Borrow This Firefox

Have you sat down at a copy of Firefox, perhaps in an Internet cafe or on a friend’s machine, and wished it had all your customizations, bookmarks, passwords, history etc.?

Wouldn’t it be cool if there was a Firefox menu item (built in, so it appeared on every Firefox) called “Borrow This Firefox”?

What it would do would be as follows:

  • Starts a new Private Browsing session (for isolation from the current config, and to avoid writing stuff to disk)
  • Opens up a Firefox Sync login UI, which you fill in with e.g. the “9 characters” data from your mobile Firefox on your phone, or just a username and password
  • Logs into Firefox Sync
  • Brands the window as “Firefox, borrowed by <name>”
  • Downloads your stuff from Firefox Sync in a sensible order (App Tabs -> Passwords -> Bookmarks -> History)
  • Lets you use the Firefox as if it were your own
  • Syncs things back to the cloud as you go along
  • Deletes all data from the machine when you close the branded window

In other words, a combination of Weave and Private Browsing lets people take their Firefox experience anywhere, even computers they don’t control or own.

20 thoughts on “Borrow This Firefox

  1. glandium: That’s the problem; if it were an extension, it would never get installed on enough machines for people to rely on it. It has to be a built-in part of Firefox. The great thing is, it just ties together existing technology so it shouldn’t be (famous last words) a big effort.

  2. gerv: It could still start as a restartless extension on FF4. People could quickly install it, and “borrow” the firefox.

    Note that I think passwords and other sensible information should not be stored on disk.

  3. Definitely useful. With Sync being built into Firefox, as it is in v4, it’s already possible to run mkdir foo && firefox -profile foo -private && rd/s/q foo for a clean temporary Firefox profile, but this would still store the bookmarks on disk if I chose to enable Sync.

  4. Yikes! Do you really want to encourage people to trust a random machine they sit down at with their Sync authentication, bookmarks, passwords, and history? We want to encourage people to follow more secure practices, not less.

    I wouldn’t trust a random machine with any information unless I would feel comfortable making that information public. When Sync eventually starts developing a sharing interface then I could perhaps understand supporting read-only access to a shared set of bookmarks. But no random machine should have access to Sync keys, passwords, history, or read/write access to bookmarks.

  5. It’s a nice idea but given how many computers are infected with malware – this is really not advisable. Giving a random computer access to all Sync data (including passwords) isn’t something I would ever do.

  6. Not quite a good idea to make it too easy to employ on random machines. When this feature gains some popularity, people start write exploits for it immediately. It’s better to use your phone for access to sites that require any login and pc computer only to browse anonymously.
    More secure would be a feature to send particular links through Sync to random computer. You set up browser on pc to accept communication with given sync account and confirm it on your firefox mobile. Later you can send query or link to your phone by sync and send links from your phone to pc browser.
    I can imagine full Sync it being useful and relatively secure for people at work, where they have limited trust to their machine, but do not wish to leave trail of their activities. But in this case it would be better to leave data on disk in encrypted form. Actually, it would be useful to enable profile encryption in Firefox at all, now master password feature can’t even protect you from grandma, because Firefox asks for password AFTER recovering pages.

  7. @sieciobywatel: That sounds *awesome*. Use my phone as a secure device that I control, but let me use that device to throw things to an untrusted system by way of Sync.

  8. I think this is great… in response to “Anonymous at April 30, 2011 7:17 PM” I think you could do with some tweaks to the sync protocol… give it a read only version?

    Love the idea… Can’t wait for an extension that would allow me to do this… maybe we could have it in Firefox 7 :D

  9. This would require changing everything to be stored in volatile memory only so that if the browser crashes then the information disappears (for a definition of “disappears” that excludes using forensics to recover information for RAM that got paged onto disk). I think private browsing should be implemented like that anyway (I don’t think Chrome stores anything on disk when incognito), so those kind of changes would be a good idea regardless of this feature.

    I would still be wary of putting so much information onto another computer. Not to mention an initial Sync takes ages and hogs the CPU. If I’m briefly borrowing another computer then there’s not much point. If I need a computer for longer then I’ve probably already got my laptop with me (although I suppose this could mean that I didn’t have to take my laptop with me as often).

    It’s definitely worth looking into though.

  10. We can combine few ideas mentioned here, and create a website which would supply an custom-made restartless extension, so by going to a specific website and authenticating with the sync key you get a sync addon which would customize the browser without the need to navigate in the browser menus to type the key and remove everything by the next browser restart.

  11. I sent an email about this exact feature to Limi a month ago. That would be awesome and a really good way to raise awareness about Sync.

  12. Dan and Pebe: If our current code is good enough for a Private Browsing Mode, it should be good enough for this. If Private Browsing needs to be better, it should be made better – but that shouldn’t stop us shipping this feature. Similar arguments apply to the CPU-hogging nature of initial sync.

    Tomer: Interesting idea. Could this really be done in a restartless extension?

    However, the security issues are more important. Fuzzyfox: Making the data read-only wouldn’t stop people stealing it! It’s true that you would need to trust the computer you were doing this on, which makes the Internet cafe scenario less likely. It’s one thing to put one or two passwords into an internet cafe machine, it’s another to give it the password which reveals _all_ your passwords… Perhaps this is a bit dangerous.

  13. Interesting idea !

    @Dan: About the first sync. maybe Sync could optionally work in some kind of degraded mode (per user choice) where the history would not be completely synced — just the latest entries. We would partially lose completion in the awesome bar, but for a “quick borrow” that sounds like a good trade-off.

  14. I strongly agree with others that such a scheme should not provide access to stored passwords, for obvious security reasons.

    Bookmarks, however, would be useful.

    Most users don’t have any bookmarks that they want to keep secret, and most of the ones who do are just trying to keep their spouses from finding out that they look at naughty pictures. I don’t think it is or should be the browser’s responsibility to prevent them from disclosing such things if they forget. I mean, if you *do* have bookmarks you want to keep private, then hey, don’t share your bookmarks with other computers, eh? It’s not that hard to figure out. The risk in such cases should be evident to the user.

    Note that a large part of the reason it’s a bad idea to include an out-of-the-box feature for accessing a sync profile containing stored passwords from an untrusted computer is because the hazards of doing so would *not* be evident to most users. People who aren’t used to thinking about security aren’t going to realize that they just gave any malware on the computer they were using access to ALL the data in their sync profile, including ALL the stored passwords, not just the ones they actually used from that computer. People who would have the brains to hesitate to log into an online bank account from a not-so-trusted friend’s computer wouldn’t necessarily be averse to using a “borrow this browser” feature to do more mundane browsing. The fact that accessing your bookmarks on a strange computer might give that computer access to your bookmarks is MUCH more straightforward.

    Plus, as I said, the overwhelming majority of users don’t have any compelling reason to keep their bookmarks private. The convenience of being able to access them from other computers far outweighs any potential problem there.

    Also, bookmarks that directly contain security-sensitive information (beyond the minor potential for embarrassment if someone sees what sites you’ve bookmarked) are rare in the extreme. There are people out there with bookmarks that point to web pages that reveal security-sensitive information, but if you have to log in to view the page it’s not a major problem, and if you don’t then the information is basically already public anyhow, whether you know it or not. (There are these things called search engines…)

    While you’re at it, the borrow-my-bookmarks scheme would be even more useful if it were supported, interoperably, by not just Firefox but other browsers as well.

  15. Relatedly, it’d be lovely to be able to get a “nine characters” key out of Firefox Home. (I infer that full-on Firefox Mobile for less fruity platforms must already support this, as it’s a prerequisite for this idea.)

    Also, the “nine characters” authentication step makes me think about the touch-to-sync feature supposedly supported by the upcoming Prē 3 and TouchPad. I remember hearing about an iPhone app that lets you just bump iPhones to swap contact details: the app running on each phone sends accelerometer info about the bump, plus location info, into the cloud, and the server sends the appropriate vCard to each phone when it sees a match. I guess the lack of accelerometers in most desktops and laptops makes this a non-starter for the initial handshake.

  16. What an outstanding post, thank you for rising this acute issue.

    Being deeply reassured that a great deal of people would discuss your perspectives, and
    I even showed your writing into a close friend of mine. And that is when the arguments
    started… We’ve got different opinions but, naturally, no matter,
    be it just something regular or genuinely important,
    should destroy a real friendship. In my humble view, which
    surely has the right to exist, the very purpose you’ve made
    cannot be questioned.

Leave a Reply

Your email address will not be published. Required fields are marked *