Closed Bug 993240 Opened 11 years ago Closed 11 years ago

Sync data not removed from local machine when sync account is disconnected

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: devtushar23, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Steps to reproduce: Now, my issue divided into 2 phases and at the end I will point out the issue that I want to describe. Phase 1- This phase includes the first two parts of the life of any item during the sync i.e. to the cloud, and in the cloud; that how its implement in the Mozilla Firefox using sync facility. (a1). Launch Mozilla Firefox browser. (b1). Tools --> set up sync… --> create an account. Or Tools --> options --> sync --> set up Firefox sync --> create an account. (c1). Fill account details --> next. (d1). Tools --> options --> sync --> signed in as “your email id”. (e1). Tools --> options --> sync --> manage --> my recovery key --> save. Now, suppose that you are a user (teacher) who required working on more than one computer throughout the day as moving into the different classes. So now it’s the beauty of Firefox sync that we can access the synced information anywhere as going through the “phase-1” again, but as we know that we are using a computer system that we have to leave after sometime so we have to disconnect over email account from it that we will discuss in “phase-2”. Phase 2- This phase includes the third part of the life of any item during the sync i.e. from the cloud; that how its implement in the Mozilla Firefox using sync facility. (a2). Tools --> options --> sync --> unlink this device (b2). After step (a2) a message displayed- This device will no longer be associated with your Sync account. All of your personal data, both on this device and in your Sync account, will remain intact. Unlink cancel Now click on “unlink” button will disconnect your email account from Mozilla Firefox browser. (c2). Firefox --> history/bookmarks Or Tools --> options --> security --> saved passwords --> show passwords Actual results: You have seen that the information synced by that user (teacher) still in this computer, the information includes saved passwords which will be downloaded in the computer during the syncing of account. As a copy backed up into the cloud will be downloaded in this computer during the sync process and this is a major security threat in the process of sync. Expected results: Now, to resolve this issue we have two choices- (i) Either we have to delete all the history, bookmarks, settings, saved passwords, preferences etc. one by one.(which is so complex and awkward process). (ii) Or we have to provide a functionality that whenever user (teacher) leave the system a pop-up is to be display that inform the user that- The data you synced to this computer is still in the computer you want to delete them all or you can choose, what to delete using advance delete option. Yes No By which when user click on "yes" button it will delete those information otherwise select "no". This is the way how we can increase the security element of sync in mozilla- firefox.
Group: mozilla-services-security → core-security
Component: Firefox Sync: Backend → Sync
Product: Mozilla Services → Firefox
I think this is a client side report not a server side, the issue being reported is that when an account is disconnected from sync the data on the local computer is not removed. This behavior is not likely to change either, as the new firefox accounts shows this message when you go to disconnect "Firefox will stop syncing with your account, but won’t delete any of your browsing data on this computer." As such this is not a security sensitive issue as this is a known design choice.
Group: core-security
Summary: threat in security element of mozilla → Sync data not removed from local machine when sync account is disconnected
so still we have to consider that point where the client's information do exist even after the disconnection of his account so how he/she will be able to clear his/her data/informations from the client side by using the scripts.. to resolve this issue we have two choices- (i) Either we have to delete all the history, bookmarks, settings, saved passwords, preferences etc. one by one.(which is so complex and awkward process). (ii) Or we have to provide a functionality that whenever user (teacher) leave the system a pop-up is to be display that inform the user that- The data you synced to this computer is still in the computer you want to delete them all or you can choose, what to delete using advance delete option. Yes No
The current sync system intentionally does not support the "sign in/sign out" transient use case you describe. There are warnings on disconnection and on re-sign in that attempt to make this clear to users. There's no much actionable here, since this is a known behavior and not one we can easily change.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
it can be change by using "advance delete option" and it works same as the "dashboard" we are using for the selection of the items client wants synced through his account..
Flags: needinfo?
Resolution: INVALID → WORKSFORME
its a rollback operation which undo all the operations ,database ,settings of the browser same as its previous state(before syncing the data)..
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
"rolling back" would require that the sync operation keep a log of the changes it has made, which is non-trivial. If we were to embark on a project to support this use case it would be a large undertaking, and I think we're quite unlikely to do so in the near term.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago11 years ago
Flags: needinfo?
Resolution: --- → INVALID
but still its a problem on client side which must be resolved..
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
We're not going to solve it in the foreseeable future.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.