WingNews logo WingNews GitHub [2]
top | item 34674569

Ask HN: Is anyone successfully self-hosting Firefox Sync?

366 points| hosteur | 3 years ago | reply

I use Firefox as my primary browser, and I would absolutely love to be able to use the Firefox Sync functionality to sync bookmarks, etc. across several devices.

However, I do not want to risk storing absolutely sensitive data (browsing history, auth cookies, credentials, etc) at some third party.

Everytime this comes up in HN comments, someone says that Firefox Sync can be self-hosted. And while this was true in the older versions of Firefox, it seems to me that self-hosting is currently neither supported nor documented. And it has been like this for at least since 2020[1][2]. It seems self-hosting is not a priority for Mozilla.

Is anyone actually self-hosting Firefox Sync? If so, how do you do it? How is it working for you? Any issues to be aware of?

[1]: https://github.com/mozilla-services/syncstorage-rs/issues/681 (opened on Jun 22, 2020)

[2]: https://github.com/mozilla-services/syncstorage-rs/issues/550 (opened on May 26, 2020)

115 comments

order
[+] wasmitnetzen|3 years ago|reply
Yes, I'm running it with the mozilla/syncserver docker image[1], but still using the hosted identity service. The setup procedure is a bit fickle, the error handling on Firefox' side is quite bad, sometimes the first sync times out when you have a larger data set, and you need to manually enable each sync type to reduce the size. But once it's up and running, I don't really have any issues.

I do hope that syncstorage-rs will become usable eventually and hopefully improve performance.

Note: contrary to your post, cookies are not synced.

[1]: https://hub.docker.com/r/mozilla/syncserver

[+] heywoodlh|3 years ago|reply
What is gained from self hosting the container? Are you able to sync more data than Firefox's official Sync service? Less reliance on a third party service? Would love to understand the value-add.

Their docs[0] make it seem like little would be gained from a privacy/security perspective as it seems pretty secure/private (at least to me).

[0] https://support.mozilla.org/en-US/kb/how-firefox-sync-keeps-...

[+] boring_twenties|3 years ago|reply
Am I missing something, or does using the hosted identity service defeat the whole purpose?
[+] williamvds|3 years ago|reply
I've self-hosted the original Firefox syncserver[0] for a couple of years now. It's a now unmaintained Python 2 + gunicorn web app.

It still uses the Firefox identities service, since I haven't bothered to try setting that one up myself. That means I need a Firefox/Mozilla account even with a self-hosted sync server, which isn't ideal.

Note that Mozilla do provide a script to delete all your data from their servers[1], in case you were using Firefox sync before going self-hosted.

I originally went through the setup instructions manually. Now I've created a Nix package[2] and NixOS module for it[3], which was an adventure by itself. I can now easily reproduce the setup, which I did while migrating my webserver to a different provider.

As for why I didn't try syncstorage-rs, it's rather petty, but the old syncserver was working well for me, and it doesn't yet support SQLite.

[0] https://github.com/mozilla-services/syncserver

[1] https://github.com/mozilla-services/syncserver#removing-mozi...

[2] https://git.sr.ht/~williamvds/config/tree/master/item/nix/pk...

[3] https://git.sr.ht/~williamvds/config/tree/master/item/nix/mo...

[+] wkat4242|3 years ago|reply
The first few lines in the repo you mention illustrate the problem:

> Note that this repository is no longer being maintained. Use this at your own risk, and with the understanding that it is not being maintained, work is being done on its replacement, and that no support or assistance will be offered.

And its replacement syncserver-rs is in this forever-unfinished state so they've effectively killed self-hosting. At least from a support standpoint.

[+] kevincox|3 years ago|reply
Have you considered upstreaming the package and module to nixpkgs? It would be awesome to have those one line of config away for all nixpkgs users.
[+] pieter_mj|3 years ago|reply
>Note that Mozilla do provide a script to delete all your data from their servers[1], in case you were using Firefox sync before going self-hosted.

Note : You'll need to disable 2fa first on your account before you can delete the data.

[+] pmarreck|3 years ago|reply
I think Nix, as struggle-full as it was, was the right choice, here, although I don't see the flake.nix file
[+] Mikescher|3 years ago|reply
Shameless plug: A while ago I wrote a cli for firefox sync [1] (in my case mostly to automate some stuff when I create bookmarks).

It does not really solve your problem for browser-history/credentials etc. But as long as you use a client that you verified you can be kinda sure the data is E2E encrypted and can't be read by Mozilla.

Also on a side note: To this day the weave protocol is one of the more (needlessly) complex protocols I ever implemented and I'm still not sure what problems some of the design decisions solve...

