Basilisk to abandon Firefox Accounts

Board for discussions around the Basilisk web browser.

Moderator: Basilisk-Dev

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Basilisk to abandon Firefox Accounts

Unread post by Moonchild » 2018-12-18, 11:10

The next version of Basilisk will no longer support Firefox Accounts and Sync 1.5 like before, and will integrate the time-tested Sync 1.1 synchronization method instead, defaulting to the Pale Moon Sync server.

The reasoning behind this:
The only entity that can reasonably run Firefox Accounts (FxA) and its tied-in Sync 1.5 is Mozilla, due to its complexity and resources required server-side.
Considering that fact and the fact that they are tightening up all their service use for non-MozCo clients, it's likely only going to be a matter of time before non-MozCo clients are going to be stopped at the door. In addition, this service is at the whim of arbitrary changes to cater to Firefox browser changes, which is already impacting Basilisk's use of the service.

Conversely, Sync 1.1 (Weave) is an open system that can, has been and is being implemented in custom installations everywhere (FSyncMS, OwnCloud, etc.).

Add to that the fact that FxA is less secure[1] than Weave in terms of safeguarding encryption keys and keeping entropy sources private.

This can simplify UXP's Sync client considerably and make it a single synchronization client for all applications without unnecessary complexity and bugs.

This means that your use of Firefox Accounts (FxA) will no longer be possible and you will have to set up a new account with the Pale Moon Sync server if you want to continue to use synchronization with Basilisk. Syncing with Firefox instances will no longer be possible from this point forward. We're sorry if this causes you any inconvenience and if your use of FxA is imperative for you, then you should switch to an official Mozilla Firefox browser to make use of the official Mozilla Firefox service.

[1] Sync 1.1 (Weave) never sends your encryption key (entropy source) to be stored on any server. Firefox Accounts does. While there is a (complex) system in place to make discovery server-side of the key non-trivial, it does not protect in any way against someone getting your encryption key from the server if they compromise your simple login (user+password) to the FxA service, which in turn would give an attacker access to all your stored bookmarks, history, form data and passwords. The only way Sync 1.1 data can be decrypted is with the key that is only stored on your computer and nowhere else. This means that even if your Sync account credentials were to be compromised, an attacker still cannot decrypt any data stored on the Sync server (and neither can Sync server operators, for that matter, for any reason). Even the "simple setup" with the 12 character key to link another browser to your account does not expose anything to a server: J-PAKE is a secure 3-party juggling system that makes the server involved have 0-knowledge handing data from one client to another -- even if so, the server in question (operated by us) only stores this encrypted temporary data in volatile memory which is discarded immediately when the exchange is complete.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
rodndtube
Fanatic
Fanatic
Posts: 122
Joined: 2017-08-30, 13:06

Re: Basilisk to abandon Firefox Accounts

Unread post by rodndtube » 2018-12-18, 16:21

Moonchild, I stumbled across this notice somewhat by accident. Please include the notice during the next Basilisk update and maybe send a forum-wide notice to everyone. Thanks!

I have an existing Pale Moon account but Basilisk has been my primary account and has all of my current bookmarks (in particular the Bookmarks Toolbar) and passwords. Two questions:

(1) How do I ensure that the my Basilisk sync takes priority in syncing my Pale Moon bookmarks and passwords?

(2) How does one set-up sync for Basilisk so it syncs between browsers on my laptop and desktop and then takes priority over the Pale Moon installations?

Thanks in advance!

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Basilisk to abandon Firefox Accounts

Unread post by Moonchild » 2018-12-18, 16:32

Sync by default merges data from different installations. There is no "priority" to assign.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dapgo
Fanatic
Fanatic
Posts: 206
Joined: 2016-10-11, 11:36

Re: Basilisk to abandon Firefox Accounts

Unread post by dapgo » 2018-12-19, 12:08

Agreed with @rodndtube
I read about it after having Basilisk updated ( yes I have the option "Check for updates, but let me choose whether to install them" but I was moving the profile folder and I run with a void profile folder...)

For me the previous sync was a very useful feature, as I have to use Quantum Firefox and Android versions, so I was able to sync my basilisk bookmarks to them and also to send tabs.

