nitori

nitori wrote (edited )

I would've suggested self-hosting the sync, but god, trying to self-host Firefox Sync looks like a nightmare. Not only do you have to build the Sync 1.5 server, you also need to build the authentication server which is separate.. Really glad Pale Moon never adopted that and stuck with Weave/Sync 1.1 (even though it uses a mozilla-esr 52 base which long abandoned Weave, it's cool they got it back during the forking). Even if the sync server gets compromised it's guaranteed they will never be able to read your synced data, because the decryption key is never sent to the server (only the data in encrypted form is) and the encryption/decryption is done locally. This is very unlike Sync nowadays with Firefox where convenience seems to have trumped over security (anyone who has your Firefox Accounts password can retrieve the decryption key for the data stored in the Firefox Sync server)...

5