Our Design Principles
- Data stored on the server should be as private, and as safe, as data on your personal computer or device
- Data is encrypted on the client by default, using a passphrase known only to the user
- Server operators are unable to disclose information, because they can't read it.
- Securing the personal computer is still important, and is the user's responsibility: a master password and proper care to run only trusted software are still critical.
The Weave services were designed to be safe enough to store the same information that lives on your personal computer or device. For the Sync application, this includes the password file, browsing history, and form history of your browser.
Our goal was to make sure that we could not disclose this information. To make this happen, we employed a layer of client-side encryption that is beyond what normal websites employ.
The Weave passphrase is what makes this work. Remember, your browser knows your passwords and form history already: it's all decrypted, in your local memory. Using the passphrase, we encrypt your information on your local computer. We then use industry-standard SSL to relay the encrypted information to the server. Your Weave account, which keeps the encrypted data organized, is protected by the username-password you select. (In practice, we actually end up using an encrypted key chain, which allows other devices to decrypt your information, once they have your passphrase: more details below).
So, if somebody were able to get your username and password, all they could get is your encrypted data records. They would then need to know your passphrase to decrypt your data. Now, getting access to the encrypted data could enable certain kinds of analysis, so it's important to keep your password safe, but the passphrase is the really important key.
None of this removes the need for good personal computer security, of course! We strongly recommend that you enable a Master Password for your Firefox, which causes your passwords and form history to be encrypted; this will protect you if your computer is stolen or is infected with a trojan. We also strongly recommand that you only run addons from trusted sources, as Firefox addons have broad access to sensitive data through internal APIs. If you're interested in our efforts to create a more secure internal API for addons, please check out the Jetpack project.
If you are a developer, you can get a detailed explanation of the cryptographic processes used in Weave on the Developer Crypto page.