[PLUG] Sync sucks, downgrading firefox, then alternatives

Keith Lofstrom keithl at kl-ic.com
Sun Apr 25 01:57:49 UTC 2021 

Best Mozilla alternatives?

In order to enable some misbehaving web videos, I made
the foolish mistake of updating firefox on my desktop
machine yesterday.  Silly me, "update" in Firefox-eze
means "submit to Mozilla arrogance, delete older data."

In this case, it means that Firefox now requires "Sync"
and "Lockwise".  Passwords stored (allegedly encrypted)
on Mozilla servers. 

With a password I don't have anyway.

No f***ing way are my passwords leaving my machine.  No
f***ing way will Mozilla Galactica get any password or
hash thereof.  It's bad enough that I trust their
allegedly-open-source browser to access my passwords (*)

My systems are designed to keep running when the internet
(or the cable modem, or the power grid) does not, with
local html copies of all the important html content that
I create.  Different machines have different sets of
passwords, and the portables do NOT have most passwords, 
Bank and health passwords are "stored" on paper and
locked in a safe.

No external password storage, except unique passwords for
each web-service (stored here on a subset of secure
internal machines, and on backups).

Grr.  I want to give the Mozilla designers wifi-enabled
pacemakers, then switch off the wifi.  Instead, I shall
keep calm and find truly open source alternatives.

I do have daily backups of the .mozilla files.  Also,
a few months ago, I printed out my Mozilla passwords
(about 200 of them) and keep them "in a safe place".

So for now, I will delete the newer firefox, then reinstall
an older version without "Sync", and a backup version of
.mozilla/firefox/ to verify those older passwords work.

Then I will move on to Chromium ... presuming that does
not use the same insane offsite password storage method.

Any other suggestions? 

Keith L.

(*) P.S. In theory, I can read Firefox source and prove
that my passwords are properly encrypted and decrypted
before they are sent to and from Mozilla.  In actuality,
by subtle misuse of API calls and function prototypes,
encryption can be crippled.  I am not nearly clever
enough to find subtle exploits in Firefox code, and
few of us bother to try.  No verify, no trust.

-- 
Keith Lofstrom          keithl at keithl.com

More information about the PLUG mailing list