Weave... Mozilla Is Trying To Be More Social

Cassanova writes "Weave is the newest Mozilla Labs project. It allows the user to save browser settings on Mozilla servers (Favorites, sessions, passwords, etc.) and load them from anywhere. With this project, Mozilla is trying to be an online services provider, which is an important step. But can Mozilla labs get over the privacy issues?"

so use encryption.

[gbjbaanb (229885)]

anyone can get over the privacy issues, Mozilla just needs to encrypt the user's settings with a strong key and store the encrypted data to the server. Only the user can decrypt it (assuming he remembers his passphrase) and you're done.

If you make this a non-optional feature then it can be touted as a big privacy win and people will surely be happier wit it. If you allow the passphrase to be stored locally then ease of use is solved too (obviously you'd still need to enter it if you used a browser not on your home PC, but that's ok).

Re:so use encryption.

[Negatyfus (602326)]

Actually, that's what they do now. From the article:

• We currently encrypt on the client all data that gets placed on the server, with an encryption passphrase that only the user knows.
• We kept the server intentionally dumb and standards-based, so that anyone can set up a server for themselves and/or their friends or company.

Re:

[by Anonymous Coward]

This is slashdot, don't expect anyone to RTFA.

Re:so use encryption.

[Henry V .009 (518000)]

I've always hoped that Google would make this an option with gmail. Encrypt all data stored on their servers, add encryption on sending, and they'd have a wonder application. Not that Google (owner of Doubleclick) makes any money from user privacy, of course.

Re:

[xenocide2 (231786)]

It wouldn't matter. At some point, email is transmitted in the clear. Either you trust Google or you don't. If you don't trust Google, they're receiving all your mail in the clear, so they're already capable of violating your "privacy". If you do trust them and still want your data encrypted, you're not getting much benefit -- the data still goes to recipients in the clear, and they can still receive copies.

You're probably better off with thunderbird or evolution or something and gmail IMAP, where you can s

Re:so use encryption.

[Nullav (1053766)]

You're right. If only we could force them to release the source code or something, then we could just look.

Re:so use encryption.

[JustOK (667959)]

look and see the actual source code running, or look at what they say is the source code?

Re:

[Nikker (749551)]

There's a way! I just sent out the patent, I'm calling it "compiling". See you "compile" the "source code" then you can check to see using a program that I will write called "diff"(like difference) to see if the files differ. If they do then its not the same! Wow I'm gonna be rich!

Re:

[caferace (442)]

Build it yourself from source, and run it on your own server. Gosh.

Re:so use encryption.

[by Anonymous Coward]

Paranoiaville, here we come!

Who told you we were going there? How did they know? You told them, didn't you?!?!?

Re:

[RonnyJ (651856)]

Firstly, this looks basically like Opera's Link [opera.com] (although I don't think that supports passwords etc yet).

Security-wise, although I can see that many people would like any stored data encrypted so the service provider can't make use of it, that'd mean the user's computer would need to encrypt/decrypt it client-side. If you want to be able to access information from a bog-standard HTML interface (which I believe Opera Link allows), the service provider needs to be able to decrypt your information server-sid

I don't think they are

[johannesg (664142)]

After all, this is a magnificent opportunity to build the greatest list of porn links the world has ever seen!

Re:

[by Anonymous Coward]

no way, I'm not sharing and I'm responsible for over 30% of internet masturbation!

online, online, and online again

[Paolo DF (849424)]

I understand that all this online frenzy hit all major players in the IT field, but I still think that the Internet as it is now is not ready for this, and, in parallel, a lot of people don't feel ready for this.
By the way, good luck to Mozilla; it is always good to have more than one player.

Re:

[KlaymenDK (713149)]

I think anything that can make a computer workstation as generic as a television is a good idea; the challenge lies in handling the user data/settings. If everything was online and online again, you would not need X-on-a-stick but only to log in to your online profile from any workstation.

