Privacy/Features/Sync Compromise Alerts

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Sync Account Compromise Alerts
Stage Draft
Status `
Release target `
Health OK
Status note `


Product manager `
Directly Responsible Individual `
Lead engineer `
Security lead `
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks


Stage 1: Definition

1. Feature overview

This feature is intended to minimize the chance that adding a device to a user's sync account will go unnoticed. When a new device is set up in a user's sync account, we should alert the other devices on the account that a new device was added; this can be effectively used as account compromise detection, much like location of sign-in is monitored by Google's mail client and users are alerted when something "unusual" or "unexpected" happens.

This becomes more important as we start syncing more information so users know to which devices their information will be copied.

2. Users & use cases

  • Alice syncs her phone, laptop and desktop, then loses her phone. Eve finds the phone, uses the phone to set up a new "eavesdropping" device (via J-Pake setup flow, pairing Eve's desktop to Alice's phone) then returns the phone to Alice. Alice learns of this pairing only because her laptop and desktop are alerted about adding Eve's desktop.
  • Adam syncs his phone, laptop and desktop. He leaves his desktop unlocked one day at work and Eric pairs his phone to Adam's desktop. Without this feature, Eric could always tap into Adam's passwords and browsing history, but with this feature, Adam will receive alerts on his phone and laptop about Eric's pairing activity.
  • Anna syncs her phone, laptop and desktop. Edward notices her laptop unattended at a cafe (as she walks away to pick up her order) and quickly pairs his laptop to hers. Although she doesn't store passwords in sync, Edward is able to modify her bookmarks to her banking sites so that when she clicks them she connects to his phishing sites instead. When he syncs his laptop, the malicious bookmarks are synced out to all of her devices.

3. Dependencies

This can be implemented by itself, but the alerts could be generated inside the clients and pushed to the other devices using Services/Sync/Push_to_device.

4. Requirements




Stage 2: Design

5. Functional specification

When a new device is set up on an account using username/password/sync-key, all other devices paired with the account receive and display alerts about the sync event.

When a new device is set up on an account using pairing (J-Pake), all devices not involved in the transaction (all but the new one and the host device) are alerted.

6. User experience design


Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority Unprioritized
Rank 999
Theme / Goal `
Roadmap `
Secondary roadmap `
Feature list `
Project `
Engineering team `

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `