"Firefox Cloud Services Privacy Notice" makes no mention of encryption

RESOLVED FIXED

Status

Cloud Services
Server: Firefox Accounts
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: markh, Assigned: adavis)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
Reported via sumo at https://input.mozilla.org/en-US/dashboard/response/5951410

https://www.mozilla.org/en-US/privacy/firefox-cloud/ mentions under "Things you should know" that "If you use Sync, we receive a variety of information to synchronize your tabs, awesome bar, passwords, bookmarks, browser preferences and other data across devices."

A casual reader may conclude that the Sync server receives your passwords and bookmarks in a readable form, whereas they are encrypted and not readable by the server. I think the privacy notice should make some (possibly vague) reference to the data being encrypted.
I'll be honest, I don't have a good handle on who owns those legal docs; :ckarlof to whom should we escalate this concern?
Flags: needinfo?(ckarlof)
Adding Alex as this seems like a great product-level question :-)
Flags: needinfo?(ckarlof)
(Assignee)

Comment 3

2 years ago
Sure, I'll look into this.
(Assignee)

Updated

2 years ago
Assignee: nobody → adavis
(Assignee)

Comment 4

2 years ago
I have a scheduled meeting with legal on July 20th.
(Assignee)

Comment 5

2 years ago
Legal is looking into this. They have other privacy policy changes to make soon so they will include this in their update.
(Assignee)

Comment 6

2 years ago
Since it is now on the legal teams to-do for our team and that it will go out with their next policy update, I will close this bug.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
(Reporter)

Comment 7

2 years ago
I think we should keep this open until it actually changes.
Assignee: adavis → nobody
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Updated

2 years ago
Assignee: nobody → adavis
The new text at [1] reads:

"""
If you enable Sync, we receive, in encrypted format, the data that you sync across devices (which may include Firefox tabs, add-ons, passwords, bookmarks, history, and preferences). While this cannot be decrypted by us, you should use a strong password to prevent unauthorized access to your synced data. We also store information about your device operating system and Firefox version to show you which devices are synced to your account.
"""

Which I think makes it much clearer!

[1] https://accounts.firefox.com/legal/privacy
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.