Closed Bug 1202810 Opened 9 years ago Closed 9 years ago

iOS' "Clear Private Data" option wipes all saved passwords / logins from Sync

Categories

(Firefox for iOS :: Sync, defect)

Product:
Firefox for iOS
Component:
Sync
Platform:
All
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1191450

People

(Reporter: danemacmillan, Unassigned)

References

Details

I don't know if this is related to sync or not, but since this morning none of my passwords auto-populated on the various sites I visit. Upon going into the preferences to look at all the saved passwords, I realized there are no saved passwords listed anymore. I had upwards of 150 passwords. Note that I'm using the latest version of Nightly [43.0a1 (2015-09-08)], and my passwords were available yesterday, and possibly before the update this morning, though I'm not sure, as I typically update the browser first thing in the morning. I can't pinpoint exactly what might have happened, but this is what I did this morning: - Updated Nightly to today's latest version. - Installed Firefox on iOS from the New Zealand App Store and signed into the browser on iOS (for sync). I can't be sure which could be responsible, but the end result is the same. Firefox sync is my backup solution for passwords, so this is terrible if the data is lost forever.
Adding :rnewman because of possible FxiOS link (although he probably still watches the "Firefox:Sync" bugzilla category anyway)
Ryan: yes, I still follow Sync components, but not this one :) I don't think I'd point the finger at iOS here yet if this is really a deletion: it definitely doesn't support wipe, and a clean device won't have any reason to merge and upload deleted records. My speculation is the Nightly update (we occasionally see data loss due to shutdown of upgrade bugs) or a handshake bug between iOS and desktop. Dane: is there a signons.* in your profile directory? Is it mostly empty? Are there any .baks? Regardless, I recommend not trying to use Sync as a backup service. Even if the storage is mostly durable, it's not designed for recoverability, has no archiving or versioning, and if the data is gone from the server and no client has a copy, it's really gone.
Hi, Richard There is no signons.* directory or file in my profile directory. The closest to that name are signedInUserOAuthTokens.json and signedInUser.json. There are no *.baks anywhere, either. Given that data loss is a terrible thing, will there ever be a built-in option to export passwords? As it stands, passwords are more or less held captive by Firefox without any native way of saving them in the off chance that an update happens to whipe critical/sensitive passwords. If that's not ever going to be an option, will versioning in Sync, or a week's worth of syncs ever be available to revert data in case of loss?
(In reply to Dane MacMillan [:danemacmillan] from comment #3) > There is no signons.* directory or file in my profile directory. The closest > to that name are signedInUserOAuthTokens.json and signedInUser.json. There > are no *.baks anywhere, either. Sorry, logins.json. I was replying from my phone and didn't have a profile dir to refer to. > Given that data loss is a terrible thing, will there ever be a built-in > option to export passwords? As it stands, passwords are more or less held > captive by Firefox without any native way of saving them in the off chance > that an update happens to whipe critical/sensitive passwords. I'm afraid I have no idea. They're just stored in a flat file, so that's easy enough. > If that's not > ever going to be an option, will versioning in Sync, or a week's worth of > syncs ever be available to revert data in case of loss? I very much doubt it. It's more likely that someone will build a new online password service.
There is a logins.json file, but unfortunately it's mostly empty, except for the handful of new credentials I have saved since yesterday's data loss.
If you're on a Mac, you can try using Time Machine to recover an earlier version of that file. Same-disk Time Machine has saved my ass multiple times.
After a couple days of saving passwords, I synced with Firefox on iOS again and shortly afterwards realized that all my passwords were deleted again. I'm not certain there's a direct link, but on a purely anecdotal assumption I'd say there is.
And again. I've signed out on Firefox mobile for iOS. This will likely not happen anymore.
Dane: did you ever do Settings > Clear Private Data on your iOS device?
Flags: needinfo?(work)
(In reply to Richard Newman [:rnewman] from comment #9) > Dane: did you ever do Settings > Clear Private Data on your iOS device? I have, though I can't be certain of the timeline for cause/affect. At this point I have not made any grand attempts at restoring all the passwords I can remember, so I will test this out. One thing I *have* gotten suspicious about is this, though I could be way off, but it feels this way: For one, I have never had Firefox on iOS auto-fill any passwords or even offer that option when I know the password has been saved on desktop, so when I retype my credentials on iOS, I'm asked whether I want to save them, and I choose "Yes." Anecdotally, anyway, it feels like saving them on iOS causes a sync, which then wipes every other password that may have been saved by the desktop version. I'll give this a test, too.
