How Firefox Accounts Support Mozilla’s Mission

In the past year, we’ve spoken a lot about why having a Firefox Account helps keep you secure and in control. But we haven’t spoken as much about about how Firefox Accounts support and advance our mission.

This post, inspired by Mitchell Baker’s 2018 All Hands presentation, seeks to clearly describe exactly how Firefox Accounts support the mission and we invite you to share your questions and thoughts below.

“Mozilla’s mission calls us to engage in the world. To understand the online world, to improve it and to join with others. The exact style with which we join with others may change over time, even as the mission remains constant.”

Throughout Mozilla’s existence we have joined with others to achieve our mission in a variety of different ways. Continuously evolving, to survive, thrive and grow.

• In 1998 we joined with developers and volunteers around the world to create a different internet, one centered around open source.

• When Firefox 1.0 launched, we shifted our focus towards the consumer. We popularized the integration of search in the browser by putting a link to the internet front and center in a way that was inviting to everyone.

• In 2004 we made another radical change, we entered into a business relationship with Google, making it the default search option while staying true to our mission - refusing commercial terms that demanded exclusivity and continuing to offer pre-installed alternatives.

In 2018 we started a new conversation and began to evolve again.

“This era of putting people in the center requires more, it requires a relationship.”

We look at a technological landscape that is more complex than ever, apps, and connected devices that go far beyond the browser, and exist in a sea of data. Despite the fact that people everywhere are demanding more basic consumer protections, on the internet, people are left to navigate these complexities on their own.

We realize that who we are as Mozilla - our manifesto, our knowledge, and our independence - put us in a unique position to do more. We want to create a relationship where you are not the product. A relationship where we have your back and are your advocate by giving you tools to stay in control. Accounts make it possible for us to become a better user agent; one who truly empowers you across connected life.

“Your purchase supports Mozilla’s work.”

We also believe that today, the most direct, transparent and sustainable way to support the organization and fuel the mission is to be less reliant on our commercial search partnerships. To this end, we’re exploring diverse sources of revenue that include offering Firefox users ways that include paid services and features that both improve their experience and the Internet.

We’ll never compromise on a good, fast, free browser for everyone. Accounts make it possible for us to offer the people who can and want to support us even more deeply a direct way to do so within the context of our existing relationship. That support lets us be better user agents for everyone, and makes it possible for us to continue to fight for new and important ways to keep the web open, and accessible for all.

We’re excited about the potential of Firefox Accounts, and we hope you are too.

We want to know what you think: Please take a second to share your questions, ideas and feedback below.

Since discovering the Firefox Password manager (v 4.0) and writing my Add-on QuickPasswords I have been a fan of the firefox account. I am still using it successfully on Waterfox (unfortunately I wasn’t able to convert the extensions into a web extension) and it’s my main password manager; also syncs nicely to Waterfox on my mobile phone. I prefer this over 3rd party solutions, and wonder whether it would be possible to convert to a Wx, while using the (modeless popup dialog ) pwd manager window providing the context of current page rather than opening in a content tab?

I believe that Lockwise shouldn’t stay in Firefox code directly. It should become an official and preinstalled add-on to make it better. It also has to have its own credentials apart from Sync and handle sync password. That way it will be easier to improve it and safer than using it within an unlocked browser.

Checkout https://github.com/mozilla-lockwise

Also, on Android, to use Lockwise you have to enter fingerprint/screen unlock (independent of browser)

I`ve been trying several time to get support regarding 2FA with the Firefox Account and I did not get any reply since months.
Having no way to recover an account when you have access to the email address and Firefox account password, it is a wrong wrong decision. If one have no access to the 2FA app (reason can be multiple, like phone lost) there is no way to get his data back. The worst part is the support is totally missing. No replies => diminish trust in what Firefox was.

“To this end, we’re exploring diverse sources of revenue that include offering Firefox users ways that include paid services and features that both improve their experience and the Internet.”

Hi there, this seems quite vague. Can you tell us more what this means? Perhaps some examples?

Yes, and it’s better than continuing to put any kind of passwords management system in the browser (even if the app is released now, passwords are still available through the Firefox for Android browser). With the app, at least passwords are protected by a PIN or fingerprints. Browsers aren’t made to handle passwords securely, and this is truefor every OS. They are specialized in browsing.

Hi Darkmac,

I’m so sorry to hear about your account issues and the lack of a response from us. I’m going to PM you so we can begin looking into this.

Hey Mickfuzz,

This means finding “extras” that users could pay for, using their Firefox accounts, to directly support Firefox. For example, we’re looking at Firefox Private Network having a paid component (though we’re still designing exactly what that looks like).

Hope that helps!
Lucy

Hi, I have been engaging myself with Mozilla and Firefox since its inception and involved as a volunteer in several activities. This is a laudable initiative to protect Firefox users. Well, i have a Firefox account for several years now and since recently I am not able to sign in due to the ‘10-digit recovery code’ or security code. How to get a new list of 10-recovery code or security code. But, as for discourse I am signing in with Github 2FA. I wish to do same for signing in Firefox.
Grateful if this issue could be sorted out and ‘let me in’

Best
Sandraghassen

I have been using Firefox account for more than one year. Firefox lockwise and mentor are so helpful.
But I agree that there should be a way to recover the password in unusual accident like loosing the phone.
Lockwise is helpful for me as my passwords are with me everywhere I go and I feel it is secure because it is opened in my android using my fingerprint .
For Firefox paid services, I think it should be for banks/insurance companies /telecommunication companies /trading companies not for ordinary user.

I think, Firefox account support for Modzila can be optimized through the direct language translation feature as provided in the email.

Hi Ganesh,

If you have logged in session in another device, you can actually recover your account.

https://support.mozilla.org/en-US/kb/what-if-im-locked-out-two-step-authentication

Based on my experience supporting users on reddit and Twitter (I am certain Mozilla is aware of my work given the Mozilla gear I have received in the last year), Firefox Accounts is currently failing users in the simplest function today – sync.

Sync doesn’t work as users expect – extensions don’t sync data, and it is far too easy to lose all data on sync servers.

I think it behooves Mozilla to have a solid core in Firefox Sync to support the idea of Firefox Accounts, because otherwise, additional services just seem flaky and unsupported.

See also Firefox Notes - people are reporting that it runs out of storage space – it makes Notes basically useless as a real note taking app.

As a service backed by Accounts, it doesn’t provide a good look to the whole prospect.

I’d contribute a nominal fee too test Sync improvements that could later be introduced to mainline Firefox as part of the core of support to Accounts (but I think that this should be core functionality, as the competition has this as core).

Sorry to hear FxA and Sync are letting you down.

extensions don’t sync data

This is not quite true. Developers need to use the right APIs for their extension data to sync. But we do support it. We have for quite some time. I suggest contacting your favorite webextensions and making requests with them.

it is far too easy to lose all data on sync servers.

We agree with you on this too and we’ve been investing heavily here.

We’re moving to a more modern back-end soon for Sync to provide top reliability (we’ll be moving some users over before the end of the year).

But one thing we won’t compromise on is security and privacy. This, unfortunately, means that if users don’t have any of their devices anymore and can’t remember their passwords, we won’t be able to help them recover their data since we encrypt all of our server data with user passwords. However, so long as you still have one device left with data on it, a password reset is pretty harmless. Changing password has always been harmless (for extra clarification).

It’s for this reason, we’re making it easier to sign in, working on device pairing, encouraging users to download recovery keys and setting up secondary emails, etc. These are all things that will reduce risk of losing data. We’re actually investing a lot of effort in this right now. We continue to assess the impact of each one of these.

See also Firefox Notes

Unfortunately this is a test pilot product that never graduated but also never got killed. It’s in a weird limbo. There’s nothing the accounts team can do here though. I’ll look into it.

As a service backed by Accounts, it doesn’t provide a good look to the whole prospect.

I hope to be able to change your perspective with upcoming changes.

Best,

Fair – in all honesty, I have seen Sync being available in some WebExtensions, and I frankly don’t know how other browsers Sync this stuff - but people seem to provide feedback that they do it better. I’ll have to do some testing to get a better idea of what they mean.

I am totally fine with this and agree with the overall idea. One thing that hasn’t been clear and you could help clarify, though is whether Firefox Sync can serve as a backup of user data, or whether you need to have a device with the data present at all times.

To clarify, can I do a sync, then destroy all my devices, then log back in with the correct password and get all of my Sync data back?

I have seen many instances of people reporting that this doesn’t work, or I guess what is possible is that the new devices’ data wipes out what was on the Sync servers?

Would it be possible to keep some snapshots of data around as well in case of a bad sync? It’d be nice to be able to have some more confidence around Sync in general, and being able to roll back to some number of time limited snapshots would increase that confidence.

Of course, if a user resets their passwords, it would be fair game to remove those snapshots, but making Sync feel more like durable storage (an idea Asa mentioned to me on Twitter a few months ago) would also go a long way towards providing a feeling of value and persistence around Accounts – this is data I own that Mozilla is storing for me, and it isn’t being monetized like on Google and the like.

Great work on Firefox Accounts!

This is exactly the solution I’ve been wanting for a while. All the different logins to different Mozilla projects confused me a bit in the past. The same goes for setting up sync across browser versions and devices. And, great to see the connection with the Community Portal too.

I’m generally a big fan of decentralization, but it looks like you have found a good balance. Also, great to be able to support the Mozilla project directly through various extras. I’m sure you’ll find a great solution that continues to keep the web open and the fundamental services available to everybody. No matter your budget or location.

Pocket is a good example of this. Keeping the product free and available to everybody, still no ads or distractions, but providing the Premium plan with a few useful extras for those that wish to support the project.

Having a single sign-on to Firefox has already been a great experience from my point of view.