Slashdot Mirror

← Back to Stories (view on slashdot.org)

Weave... Mozilla Is Trying To Be More Social

Posted by CmdrTaco on from the how-about-trying-to-leak-less dept.

Cassanova writes "Weave is the newest Mozilla Labs project. It allows the user to save browser settings on Mozilla servers (Favorites, sessions, passwords, etc.) and load them from anywhere. With this project, Mozilla is trying to be an online services provider, which is an important step. But can Mozilla labs get over the privacy issues?"

13 of 156 comments (clear)

  1. so use encryption. by gbjbaanb · · Score: 4, Insightful

    anyone can get over the privacy issues, Mozilla just needs to encrypt the user's settings with a strong key and store the encrypted data to the server. Only the user can decrypt it (assuming he remembers his passphrase) and you're done.

    If you make this a non-optional feature then it can be touted as a big privacy win and people will surely be happier wit it. If you allow the passphrase to be stored locally then ease of use is solved too (obviously you'd still need to enter it if you used a browser not on your home PC, but that's ok).

    1. Re:so use encryption. by Negatyfus · · Score: 5, Informative
      Actually, that's what they do now. From the article:

      • We currently encrypt on the client all data that gets placed on the server, with an encryption passphrase that only the user knows.
      • We kept the server intentionally dumb and standards-based, so that anyone can set up a server for themselves and/or their friends or company.
    2. Re:so use encryption. by Henry+V+.009 · · Score: 3, Interesting

      I've always hoped that Google would make this an option with gmail. Encrypt all data stored on their servers, add encryption on sending, and they'd have a wonder application. Not that Google (owner of Doubleclick) makes any money from user privacy, of course.

    3. Re:so use encryption. by Nullav · · Score: 4, Insightful

      You're right. If only we could force them to release the source code or something, then we could just look.

      --
      I just read Slashdot for the articles.
    4. Re:so use encryption. by JustOK · · Score: 4, Interesting

      look and see the actual source code running, or look at what they say is the source code?

      --
      rewriting history since 2109
    5. Re:so use encryption. by Anonymous Coward · · Score: 5, Funny

      Paranoiaville, here we come! Who told you we were going there? How did they know? You told them, didn't you?!?!?
  2. I don't think they are by johannesg · · Score: 4, Funny

    After all, this is a magnificent opportunity to build the greatest list of porn links the world has ever seen!

  3. Useful enough? by headkase · · Score: 3, Informative

    I think it depends on personal preference. If it was opt-in and encrypted on your end before it was stored on Mozilla servers then they send you the (encrypted) data on local load of Firefox then you enter your secret password/phrase (or have it come out of the wallet or equivalent) to decrypt it, again, locally then there wouldn't be *any* privacy issues. And if you chose to use it it would definately come in handy for those instances where the OS unexpectedly borks itself on you and you have to reinstall. Then install firefox, enter your access code and at least that part it back to pre-bork settings.

    --
    Shh.
  4. If you haven't looked at Firefox 3... by FooAtWFU · · Score: 5, Informative

    If you haven't looked at Firefox 3 beta, there are some crazy new bookmark features, including "smart" bookmarks generated from frequently-visited sites and such. There's also bookmark tagging. This must fit in very nicely with the "weave" strategy.

    I'd be worried if I were del.icio.us. Not panicked, just worried. :)

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  5. host it yourself? by evilmoo · · Score: 4, Informative

    From the debugging logs, it seems like the information is just stored on a server via HTTPS+WebDAV. So if you control a web site (and you trust it more than you trust Mozilla), just change the Server Location (in Advanced Settings) from "https://services.mozilla.com/" to your own server. You will have to create a directory underneath that is the sha1sum of your account name, and it is up to you to set the permissions on the directory properly so that no one else can access it. Of course, this is all just an educated guess, but... "The rest is left as an exercise to the reader." :)

  6. Google Browser Sync by eht · · Score: 3, Informative

    Google Browser Sync

    And it's about as secure as your Google account already is. Whatever that means.

  7. Link by jpkunst · · Score: 4, Informative

    Link to the actual Mozilla Labs project page instead of to some blog: http://labs.mozilla.com/2007/12/introducing-weave/

  8. I should sue them by weave · · Score: 5, Funny

    I should sue them for profiting from my good name, damaging my reputation and causing confusion among the masses.