Hm, imagine that. Having a workstation that from the ground up is equipped to handle roaming users, even across the internet. There would be issues with compatibility and installed software, but assuming the basics (OS log

Re:

[Enleth (947766)]

Well, you can pry my self-contained, customised ultraportable laptop from my dead, cold hands. And only then. I have yet to see a web-based application that is as fast and convenient to use as a native program and doesn't get in the way due to being a slightly overpowered web page. And I have yet to see two (let alone any more) separate web applications that have a consistent look&feel, which is a critical feature of any *work*station, that is, a computer used for doing some kind of *work*, not wasting

Re:

[KlaymenDK (713149)]

True, that. The eye candy is always the first thing to go in, and the productivity last (if at all).

Re:

[peragrin (659227)]

Unix was there for the local network 15 years ago. You would walk up to any terminal and could log in with all your settings, preferences intact.

It worked over the Internet too, but the general internet had way to much lag for X applications to run that way. It would be possible now if it weren't for MSFT and thier silly dog Apple. MSFT has done one good thing though, they brought down the cost of the hardware so everyone can afford some. Now if only they would bring down the cost of their OS so people

Re:

[Nullav (1053766)]

Hm, imagine that. Having a workstation that from the ground up is equipped to handle roaming users, even across the internet. There would be issues with compatibility and installed software, but assuming the basics (OS login, browser bookmarks, yadda yadda) it would be a fair step towards ubiquitous computing. Ah, the future ... are we there yet? Are we there yet? Are we there yet?...

Well, I've run across two [gopc.net] services [zonbu.com] like that recently.
GOPC, while closer to 'save once, read anywhere' is ridiculously limite

Useful enough?

[headkase (533448)]

I think it depends on personal preference. If it was opt-in and encrypted on your end before it was stored on Mozilla servers then they send you the (encrypted) data on local load of Firefox then you enter your secret password/phrase (or have it come out of the wallet or equivalent) to decrypt it, again, locally then there wouldn't be *any* privacy issues. And if you chose to use it it would definately come in handy for those instances where the OS unexpectedly borks itself on you and you have to reinstall. Then install firefox, enter your access code and at least that part it back to pre-bork settings.

I wouldn't use this

[caluml (551744)]

I wouldn't use this. After all, the bookmarks I have at home are different from the ones I have at work. :)
I can't envisage a time when I'd need this. Plus it's very easy to SCP my bookmarks.html from my PC at home if I need them - or a simple SSH and grep to find the precise one I want. A solution in search of a problem?

Re:

[cavtroop (859432)]

No, just a solution that doesn't fit what you are looking for. Me? I use Foxmarks to keep my bookmarks synced between my multiple machines. Having sessions/passwords etc sync would be great, once I could get over the privacy issues.

If you haven't looked at Firefox 3...

[FooAtWFU (699187)]

If you haven't looked at Firefox 3 beta, there are some crazy new bookmark features, including "smart" bookmarks generated from frequently-visited sites and such. There's also bookmark tagging. This must fit in very nicely with the "weave" strategy.

I'd be worried if I were del.icio.us. Not panicked, just worried. :)

They need to focus on maintenence, too.

[by Anonymous Coward]

There are a lot of new features in Firefox 3. But there has also been a serious neglect of the maintenance aspect of software development.

I know maintenance is not as glorious as adding new features, but it's still very important with each new release to fix the problems that were found with previous versions (or at least verify that such problems no longer exist).

While some small number of people might like these new bookmarking capabilities, I think they should have spent more time on fixing some of the i

Re:

[bunratty (545641)]

They have been spending lots of time fixing those issues. Are there any specific bug reports you think should be addressed? Any particular site or feature you're having a problem with?

If you cannot or will not track down the problems you're complaining about, and they persist even after creating a new profile and trying other fixes in the MozillaZine Knowledge Base [mozillazine.org] and asking for help in the MozillaZine Forums [mozillazine.org], you should simply switch to another browser. Why put up with serious problems when there are so

Re:

[idealego (32141)]

If you haven't already, try Firefox with a fresh profile.

Re:

[bunratty (545641)]

No, creating a new profile does not cause you to lose any information. You can import your old settings to the new profile [mozillazine.org].

The advice to create a new profile also has nothing to do with memory leaks in Mozilla software. If you're experiencing bugs in Mozilla software, you'll still see them with a new profile. If creating a new profile fixes a problem, it was due to a bad extension or other bad setting. In some rare situations, it may be possible that a perfectly reasonable setting triggers a bug in Firefo

Id like to see

[The Cisco Kid (31490)]

a way to save bookmarks, etc on *MY* server. (By "My server", I mean my personally owned and operated FreeBSD box I have colo'ed', not what the average moron might mean where they confuse 'server' with 'service provider' and use 'my server' to refer to their ISP)

So privacy and security concerns go away (or at least, would be under my control rather than someone else's), but all the same functionality is there.

Re:

[One Childish N00b (780549)]

[I'd like to see] a way to save bookmarks, etc on *MY* server. (By "My server", I mean my personally owned and operated FreeBSD box I have colo'ed', not what the average moron might mean where they confuse 'server' with 'service provider' and use 'my server' to refer to their ISP)

From TFA:

We kept the server intentionally dumb and standards-based, so that anyone can set up a server for themselves and/or their friends or company.

Re:

[One Childish N00b (780549)]

I hate to want to reply to own post, but just in case you think TFA is just some goof with a Blogspot blog, the original quote is from Mozilla Labs [mozilla.com], specifically from Dan Mills [sandmill.org], a FireFox dev and former Novell engineer - definately not the average moron [sandmill.org].

Privacy issues? What privacy issues?

[One Childish N00b (780549)]

If you don't want to use it, don't download the extension. To use it, you have to:

  - Go to a site
  - Create an account
  - Download an extension (on every single computer you use)
  - Put in your username and password (again)
  - Put in a private encryption passphrase
  - Manually click the 'Sync' button.

Only then will it start automatically updating your bookmarks. If you have privacy issues about uploading your bookmarks to Mozilla's servers, then you can quite easily back out at any of these points, or not bother at all. If the fear is that they will share your bookmarks, then simply don't give them any to share. This is not a feature that is on by default, and the blog linked to even specifies that, if you're that paranoid about giving them your data, there will be a way to set up your own Weave server, so no-one but you will be able to know you visit PissMidgets.com

Slightly sensationalist article methinks.

host it yourself?

[evilmoo (1213394)]

From the debugging logs, it seems like the information is just stored on a server via HTTPS+WebDAV. So if you control a web site (and you trust it more than you trust Mozilla), just change the Server Location (in Advanced Settings) from "https://services.mozilla.com/" to your own server. You will have to create a directory underneath that is the sha1sum of your account name, and it is up to you to set the permissions on the directory properly so that no one else can access it. Of course, this is all just an educated guess, but... "The rest is left as an exercise to the reader." :)

Great to have another vendor

[KlaymenDK (713149)]

Great to have another choice of vendor to store my browser profile at. I've been asking Mozilla for a roaming feature for years. I've seen the plugins that do this, but they host my data either at a company that's unknown to me, or that I don't trust.

I have suggested the option of entering login info for an FTP server that you own (or have access to), so you don't have to rely on someone else, but it's no surprise that it's not going to happen unless Mozilla themselves go after it (or I write it myself, exc

Google Browser Sync

[eht (8912)]

Google Browser Sync [google.com]

And it's about as secure as your Google account already is. Whatever that means.

Re:

[draziw (7737)]

I use the software just syncing bookmarks (with encrypted checked). It works great - but it doesn't work with Firefox 3 beta yet. :( I may try Weave as a workaround.

--
+1 for karma, +2 for low user id, -2 for mention of user id.

Sure ...

[ScrewMaster (602015)]

But can Mozilla labs get over the privacy issues?

Encrypt, encrypt, encrypt ... and then hope that nobody sues them anyway.

Opera?

[JLennox (942693)]

I'm suprised at the lack of mention that Opera has had this feature since September.

Publish the protocol please!

[IGnatius T Foobar (4328)]

Please, Mozilla people ... document and publish the protocol! We would like to be able to save our bookmarks/passwords/sessions on our own servers, not yours (or Google's). We would like to have our browsers talking to back end systems that can do something useful with that data. Please make this useful!

Re:

[pembo13 (770295)]

well, I read through the comments, would suggest you do the same

Link

[jpkunst (612360)]

Link to the actual Mozilla Labs project page instead of to some blog: http://labs.mozilla.com/2007/12/introducing-weave/ [mozilla.com]

I should sue them

[weave (48069)]

I should sue them for profiting from my good name, damaging my reputation and causing confusion among the masses.

Excellent idea

[horza (87255)]

This is really useful. At the moment there is the Foxmarks plugin for bookmarks, which is excellent, but it would be nice to have a sync for Firefox / Thunderbird / Sunbird with all my preferences. I could reformat a machine and be mostly operational within seconds (especially if I took the time to create my own custom Ubuntu [aperantis.com]). Then I would just need to import my Pidgin preferences.

Other than passwords, there aren't any privacy issues for me. If someone hacks my account and discovers my bookmarks or which c

a few options

[josepha48 (13953)]

They could let you store it on their server, but allow you to encrypt the data with your own PGP key. You would have both the public and private keys for your data and only you would be able to access them.

Or they could let you choose which server you want to store the data on, maybe you would have your own server setup and you want to use that instead of theirs.

Re:

[ParaShoot (992496)]

Why? What would you rather see - "she" written throughout the article? How would that be any better? "It"? "He/she" or "s/he" everywhere? Cumbersome and ugly. "They"? Grammatically incorrect, despite being used everywhere. "One" just sounds weird and formal (and the article isn't written in German).

An arbitrary choice was made. Pick "he" sometimes and "she" at other times, if it bothers you that much. More importantly, stop making big issues out of nonexistent ones - you understood the article, didn't yo

Re:

[McDutchie (151611)]

Why? What would you rather see

Yo. [metro.co.uk]

Re:

[KlaymenDK (713149)]

You need to learn Finnish, which has only one word for "(s)he". The finns I know all speak weird English as a consequence, but that's another matter:
Finn: She's looking for you.
Me: Who is?
Finn: Klinger is.
Me: O_o I thought Klinger was a ... nevermind.

Also, in Sweden, if you ask somebody the time, (s)he'll say "She's 11:37."

Re:

[ScrewMaster (602015)]

I had to read the article 3 times to even notice the apparent sexism and I'm always very careful about what I write so as to not offend your type.

I always read everything carefully, but I don't bother trying to avoid offending someone with a hypersensitivity to non-issues. Political-correctness is a waste of time and energy that provides little practical benefit.

Re:

[jcaldwel (935913)]

This makes me cringe, too, but technically, according to Webster, "he" can be used in the "generic sense or when the sex of the person is unspecified". [merriam-webster.com]

I can't call the language non-biased, but the bias exists in the English language itself.

That being said, the author should have followed basic writing etiquette and replaced the pronouns with him/her, he/she, etc... or, get rid of the gender-biased pronouns altogether and restructured the sentences to use words like "oneself".

Re:

[kestasjk (933987)]

"he/she, him/her, males and females, masculine and feminine"? Not she/he, her/him, females and males, feminine and masculine? So you're saying men should always come first are you?

Why don't you just get off /. and get back to beating your wife?

Plugins

[poptones (653660)]

It has been done with plugins. Mine stores 2GB and I keep it on my keychain.