very easy to SCP my bookmarks.html from my PC at home if I need them - or a simple SSH and grep to find the precise one I want. A solution in search of a problem?

    --
    Get your own free personal location tracker
    1. Re:I wouldn't use this by noamt · · Score: 2, Insightful

      Not a solution in search of a problem, but maybe a solution you (and others) don't need. You have SCP/SSH set up, 99.9% of the people don't.

      Google also have such a thing, can't remember what they call it but there's a Firefox extension. So it's nothing new either.

  6. If you haven't looked at Firefox 3... by FooAtWFU · · Score: 5, Informative

    If you haven't looked at Firefox 3 beta, there are some crazy new bookmark features, including "smart" bookmarks generated from frequently-visited sites and such. There's also bookmark tagging. This must fit in very nicely with the "weave" strategy.

    I'd be worried if I were del.icio.us. Not panicked, just worried. :)

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  7. Re:I dislike by ParaShoot · · Score: 2, Informative

    Why? What would you rather see - "she" written throughout the article? How would that be any better? "It"? "He/she" or "s/he" everywhere? Cumbersome and ugly. "They"? Grammatically incorrect, despite being used everywhere. "One" just sounds weird and formal (and the article isn't written in German).

    An arbitrary choice was made. Pick "he" sometimes and "she" at other times, if it bothers you that much. More importantly, stop making big issues out of nonexistent ones - you understood the article, didn't you? Language is about communication; people being arsey about things like this are missing the point entirely.

    /rant

  8. Privacy issues? What privacy issues? by One+Childish+N00b · · Score: 2, Insightful

    If you don't want to use it, don't download the extension. To use it, you have to:

      - Go to a site
      - Create an account
      - Download an extension (on every single computer you use)
      - Put in your username and password (again)
      - Put in a private encryption passphrase
      - Manually click the 'Sync' button.

    Only then will it start automatically updating your bookmarks. If you have privacy issues about uploading your bookmarks to Mozilla's servers, then you can quite easily back out at any of these points, or not bother at all. If the fear is that they will share your bookmarks, then simply don't give them any to share. This is not a feature that is on by default, and the blog linked to even specifies that, if you're that paranoid about giving them your data, there will be a way to set up your own Weave server, so no-one but you will be able to know you visit PissMidgets.com

    Slightly sensationalist article methinks.

    --
    Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
  9. They need to focus on maintenence, too. by Anonymous Coward · · Score: 2, Insightful

    There are a lot of new features in Firefox 3. But there has also been a serious neglect of the maintenance aspect of software development.

    I know maintenance is not as glorious as adding new features, but it's still very important with each new release to fix the problems that were found with previous versions (or at least verify that such problems no longer exist).

    While some small number of people might like these new bookmarking capabilities, I think they should have spent more time on fixing some of the issues plaguing the core of their browser: excessive memory usage, memory fragmentation, excessive CPU utilization, and segfaults. Fixing those would help every user.

    1. Re:They need to focus on maintenence, too. by bunratty · · Score: 2, Informative

      They have been spending lots of time fixing those issues. Are there any specific bug reports you think should be addressed? Any particular site or feature you're having a problem with?

      If you cannot or will not track down the problems you're complaining about, and they persist even after creating a new profile and trying other fixes in the MozillaZine Knowledge Base and asking for help in the MozillaZine Forums, you should simply switch to another browser. Why put up with serious problems when there are so many other browsers to choose from?

      --
      What a fool believes, he sees, no wise man has the power to reason away.
    2. Re:They need to focus on maintenence, too. by bunratty · · Score: 2, Informative

      No, creating a new profile does not cause you to lose any information. You can import your old settings to the new profile.

      The advice to create a new profile also has nothing to do with memory leaks in Mozilla software. If you're experiencing bugs in Mozilla software, you'll still see them with a new profile. If creating a new profile fixes a problem, it was due to a bad extension or other bad setting. In some rare situations, it may be possible that a perfectly reasonable setting triggers a bug in Firefox. If you see that is the case, simply point out the problem by posting to the MozillaZine forums or filing a bug report in Bugzilla, then the problem can be fixed.

      If you still experience problems after creating a new profile and following the other basic advice in the Knowledge Base, and posting about the problem in the MozillaZine forums also doesn't help, then yes, a user should consider changing to another browser.

      --
      What a fool believes, he sees, no wise man has the power to reason away.
  10. Re:I dislike by McDutchie · · Score: 2, Interesting

    Why? What would you rather see

    Yo.

  11. Re:Id like to see by One+Childish+N00b · · Score: 2, Interesting
    [I'd like to see] a way to save bookmarks, etc on *MY* server. (By "My server", I mean my personally owned and operated FreeBSD box I have colo'ed', not what the average moron might mean where they confuse 'server' with 'service provider' and use 'my server' to refer to their ISP)

    From TFA:

    We kept the server intentionally dumb and standards-based, so that anyone can set up a server for themselves and/or their friends or company.
    --
    Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
  12. host it yourself? by evilmoo · · Score: 4, Informative

    From the debugging logs, it seems like the information is just stored on a server via HTTPS+WebDAV. So if you control a web site (and you trust it more than you trust Mozilla), just change the Server Location (in Advanced Settings) from "https://services.mozilla.com/" to your own server. You will have to create a directory underneath that is the sha1sum of your account name, and it is up to you to set the permissions on the directory properly so that no one else can access it. Of course, this is all just an educated guess, but... "The rest is left as an exercise to the reader." :)

  13. Google Browser Sync by eht · · Score: 3, Informative

    Google Browser Sync

    And it's about as secure as your Google account already is. Whatever that means.

  14. Re:Id like to see by One+Childish+N00b · · Score: 2, Informative

    I hate to want to reply to own post, but just in case you think TFA is just some goof with a Blogspot blog, the original quote is from Mozilla Labs, specifically from Dan Mills, a FireFox dev and former Novell engineer - definately not the average moron.

    --
    Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
  15. Opera? by JLennox · · Score: 2, Informative

    I'm suprised at the lack of mention that Opera has had this feature since September.

  16. Link by jpkunst · · Score: 4, Informative

    Link to the actual Mozilla Labs project page instead of to some blog: http://labs.mozilla.com/2007/12/introducing-weave/

  17. I should sue them by weave · · Score: 5, Funny

    I should sue them for profiting from my good name, damaging my reputation and causing confusion among the masses.