Closed Bug 1568357 Opened 6 years ago Closed 6 years ago

Disconnecting Sync has hard-to-parse information leading to user deleting own data

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Version:
68 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1582023

People

(Reporter: mcohen2, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Log into Firefox account. Sync is automatically enabled.
Disconnect Sync. Button choices and text in "Disconnect Sync" modal are poorly designed, leading to confusion.
Selected "Remove Firefox Sync Data Bookmarks, history, passwords, etc."
and accidentally deleted own data.

For more see:
https://www.reddit.com/r/firefox/comments/cgnz99/when_firefox_deletes_sync_data_it_deletes_your/

Actual results:

Own bookmarks, passwords etc were deleted from my browser.

Expected results:

It's very easy to read the option "Remove Firefox Sync Data" as being "Remove Firefox Sync Data from my account". People don't think of "bookmarks, history, passwords" as being a form of Firefox Sync Data.

Even if it said "Remove Firefox Sync Data from this browser" they wouldn't think of "bookmarks" as a type of "firefox sync data". To an average user "firefox sync data" is the synchronized data copy, not the source data.

Because of this mental disconnect it's not very clear that when you say "remove browser data from this computer" that "Remove Firefox Sync Data" option refers to "bookmarks on this computer"

Here's how this modal might look.

Title: "Disconnect Sync?"
Option Box [] Delete all bookmarks, history, passwords etc from this computer
Option Box [] Delete other private data from this computer (Cookies, cache...)

This clarifies the important point:
Options to delete data from the computer do not refer to "firefox sync data" but refer more plainly to actual types of data a user recognizes as living on their computer

Component: Untriaged → Sync

Thanks for bringing this to our attention, I've added :rfeeley who is the UX lead for FxA and Sync. Ryan, is there actionable work here short-term, or is this more something we can fold into the broader refactor/decoupling of Sync?

Flags: needinfo?(rfeeley)

I also want to just comment briefly on your broader point from the linked Reddit thread

Firefox asks me to log in to my Firefox account, so I do, and then it automatically starts up Firefox Sync.

This can indeed confusing/surprising, and the "broader refactor/decoupling of Sync" work I mentioned above is about trying to improve this situation so that users don't end up syncing anything unless that's what they deliberately wanted to do.

I've been following with interest Mozilla's recent attempts to monetize and I was down with the VPN idea etc, I just figured it would be a nice time to get a Mozilla account. Didn't expect what happened next.
I'd want to do a lot more research into security before entrusting Mozilla with my browsing history. :mumble mumble: private encryption key :mumble mumble:

Thanks for reading my bug report!

See Also: → 1568358

Ryan,

Was there a change to Firefox Sync to "resolve" this bug? Please see: https://www.reddit.com/r/firefox/comments/diwwqi/firefox_dev_ed_no_longer_removing_sync_data_after/

On sign out, the option to "remove sync data" check box does not pop up anymore, instead the browser just says "Firefox will disconnect from your account but won’t delete any of your browsing data on this device".

I used mozregression to see if I could find where this changed, but as far back as Firefox 60, the behavior has changed.

Unfortunately, this regresses a desired feature:

True enough, on sign out all my bookmarks and passwords are still stored in the browser! I sign in on a shared computer at work so this obviously will not suffice.

Was a change made? Is there a plan to bring back the feature that was removed?

Flags: needinfo?(rfkelly)

I believe this has changed recently with work for Firefox 71; :markh can probably point to the specific change.

Flags: needinfo?(rfkelly) → needinfo?(markh)

It breaks functionality in older versions of Firefox though, including ESR releases, where I don't think this is at all expected. I could definitely see a use case for this feature being basically required for a lab or library type environment where this breaks sync for on-the-go Firefox users. This leads to Chrome having a better story here.

Should we file a new bug to track the regression?

(In reply to Asif Youssuff from comment #6)

It breaks functionality in older versions of Firefox though, including ESR releases, where I don't think this is at all expected.

I don't think this is true - this was a simple client-side change which landed in Firefox 71 via bug 1582023. The reddit comment indicates the same - it changed when they upgraded to 71.

It's a bit of a damned-if-you-do vs damned-if-you-don't problem - as this and other feedback indicated, it causes data-loss for some users.

Should we file a new bug to track the regression?

This is not a regression, but rather a conscious decision from our UX team; there's no point filing a bug.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(rfeeley)
Flags: needinfo?(markh)
Resolution: --- → DUPLICATE

Just wanted to note that I thought that the old behavior was older than it was -- you are correct that I see it in 69 and 68. My mistake there.

I filed the original bug. To be clear it was not my intent that it should be impossible to delete your data when turning off Sync, simply that it should be harder to do so by accident.

Mark speaks the truth. Removing the ability to erase your local data was a deliberate product decision. Asking the user to delete local data when they disconnect Sync is not the right question at the right time for enough people. It turned out to be a "foot gun" for too many users, and in retrospect the feature should have gone through user testing before shipping it to begin with. Sometimes small UI changes have big consequences for some users.

(In reply to Ryan Feeley [:rfeeley] from comment #10)

Mark speaks the truth. Removing the ability to erase your local data was a deliberate product decision. Asking the user to delete local data when they disconnect Sync is not the right question at the right time for enough people. It turned out to be a "foot gun" for too many users, and in retrospect the feature should have gone through user testing before shipping it to begin with. Sometimes small UI changes have big consequences for some users.

While I understand the reasoning behind the change, I'm having trouble understanding why the functionality to delete all the browsing data had to be eliminated specifically, as opposed to doing something that requires more deliberate action by the user. Whether it be an option in Privacy and Security settings, or an additional process that can be run after disconnecting that removes all data including the saved passwords (or something else).

For some context.... I use multiple computers at my employer, and the ability to login to Firefox and bring over all my passwords and bookmarks securely to a shared computer was an amazing feature that saved me a ton of time and aggravation.
Now the problem:
Unless I'm blind (a distinct possibility) there's no way to remove all saved logins in Lockwise. I currently have over 200 saved logins and to remove them one-by-one is a tedious and time-consuming task. It's far faster to uninstall then reinstall the browser. I would appreciate it if the Devs would at least consider bringing this functionality back in some way.

"why the functionality to delete all the browsing data had to be eliminated specifically, as opposed to doing something that requires more deliberate action by the user."

As I understand it, you can always delete local browsing data through the Privacy and Security settings, no?

(In reply to mcohen2 from comment #12)

"why the functionality to delete all the browsing data had to be eliminated specifically, as opposed to doing something that requires more deliberate action by the user."

As I understand it, you can always delete local browsing data through the Privacy and Security settings, no?

Everything except the passwords, if there's a way to multi-select saved logins and delete them en masse, I can't find it. As far as i can tell, Lockwise makes you delete them one at a time, it's very tedious. If anyone knows how to clear them all out at once and can share I'd be very thankful.

Specifically regarding bulk-deletion of logins, Bug 1602887 may be a better place for focused discussion.

You need to log in before you can comment on or make changes to this bug.