Flags: needinfo?(work)
Do you think we can move this bug to the "Firefox for iOS" product category? It really feels like it should be there, and it would get more exposure. Until I used Firefox for iOS, my passwords were fine--for years. The day I installed the iOS version, suddenly they have been wiped from existence.
Product: Firefox → Firefox for iOS
Version: 43 Branch → unspecified
Okay, I realized I could do this myself.
I have the steps to reproduce this every single time: 1) Ensure that a desktop and mobile version of Firefox are both synced to the same account. 2) Save new password on desktop. Run sync. 3) Run sync on iOS app. Observe autofilled password on the site with newly-saved credentials. 4) On desktop, open "Saved Logins" and hit sync. Observe that passwords are still intact. 5) With desktop "Saved Logins" still open, go to iOS app -> Settings -> and click "Clear Private Data." Run sync on iOS. Run sync on desktop. 6) Observe that ALL PASSWORDS HAVE JUST DISAPPEARED on desktop and mobile. ---------- I have run through these steps multiple times with the same outcome: passwords are completely wiped. This is critical. This is not what "Clear Private Data" should do AT ALL.
Okay, the steps are even simpler: - Just ensure two devices are synced to the same account with some saved passwords. - Run "Clear Private Data" on iOS device. Hit "Sync now" on iOS - Open desktop device, hit sync, watch passwords disappear.
Severity: blocker → normal
What you're seeing is expected behavior. (It might still be surprising.) Clear Private Data clears all of your private data, including saved passwords. If you're syncing passwords, and you delete them all, the deletions will propagate to other devices. The alternative is that we clear your data locally, and then Sync immediately downloads it again from the server. You either want your data deleted or you don't. What do you think Clear Private Data should do? Bug 1191450 (Firefox 1.1) provides UI to choose what to clear, so you can uncheck passwords if you don't want to clear them. Bug 1162778 will involve explaining your options here: to first sign out of your account and then clear data locally, or to clear your data everywhere (and perhaps other options, too).
Summary: All passwords are gone → iOS' "Clear Private Data" option wipes all saved passwords / logins from Sync
> What do you think Clear Private Data should do? I didn't expect it to empty out passwords. I didn't expect such a powerful action to be available without detailing what the action entails. I've been using Firefox since it was released, so my expectation has been that I will be prompted to decide what to remove, and any lack of granular control should mean it's not going to overreach (until options are put in place to control this). There is just nothing in the UI that would indicate that, and I've come to expect that such a powerful action wouldn't be so freely accessible without explicit forewarning and more detail. Sure, in retrospect, it makes sense that Clear Private Data would do that, but I've also come to expect that private data is browsing history, active logins, and the cache. For as long as I can remember Firefox has provided that control over what data to clear when closing the desktop browser, for example. When asked "Clear Everything -> Are you sure you want to clear all of your data? This will also close all open tabs," there should also be some elaboration and more detail. Ultimately, I don't think a "Clear Private Data" option should be have been made available until that granular control was also made available, just like in the desktop (and I think Android) version. I'm looking forward to version 1.1.0, then, if that control was added. It's very common to clear the cache and history, but not passwords. In the end my expectations were incorrect. Though, I'm also a more technical user, so if I got trumped up by this, it's almost guaranteed less technical users will, too, until granular controls return. Firefox is new to iOS, so I look at it as the risk involved with testing new software.
Thanks for clarifying, Dane. We weren't able to implement fine-grained clearing of data on iOS 8 due to WebKit limitations, otherwise it would have been done sooner. Duping to Bug 1191450.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
OS: Mac OS X → iOS
Hardware: x86_64 → All
Resolution: --- → DUPLICATE
Minor quality of life improvement I filed, we aught to at least prompt before hitting the nuclear option (https://bugzilla.mozilla.org/show_bug.cgi?id=1209097)
See Also: → 1224756
You need to log in before you can comment on or make changes to this bug.