Firefox Home Options

From MozillaWiki
Jump to: navigation, search

Unencrypted Data on the Firefox Home Servers

The most ideal setup for us is to be able to do a sync session from the Firefox Home servers directly to the Sync Servers. Just like any other sync client would. This means that we run a sync session and store the unencrypted records on our own servers. This allows us to easily put a web service on top of those and to run online and offline queries on the user's data.

Pros

  • We have access to unencrypted and normalized sync data, which means we can easily query it, prepare results offline and do full text search on the server
  • This is a simple setup, we just need to run a sync client and database servers to store the unencrypted data

Cons

  • We store unencrypted data on servers hosts by Mozilla
  • We have to store encryption keys for the collections that we sync somewhere so that we can run a sync client. (Either on Firefox Home infrastructure or in the Sync Infrastructure)

Crypto and Storage in Native Client

We write native sync clients for the platforms that we are interested in. These native applications can then implement the Firefox Home functionality either natively or expose the sync data to a web view that renders it. We could write a universal web app that interfaces with the native application through a common API that is implemented on all platforms.

Pros

  • We do not store unencrypted data on servers hosted by Mozilla
  • User is in total control of his data
  • For extra security we can use an encrypted SQLite database on the client
  • Less dependency on Firefox Home server infrastructure
  • We already have a sync client for iOS

Cons

  • We are limited to platforms for which we can/want to write a native sync client
  • Have to maintain multiple code bases for multiple platforms (C++, Objective-C, C#, Java)
  • Not all platforms have a solid webview/native-code bridge (Like iOS)
  • This is not a web application

Crypto and Storage in the Browser

We run a Sync Client in the browser, implemented in JavaScript. This means that we talk the standard Sync protocol to grab sync data, decrypt the records and store the data in local storage. We run queries against a locally stored copy of the data.

Pros

  • We do not store unencrypted data on servers hosted by Mozilla
  • User is in total control of his data
  • Less dependency on Firefox Home server infrastructure

Cons

  • Decryption of AES256/HMAC-SHA256 data may be slow on mobile devices
  • Local storage is not well deployed and limited
  • Not all mobile browsers are capable of crypto and/or local storage, which leaves some out
  • People would have to sync while having the app open: no 'instant on' experience
  • No ability to sync in the background, the web app will have to be open