Regarding "...tightening up all their service use for non-MozCo clients" IMHO Firefox has to consider PM/basilisk/Waterfox allies and not enemies, otherwise it would be worse for all.
Last edited by Moonchild on 2018-12-19, 12:27, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Basilisk to abandon Firefox Accounts

Unread post by Moonchild » 2018-12-19, 12:37

dapgo wrote:IMHO Firefox has to consider PM/basilisk/Waterfox allies and not enemies, otherwise it would be worse for all.
I dare you to go to Mozillazine and state this opinion ;)

We are not considered allies because of one simple reason: the for-profit Mozila Corporation wants to retain as many of their users as possible and does not want more users bleeding away to alternative forks of their own code base, because it will cost them revenue. We have already been actually accused of stealing code, and even of "extorting money"[1] by a prominent Mozilla employee! "Stealing code" -- can you believe that, for an Open Source product? It shows you without question how Mozilla regards us.
dapgo wrote:For me the previous sync was a very useful feature
I'm sorry that it causes you inconvenience, but we can't keep hoping to interact with a service that is at the whim of arbitrary changes by MozCo at any point in time, including but not limited complete exclusion of us after people have come to rely upon it.

I also did not see a reason to make a big announcement prior to release about this because all it does is cause some inconvenience for a small percentage of UXP users, and does not risk anything else. All that happens with the upgrade is that Mozilla's Sync will stop working. No data is lost.


[1]https://mozilla.logbot.info/seamonkey/20160302#c661429
Last edited by Moonchild on 2018-12-19, 12:55, edited 4 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Basilisk to abandon Firefox Accounts

Unread post by Isengrim » 2018-12-19, 14:13

I'm actually glad to see this feature go. There have been a few reports elsewhere on the forum of users attempting to sync their FF Quantum accounts with Basilisk, only to find part or all of their profile hosed. One user actually accused us of "illegal false advertising", which is nonsense (and then they went to complain to Moz support about it, who basically said the same thing). From a maintenance and support perspective, I think FxA was just a burden.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

dapgo
Fanatic
Fanatic
Posts: 206
Joined: 2016-10-11, 11:36

Re: Basilisk to abandon Firefox Accounts

Unread post by dapgo » 2018-12-19, 15:08

Moonchild wrote:We are not considered allies because of one simple reason: the for-profit Mozila Corporation wants to retain as many of their users as possible and does not want more users bleeding away to alternative forks of their own code base, because it will cost them revenue.
Maybe they think so but most users moved away just when a need was not satisfied by FF, such as performance, Australis, XUL support, 64bits etc .. so if there is not alternative in the FF family they probably will move further; to Chrome, Opera,...
Moonchild wrote: We have already been actually accused of stealing code, and even of "extorting money"[1] by a prominent Mozilla employee! "Stealing code" -- can you believe that, for an Open Source product? It shows you without question how Mozilla regards us.
As you said it is Open Source so it is possible, so this accusation is just his personal and worthless opinion.
Moonchild wrote: I also did not see a reason to make a big announcement prior to release about this because all it does is cause some inconvenience for a small percentage of UXP users, and does not risk anything else. All that happens with the upgrade is that Mozilla's Sync will stop working. No data is lost.
Agreed, and in fact I can move back to 201811 if I really miss the function.

BTW the new sync alternative would allow more interoperability if Palemoon for Android will be back... (just hoping...)


[1]https://mozilla.logbot.info/seamonkey/20160302#c661429[/quote]
Last edited by dapgo on 2018-12-19, 15:11, edited 2 times in total.

CharmCityCrab

Re: Basilisk to abandon Firefox Accounts

Unread post by CharmCityCrab » 2018-12-19, 19:17

I think this is a smart move. It makes no sense to rely on back-end servers owned by another group without their permission if you don't have to. That's always going to put a service on shaky ground, because the back-end people can cut them off or introduce severe incompatibilities without notice. Basilik's owners taking control of their own sync system should result in a more reliable predictable service that is more fully in the control of the project.

I would perhaps feel differently if Firefox Sync was being run by Mozilla or another foundation as a free or paid service or server officially available to all open-source browsers, or if MoonChild Productions had a service agreement with the company. Given that those don't seem to be the case, it makes total sense to move things in house.

