Sync privacy policy updated

Unread post by **Moonchild** » 2016-05-29, 11:35

We have updated the Sync privacy policy. Changes are not really material but considering they may impact some people, this announcement.

The full privacy policy can be found at http://www.palemoon.org/sync/privacy.shtml

Changes:

Corrected the mention of requiring a user name. We don't require user names for sync.
Clarified that your recovery key is in one case transmitted, but not in a recoverable way, when you use our key exchange server to quickly set up a new device with the 12-character code.
Updated our sync server location (was still stated to be in Germany, but the sync server is actually located in the U.S.A.)

snertev · Unread post by **snertev** » 2016-05-30, 08:04

Sincerely, the location of the sync server in the USA makes me a bit uncomfortable.

Before reading this message I was going to ask you where all servers (development, distribution, forum, ecc. ) were located because I had preferred they were under a clear European jurisdiction.

I know that all browsers facilities are located worldwide (Firefox in U.S.A. and a wide range of other nations, Google Chrome in God-knows-where, Opera in Norway and Poland, Vivaldi in Iceland and U.S.A.) and I don't trust a European hosting provider more than American or Chinese ones, but if (in this moment hypothetical) issues should arise, European Union laws that protect users are a lot better than any other.

It's just an personal opinion, of course.

Unread post by **Moonchild** » 2016-05-30, 08:17

The Sync server should be the least of your concern, considering even if it's seized for some sinister reason (which won't happen without a subpoena), it's impossible to get any user data off of it the way our sync works. Not even e-mails of the users can be distilled from the db if it was ever dumped.

It's in the USA because over 50% of our users are in the USA and its location there (east coast next to one of the major IXs) also makes it relatively low-latency for the entirety of Europe.

snertev · Unread post by **snertev** » 2016-05-30, 08:42

Moonchild wrote:The Sync server should be the least of your concern, considering even if it's seized for some sinister reason (which won't happen without a subpoena), it's impossible to get any user data off of it the way our sync works. Not even e-mails of the users can be distilled from the db if it was ever dumped.

It's in the USA because over 50% of our users are in the USA and its location there (east coast next to one of the major IXs) also makes it relatively low-latency for the entirety of Europe.

I know Pale Moon/FF sync method is a lot better than others. However, I always assume too that someone with enough resources and time can do anything if there is direct access to raw data and security/political/financial reasons to do so. Don't ask me how they may do so, but nevertheless that assumption is a dogma for me.

I'm not paranoid, just cautious.

Thanks for the info you gave me, but I think I won't use the sync function for the time being.

Unread post by **Moonchild** » 2016-05-30, 09:18

snertev wrote:Don't ask me how they may do so, but nevertheless that assumption is a dogma for me.

The skinny is:

e-mail is only used for authentication, so a one-way hash is all that is stored (your "sync user name" which you can also see in services.sync.username)
Passwords are similarly hashed and bcrypt encrypted and cannot be recovered.
User data is client-side encrypted with a client-stored secret, and all the server stores is encrypted blobs without knowing the secret or ever getting that entropy source.

There is, technically speaking, nothing to be got from the database. I'm well-aware of the risk of storing user data on external machines, and if it wasn't secure storage, I wouldn't be running it in a location I'd ultimately have no direct control over. Just standard best practice for security.
Literally the only thing that can be garnered from the server is the name you give to your devices in sync, and that being under your control as well as not linked to anything identifiable.

And... if you don't want a US-based server, then you can set up your own wherever you want!

snertev · Unread post by **snertev** » 2016-05-30, 09:57

Moonchild wrote:And... if you don't want a US-based server, then you can set up your own wherever you want!

Before I was talking about my personal Pale Moon version, but for my Office PCs this is really a good suggestion. We have a fiber Internet connection and a business contract with dedicated IPs so it would surely possible to put up a sync server for our employees.

Would you be so kind to point me to any in depth documentation, so that I can pass it to our internal techie?

Thanks in advance.

Unread post by **Moonchild** » 2016-05-30, 10:19

There is some basic documentation up on the wiki on GitHub:

https://github.com/MoonchildProductions/FSyncMS/wiki

When setting up Sync, you should use a "custom server"
Note that the server address -may- need to include /index.php/ similar to services.sync.serverURL, depending on the front-end used.

snertev · Unread post by **snertev** » 2016-05-30, 10:49

Moonchild wrote:There is some basic documentation up on the wiki on GitHub:

https://github.com/MoonchildProductions/FSyncMS/wiki

When setting up Sync, you should use a "custom server"
Note that the server address -may- need to include /index.php/ similar to services.sync.serverURL, depending on the front-end used.

Thanks!

Pale Moon forum

Sync privacy policy updated

Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated

Re: Sync privacy policy updated