[1] github.com/mikescher/firefox-sync-client

[+] Wicher|3 years ago|reply
This looks very useful, thanks for creating!
[+] darylfritz|3 years ago|reply
Does this have the ability to read the open tabs that are synced from all devices?
[+] arkadiyt|3 years ago|reply
> However, I do not want to risk storing absolutely sensitive data (browsing history, auth cookies, credentials, etc) at some third party.

FWIW Firefox says they do not have the capability to read your data: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

[+] gorgoiler|3 years ago|reply
Unfortunately, this isn’t really true. The party which holds your data is also the party which ships evergreen versions of the software used to decrypt that data. There’s nothing to stop the government in Firefox’s jurisdiction from bullying them into adding a backdoor. We can assume the bullying is ongoing.

I like to imagine it as having a safe deposit box provided by a local bank. I have the only key and have proven that to be the case. I also store the key at home in another safe which is regularly serviced by bank employees. While they probably don’t abuse their position in the latter to access the former, it would be completely wrong to say they do not have the capability to get at my stuff.

All that aside, I love FF sync and rely on it everyday for work stuff. It is like magic and I’m very grateful for the feature. I am realistic about the NSA’s level of interest in my work calendar and the threat they pose to my day to day life.

[+] hosteur|3 years ago|reply
> FWIW Firefox says they do not have the capability to read your data: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

The article is from 2018. Isn't this only relating to the old version of Firefox Sync - the one in which self-hosting is actually supported?

The design looks reasonable. However, my main problem with it is that putting all this extremely valuable data in one place makes it a huge target. A supply-chain attack or an implementation error in the crypto would be devastating.

[+] HPsquared|3 years ago|reply
That's also an option in Chrome, "encrypt sync data with your own sync passphrase"
[+] the_third_wave|3 years ago|reply
No, I used to host the previous version but when that stopped working (including the workarounds which kept it going for a bit longer) I ceased using it. While the sync server itself is not that much of an effort to get going, the auth server is. I do not use external auth services when I can avoid it so I chose to forego on using sync instead of creating a "Firefox account". If I ever find an easier way to get the auth server running and if I still use Firefox by that time I might start using it again but until that time it is a no-go.

To Mozilla: fire your overpaid activist CEO Mitchell Baker and use the resulting funds to hire (back) the developers she got rid of, clean up the mess, get rid of the social justice nonsense and take back your place as a browser development organisation instead of a 'colours of change' peddler.

[+] captn3m0|3 years ago|reply
I faced enough issues that I switched to the Mozilla endpoints. Problems ranged from no clear documentation for configuration, unclear resource usage, no documented method to host identity as well. My one hope was to get my data exported via SQLite for fun stuff, as an automated export. But the data format was also not well documented, so that never happened.
[+] charles_f|3 years ago|reply
I self host most of my stuff for the reasons you mentioned, and that included Sync for a few years. I never got the auth part to work so I stopped trying and just used the sync server itself.

I stopped doing that after some time, it seemed too futile. Errors are hard to debug and you're on your own, plus I was not using it for passwords or CC, so it just wasn't worth it.

[+] mbwgh|3 years ago|reply
Why does every "Ask HN" I see come with a grey text color? Is this a stylistic thing or do people take issue with people asking questions and downvote?
[+] aamargulies|3 years ago|reply
HN does this purposefully to show its preference for external content rather than self posts.
[+] fIREpOK|3 years ago|reply
HN does the same when you go through your settings and select "show hidden"... You "see" them but you dont.. The light gray goes even closer to the background color in this case.
[+] thrdbndndn|3 years ago|reply
div.toptext { color: black; }
[+] 3np|3 years ago|reply
Yes, and I went the whole mile. I wrote a couple of comments on it previously[0][1], which at least lay out the required images for a full stack. As you can see it doesn't use the newer release but it still runs fine on latest FF. Though you probably want the new version. Can't imagine it being significantly worse to get up and running now.

TLDR: If you're OK with piggybacking on them for auth, it's straightforward, easy and lightweight. If you want to be fully self-sufficient and leak no data you need to either implement a replacement for fxa (seriously this would be appreciated and maybe less effort if you're coming in fresh) or host that whole machinery of microservices - this is where the head-scratching starts and you need some dedication for it.

I encourage other people to do it, and do go to whichever is more appropriate of the Matrix room or the GitHub Issues and engage when you hit things that are out of date, unclear, or broken.

