Sync and Passwords

So I am looking at Firefox's new plugin, Weave Sync.

Weave is a comprehensive synchronization tool for people who browse on multiple computers. It syncs everything between multiple versions of firefox except your plugins. Guess we'll have to get beyond version 1.0 for that. Even so, Weave offers near-instant sync of

  • bookmarks
  • open tabs
  • browsing history
  • passwords

(Um, passwords?)

Weave tries to sound secure: “all of your data is encrypted end-to-end to ensure your privacy.” But that is not what worries me.

I am, in most ways, the exact sort of person for whom this was designed. On any given day I may use four different computes: office, study, laptop, even maybe a short stint on the kid's game machine in our family room. I am heavily reliant on dropbox to sync working documents. I use xmarks to sync bookmarks. I'd love to be able to sync open tabs to make a more seamless experience as I migrate from machine to machine. (And sooner or later I'm going to migrate my scrapbook to dropbox so I have only one master set of archives instead of home and office versions.

Xmarks will store passwords, but it has a nice feature that allows me to choose on a machine-by-machine basis whether I want to require a special login before passwords become accessible. Since I travel with my laptop, and there's always a chance it might get stolen, I don't want to have my password-protected data accessible to someone who gets a hold of the machine. (But that's not without its risks too.)

If I understand the release notes, Weave has a feature similar to Xmarks to deal with the traveling password issue:

If you use a master password, Weave Sync will automatically connect after you enter in your master password. Weave Sync will stay disconnected until you enter your master password or you choose to manually connect.

I often hibernate my machine instead of turning it off. What worries me is that this sync will become so seamless that I'll forget my passwords are accessible. Either that, or I'll have to always at least close the browser between sessions. That's a risk with Xmarks, and I suppose it's not going to be much different with Weave?

I'd be interested in hearing in comments from anyone using Weave; I'm about to go out of town for a conference, and I don't think I'll do anything to change my workflow until I'm back, just in case something might break.

This entry was posted in Software. Bookmark the permalink.

2 Responses to Sync and Passwords

  1. Like many other Firefox and MSIE features (tabbed browsing within a single window, perhaps most notably), this new offering for Firefox is an attempt to replicate a feature already included in the stock Opera distribution. In Opera, this is called “Opera Link”. It’s installed by default, although nothing is sent to Opera’s server’s unless you choose to use the feature. I’ve been tempted, but I haven’t used it because I don’t want my passwords, bookmarks, etc. to be obtainable by governmental or commercial third parties from Opera. If you _are_ going to use one of these services, Opera’s privacy policy for Opera Link data is stronger than Mozilla’s privacy policy for Weave (note that Opera’s refers to “unless required by law” without the exception in Mozilla’s policy “or if necessary or appropriate to address an unlawful or harmful activity”) and, even more importantly, is subject to Norwegian rather than USA law, so you can make an access request under Norwegian data protection law to find out what info Opera has stored, and a log of any disclosures, which you can’t do with Weave data.

  2. lbt says:

    For your laptop use LUKS
    I set this up for all our Ubuntu machines at work and it’s an excellent solution.

    A normal Ubuntu install (using the Alternate Installer) allows you to select an encrypted disk based installation.

Comments are closed.