Also, by using the Pale Moon sync system and servers, it's reducing the overall potential workload for developers of Pale Moon and Basilik. Instead of having to maintain two separate sync systems, they maintain one sync system, possibly with a few bits and pieces that have to be maintained a little differently.

It's similar to the way both browsers use the Unified XUL Platform. Something like the Unified XUL Platform is a good way for browsers and other applications maintained by people or organizations unrelated to the one that maintains Pale Moon and Basilik to pool their development and server resources together with the Pale Moon and Basilik people to some degree- MoonChild and co have have granted permission, and other projects using the platform could contribute patches upstream or even become joint or associate developers who officially split the workload with the Pale Moon/Basilik people. There is definitely an important place for shared new code and shared resources that would make things better for all of the non-major browsers, but it's kind of got to be offered the way the Unified XUL Platform is and not just kind of latched on to a server and a service that doesn't want it. Of course, every open-source project has the right to use the code from other open-source projects (Including Firefox), and should when it makes their products better for their users, but that's different from actually relying on a service that hasn't been offered and can be cut off at any time without notice like Firefox Sync.

Firefox has no room to complain about forks of their browsers that comply with the open-source licenses that Firefox is licensed with- those complaints are totally out of line. They might have some room to complain about other browsers using their services and servers without permission, though- and even if one doesn't agree, just the fact that Mozilla has the legal right to discontinue such use and has never agreed to such use is a good reason for other browsers to avoid using those services and servers if they can.
Last edited by CharmCityCrab on 2018-12-19, 19:25, edited 4 times in total.

User avatar
rodndtube
Fanatic
Fanatic
Posts: 122
Joined: 2017-08-30, 13:06

Re: Sync for Basilisk & Pale Moon, was: to abandon Firefox Accounts

Unread post by rodndtube » 2018-12-19, 22:42

I am not a super coder but am certainly a user. Not a novice, but not an expert. My 2 cents on setting up one's sync between your Basilisk and Pale Moon installations (I have both browsers on my laptop and desktop). My desktop is my "lead" platform and Basilisk is my "primary" browser.

I was having trouble in attempting to get the new Weave Sync working on my Basilisk and Pale Moon installations using my existing sync passwords/accounts (e.g., the pre-existing Pale Moon Sync account). So, this is what I did that worked for me:
1) Backed up my bookmarks and passwords for the installations
2) Disabled my existing Pale Moon syncing
3) Established a new Pale Moon account name on my desktop's Basilisk installation and then generated a new Sync recovery code via the management tool (not the 3 sets of 4 characters, but the long code that you can use on your other place installations)
4) Activated my new Pale Moon Sync accounts on my laptop Basilisk installation and then my Pale Moon installation.

The accounts appeared to sync rather well for the most part. However, some Toolbar Bookmark Folder bookmarks are jumbled up, lost their ordering). The other issue is bookmark icons

For some reason the Pale Moon (and Basilisk maybe) syncs dropped many of the Bookmarks Toolbar Icons (i.e., blank icons until you click on it or use an Add-On/Extension to refresh them). Somebody may be able to recommend a "refresh" extension/Add-On that one can run to refresh all the bookmark icons (I have used FavIconReloader in Basilisk and apparently Pale Moon). Most websites build in a default icon so this is usually not a big challenge.

Most challenging these days is generating a unique Bookmark Folder Icon--this used to be a simple task in pre-v55 Firefox and is still easy to do in Pale Moon (right click on the default folder's plain vanilla icon) using the Add-On/Extension, Bookmark Favicon Changer. I am somewhat at a loss on how to do this in Basilisk now--for awhile I was able to use "Bookmarks Folder Images" (and the complimentary "Bookmarks Favicon Images"), but I am not sure this is still possible. Having this feature built-in Basilisk would be great!!!

pablo4096

Re: Basilisk to abandon Firefox Accounts

Unread post by pablo4096 » 2018-12-20, 16:53

HI i have a problem with the synchronization of the basilisk.
after pairing the browser with palemoon, all data was downloaded.
But in the synchronization tab I get the message "Wrong Recovery Key" :wtf: .
I checked the key and it is the same as in palemoon. :|
I use the Basilisk on two computers (portable 32bit and portable 64bit) the same problem occurs on both browsers.
I checked the data on the basilisk they do not synchronize :? .

User avatar
rodndtube
Fanatic
Fanatic
Posts: 122
Joined: 2017-08-30, 13:06

Re: Basilisk to abandon Firefox Accounts

Unread post by rodndtube » 2018-12-20, 21:56

pablo4096 wrote:HI i have a problem with the synchronization of the basilisk.
after pairing the browser with palemoon, all data was downloaded.
But in the synchronization tab I get the message "Wrong Recovery Key" :wtf: .
I checked the key and it is the same as in palemoon. :|
I use the Basilisk on two computers (portable 32bit and portable 64bit) the same problem occurs on both browsers.
I checked the data on the basilisk they do not synchronize :? .
This opens a broader question, "Are extensions being abandoned as well?" Most, if not all, of the extensions listed via Basilisk's Add-Ons link are for the new Firefox v57+. It is fair to say that I really can't find several of the key extensions I use in my Basilisk installation. I am not sure why a new user would migrate to Basilisk if no extensions were readily available.

Since moving to the new sync (Weave 1.1), there are several bookmark icons that no longer appear even after clicking on the bookmark link -- it is kind of hit and miss. My other installation of Basilisk appears to have sync'd okay, but there is not friendly handshaking syncs between Pale Moon and Basilisk.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Basilisk to abandon Firefox Accounts

Unread post by Moonchild » 2018-12-20, 22:01

rodndtube wrote:Are extensions being abandoned as well?
Why is it that people can only think in all-or-nothing extremes these days?... Change one thing and immediately always the question comes up "oh are you going to remove this and that too then?" I don't get it.

Answer is no, but we need to adjust the addons site for use with more than one application. The fact that Mozilla yanked all compatible add-ons is not our doing. Please be patient, solutions are being worked on.
rodndtube wrote:there is not friendly handshaking syncs between Pale Moon and Basilisk.
This was never a guarantee or even a tested scenario. At the moment we are looking at different versions of the Sync client in Pale Moon and Basilisk. This will be equalized in the next Pale Moon release at which point it'll likely work better to sync between these different applications.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
rodndtube
Fanatic
Fanatic
Posts: 122
Joined: 2017-08-30, 13:06

Re: Basilisk to abandon Firefox Accounts

Unread post by rodndtube » 2018-12-20, 22:13

Moonchild, thank you for your reassurances. I did not know that Firefox had pulled the extensions access, although not surprising.

Happy Holidays and I look forward to Basilisk in 2019 :)

CodeLurker

Re: Basilisk to abandon Firefox Accounts

Unread post by CodeLurker » 2018-12-31, 11:17

I read that chat log; and while I'm not a dev on either project, my take on it is that when it comes to SeaMonkey, Tobin is completely right, and KaiRo is completely wrong. He says they don't have the staff at SM to "modernize" it like FF. While e10s is an important modernization; most of the rest of the "modernization" at FF isn't desirable at all. They busily break old plugins, such that there is no decent session manager in FF anymore - and won't fix it so there can be. They increase "telemetry" right and left; otherwise known as spyware. They support storing settings in their closed cloud; which only creates distrust on the part of users smart enough (and with sufficient historical grounding - millennials, read about the Stasi some day) to be concerned at the way privacy is compromised. It keeps looking and behaving more and more like Chrome (no search bar, a hamburger menu, neutered plugins); which *** SURPRISE ***, not everybody loves. FF accounts. FF pockets. Give me a stable browser with good plugin compatibility, any day; over any of that crap!!! To my way of thinking, e10s, and some HTML5 compatibility, are the only improvements FF has made in recent years that I care for. Does FF poll regarding, or even care about, the features its users actually want? Was there ever a group of FF users that said "Please break the non-WebExtension plugins, even if they can run under e10s without problems?!!! "Please don't give us the option!"???

Anyway, the reason Tobin is right and KaiRo is wrong; is I have read complaints from the SM team, that Mozilla keeps breaking the rendering engine for them; such that they keep having to put time into getting it to work for SM. THAT is the biggest reason SM is making little progress; not because it needs this so-called "modernization". They are busily fixing the backwards compatibility that FF might be leaving alone, but instead, keeps breaking. It may have been in the "Future of SeaMonkey" thread that I read this.

Locked