[0]: https://news.ycombinator.com/item?id=30315816

[1]: https://news.ycombinator.com/item?id=30727935

[+] Tepix|3 years ago|reply
What other self-hosted bookmark sync solutions exist that work with Firefox (and perhaps other browsers)?
[+] mackrevinack|3 years ago|reply
ive been using floccus for a few months now and its been working ok so far.

it syncs to the webdav server on my synology but there's also the option to sync it using decsync (which is sort of like a local webdav server for each device) and some other sync service like syncthing or dropbox to sync the files.

floccus has an android app or it can also be installed as a normal extension with the kiwi browser.

i tried xbrowsersync first but i had some issue when i used it with vivaldi where a new copy of my bookmarks showed up in the "deleted bookmarks" section every time a sync happened, and i couldn't see any way of fixing that either which is why i went with floccus in the end

[+] nottorp|3 years ago|reply
I've got a related question but about more restricted capabilities:

I'd like to sync just bookmarks without joining the "Firefox ecosystem" or any other ecosystem.

Is there some bookmark sync extension with a self hosted sync solution or that will just sync via a (service similar to) Dropbox folder?

Edit: syncing via a git repo would be fine for example :)

[+] yownie|3 years ago|reply
I found the lockwise app very useful for FF sync and have no idea why they shitcanned it.

I don't really understand how Mozilla continues to function at all as an org.

[+] mnoorenberghe|3 years ago|reply
The functionality is (mostly) built into Firefox now so there’s little need for a separate app. You can enable native app autofill for both Android and iOS. There are a few things that should still be done to improve the experience but it doesn’t seem like a priority now.
[+] egberts1|3 years ago|reply
Self-hosting Firefox Sync does not work with Apple iOS-based Firefox.

Simply because the URL of Firefox Sync hosting is hardcoded into the Firefox iOS app.

Hence thwarted my zeal to self-host Firefox Sync.

Heck, there is NOTHING configurable about Firefox iOS, not even an URL config:about.

[+] scns|3 years ago|reply
I read somewhere that Apple allowed other browsers on the AppStore, no more every browser is Safari with a different skin. Anyone else here who has better information?
[+] SirGiggles|3 years ago|reply
Have you tried tapping the version number (under the in-app Settings) five times? That reveals an advanced sync settings near the top iirc.
[+] cricalix|3 years ago|reply
Anecdotally, I miss the days of Netscape combined with Netscape Enterprise Server. Ran it at college, and you could log in to any Netscape browser and all your bookmarks appeared. Then NES died, Netscape became Mozilla and it all went away.

I see there are bookmark sync extensions, but only bookmarks (and I didn't check if those extensions allow self hosting).

I suppose you could always run Firefox portable from a location that was Dropbox/Nextcloud/syncthing/whatever synced. Just don't run two instances at once, or the SQLite DBs will have a bad time?

[+] mvdwoord|3 years ago|reply
I miss Xmarks... I believe it was killed off completely when lastpass was aquired by Logmein, a couple of years ago. Xmarks really hit the spot for me for syncing bookmarks. It did only that, across browsers, across machines, and because It was limited to bookmarks sync, I had no qualms about using the same account on employer provided machines.

https://en.wikipedia.org/wiki/Xmarks_Sync

[+] hosteur|3 years ago|reply
> I suppose you could always run Firefox portable from a location that was Dropbox/Nextcloud/syncthing/whatever synced. Just don't run two instances at once, or the SQLite DBs will have a bad time?

I do something to that effect. However, it does not come without problems. Running parallel instances is one of them... Also, cross platform is a problem.

[+] berndinox|3 years ago|reply
Vaultwarden for Passwordsync and Wallabag for Bookmarks.

Con: no „real“ Firefox Sync - Pro: no „real“ Firefox Sync - it works on any device with any browser, data is self-hosted

[+] NoboruWataya|3 years ago|reply
I set up Wallabag recently for this very purpose. My initial impression is that it mainly focuses on fetching and storing the content itself, rather than giving you an easy to navigate bookmark library. So it's great for, eg, saving long-form articles and blog posts, but not so good for bookmarking interactive/dynamic content.
[+] skozharinov|3 years ago|reply
I self-host syncserver in Docker, it is relatively easy to set up. The main issue is that it would not tell you that it doesn't work, instead it would silently leave a log file in your browser (about:sync-log). Once it is up and running, however, it works flawlessly. You also have to consider that syncserver is unmaintained and uses Python 2, which has long been EOL.
[+] omani|3 years ago|reply
I was thinking about doing this with my own custom setup. Im thinking of putting the folder .mozilla into a gocryptfs encrypted folder and use syncthing to sync it between devices.
[+] balu_|3 years ago|reply
unfortunately not anymore, in the early days of firefox sync back when it was called wave it was easy to selfhost. Just throw some[1] php files to a host and it worked. Then mozilla changed it to use multiple services (auth, ...) it got difficult and the documentation wasn't easy to access.

At that time i stoped selfhosting & using it :(

[1]: https://github.com/balu-/FSyncMS