Comment Re:Wait a second, this is very interesting. (Score 3, Informative) 109
Nope, only the phone division of Nokia was sold to Microsoft... this product is by one of the other divisions of Nokia not part of Microsoft.
Nope, only the phone division of Nokia was sold to Microsoft... this product is by one of the other divisions of Nokia not part of Microsoft.
I've been using BitTorrent Sync for a year or so now. The main feature that was missing for me was the ability to set up an untrusted node which does not get access to the unencrypted data but can serve as a fast 24/7 proxy and backup system.
This functionality has now been added, although it's still in beta and only officially available in the API, not in the client... but a very simple hack makes it available in the client. This opens BitTorrent Sync open to 3rd party sync providers or cheap VPS.
The interface is still a bit quirky and designed for techies, but has also improved over time. Overall very happy with BitTorrent Sync.
I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.
Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.
With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.
If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...
Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.
The Mozilla devs seem to think that disk encryption is a better solution than an encrypted password file... but they forget that an encrypted disk does not protect against vulnerable/malicious applications reading your password file. Or leaving you computer unlocked for a few minutes. The old sync version will be removed 'as soon as possible' (in the dev's words) so at that point we'll have to choose between not upgrading, not sync'ing or not locally encrypting the password file.
Please consider voting for the bug on Bugzilla. This might help too: https://input.mozilla.org/en-US/feedback.
So, the new FF finally implemented a more userfriendly sync functionality. Apparently less than 1% of its users was using the old (but very secure system). The new sync system is (unsurprisingly) similar to Chrome's sync system: you create an account, when you log in your info is encrypted based on your account password and uploaded to Mozilla's servers.
What I cannot get my head around is that Mozilla claims they cannot access your data (as they don't know your password) but that they are able to reset a lost password... how can that be a secure system??
Also, in the new version it's no longer possible to use a master password... if you want to use sync all your password will be in plaintext (well, obfuscated) in FF's password file. Any malicious or vulnerable application can get access to ALL your passwords. https://bugzilla.mozilla.org/show_bug.cgi?id=995268
Doesn't sound like an improvement to me...
Combination of Firefox with master passport (for password encryption) and Weave (for passport syncing/backup) works for me...
http://mozillalabs.com/weave/
Say "twenty-three-skiddoo" to logout.