Open Bug 881177 Opened 8 years ago Updated 5 months ago

Firefox Sync: remote wipe

Categories

(Firefox :: Sync, enhancement, P3)

enhancement

Tracking

()

UNCONFIRMED

People

(Reporter: mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 (Beta/Release)
Build ID: 20130512194354

Steps to reproduce:

I Stored passwords in the Password Manager with a weak Masterpassword. those data were synced with my Android Tablet which had no Masterpassword (luckily it had a lock screen password).


Actual results:

Now that device got stolen and the thief could read my stored passwords (if it gets past the Lockscreen).

I tried to delete all passwords locally and sync this to the other device, but that didn't work either, cause there is another bug: https://bugzilla.mozilla.org/show_bug.cgi?id=881175


Expected results:

I would like to be able to delete the synced data and ban that stolen device from the sync process after the passwords on the device are deleted.


Instead my only chance is to change the google-account password and hope it wasn't too much of a hacker that stole the device
See Also: → 881175
In the support forum, there is suggested to change all your passwords after deleting the sync data: http://support.mozilla.org/en-US/kb/disable-firefox-sync-lost-phone-or-tablet?esab=a&s=stolen+sync+data&r=5&as=s

Which surely is the safest method, but that is no solution, if you had hundredths of (mostly quite unimportant) passwords stored.

This idea came when I thought about a solution here: http://superuser.com/questions/605638/how-do-i-ban-a-device-from-firefox-sync
If you change your Sync credentials, you'll be unable to send any commands to the device.

You could send a wipeRemote command to the other device, but there is no UI for doing so, and you are dependent on the other device syncing. This requires some expertise; if you wish to pursue this route, please ping me on irc.mozilla.org #sync.

The best solution is to use one of the existing Android remote wipe tools, in conjunction with encrypted storage and a PIN or pattern lock screen.
Severity: normal → enhancement
Component: Untriaged → Firefox Sync: Cross-client
OS: Linux → All
Product: Firefox → Mozilla Services
Hardware: x86_64 → All
See Also: 881175
Summary: Firefox Sync: possibility to delete stored Data on the other devices → Firefox Sync: remote wipe
Version: 21 Branch → unspecified
Component: Firefox Sync: Cross-client → Sync
Product: Cloud Services → Firefox

+:m_and_m, may be some interesting food-for-thought here for new password manager experiences?

Priority: -- → P3

FYI, there is a decent amount of interest in this feature, with 20 votes on reddit: https://www.reddit.com/r/firefox/comments/dx10yv/firefox_lockwise_question/

+1 on this.

I'd love to be given an option to remotely wipe all synced data. That means passwords, bookmarks, history, everything!

The stickied comment in the Reddit page (https://www.reddit.com/r/firefox/comments/dx10yv/firefox_lockwise_question/f7n1ax2/) suggests voting on this bugzilla bug. Can we even vote on bugs here?

(In reply to J. Bumblebee Extraordinaire from comment #6)

The stickied comment in the Reddit page (https://www.reddit.com/r/firefox/comments/dx10yv/firefox_lockwise_question/f7n1ax2/) suggests voting on this bugzilla bug. Can we even vote on bugs here?

You can vote by expanding the "Details" panel. However, as stated on https://wiki.mozilla.org/BMO/UserGuide/BugFields#votes
"Some bugs can be voted for, and you can limit your search to bugs with more than a certain number of votes. Votes are not used by Mozilla developers to set priorities." (Emphasis mine)

You need to log in before you can comment on or make changes to this bug.