Comments (7)
rfk
commented on May 29, 2024
a list of devices and the time they last synced
I believe this information is available in the records in the "clients" collection, but it's encrypted.
a count of the number of items stored of each type, and the total size of your stored data.
This information is available unencrypted from the sync storage node. However, to access the sync storage node you need to authenticate to the tokenserver, and that requires you to specify a hash of the user's kB.
from fxa.
edwindotcom
commented on May 29, 2024
I'd like to see a list of all the things we could potentially display:
- last sync time-stamps
- device name
- storage size
- count of items per data type
- histogram of fetches?
- time of oldest data?
Option A: all client side work - clone about:sync-tabs and a work estimate (s/m/l) of each data type above
Option B: do this in a hosted web page https://mydevices.firefox.com and understand work estimate (s/m/l) for a high level feature breakdown.
If we had a roadmap around 'mydevices' adding revoke, delete, download data - that should steer the path we choose.
from fxa.
rfk
commented on May 29, 2024
last sync time-stamps, device name, count of items per data type
IIUC these are pretty straightforward to read out of sync.
storage size
This is available but may be expensive to read since we don't have quotas enabled in production, we'll have to check operational setup.
histogram of fetches, time of oldest data
I don't think these are surfaced in the sync data model in a useful way.
do this in a hosted web page https://mydevices.firefox.com
Let's bikeshed that a little more, I think we should avoid prolifertating top-level firefox.com domains and either do it as a sub-path or a sub-domain on accounts.firefox.com. But we've probably got a lot of ground to cover before making a final decision on that point ;-)
from fxa.
rfk
commented on May 29, 2024
Option A: all client side work - clone about:sync-tabs and a work estimate (s/m/l) of each data type above
I've no sense of how to break this down, how large it would be, or who we've got with enough bandwidth to carry out this work in the timeframe required.
Option B: do this in a hosted web page https://mydevices.firefox.com and understand work estimate
(s/m/l) for a high level feature breakdown.
The more I think about this, the less comfortable I am with trying to give kB to web content so it can display such a dashboard. We probably want to work towards that capability, but rushing it could easily be a disaster.
I think a better approach will be to add some way to opt-out of the tokenserver's X-Client-State handling, so that web content can read the sync metadata without knowing the encryption key. We'd still need to land client code in Firefox for mozilla/fxa-content-server#2662, and probably want all or most of #24 to replace the encrypted data that we can't read from the clients records. But it would be a smaller and safer set of client changes.
Without decrypting data from sync, but assuming some of #24 gets done, I think we could display:
- device names (or a generic description for devices too old to tell FxA their device name)
- The time each device refreshed its certificate (which approximates last sync time, but wouldn't account for e.g. failed syncs)
- approximate item counts for each datatype
- total storage size
That's still a lot of ground to cover, particularly if it's in addition to onboarding improvements earlier in the flow.
from fxa.
edwindotcom
commented on May 29, 2024
does this open up a security hole web content can read the sync metadata without knowing the encryption key ? But it sounds like we're only passing statistics, not the data itself.
The bigger road map looks like:
M1: growth and discovery of multi-device sync
M2: improve performance through push
M3: device management: revoke, delete, disconnect apps.
With this in mind, we should do this via web content, re-skinning about:sync-tabs doesn't get us that far on the road map. I think #24 is the right path forward.
from fxa.
rfk
commented on May 29, 2024
does this open up a security hole web content can read the sync metadata without
knowing the encryption key ?
You would still need to be able to authenticate as the user in order to read their sync data.
from fxa.
rfk
commented on May 29, 2024
I'm going to close this out, I don't think it adds any value on top of the user-stories that have been exported from aha.
from fxa.
Related Issues (20)
- English string "Or download" displayed in Danish Firefox Accounts HOT 1
- Update enabled locales list to include Friulian (fur) HOT 1
- The user is not redirected back to AMO after reset password
- "Device Connected" page, the text on the button becomes unreadable blue-text-on-blue-background when clicked ("See tabs from synced devices") due to insufficient contrast HOT 6
- Cannot unsubscribe from Firefox Account Tips HOT 4
- Readme and documentation needs to use updated "Mozilla accounts" branding HOT 4
- Avatar is clipped on subscriptions page, due to explicit `w-16 h-16` classes HOT 4
- Subscription management page uses CSS file with broken/out-of-date source map HOT 1
- Layout shift after you open Bento Menu at top right of Mozilla Accounts page HOT 5
- The Sync sign-in success page just says "Sign in to this Firefox to complete set-up" without any other context (if you're not signed in) HOT 3
- The column of time/datestamps need a label/title to clarify their meaning, in the Connected Services section of settings
- On the "Approval now required" card at the end of the firefox.com/pair flow, the "from your other device" text is styled to be extra-small, despite being fairly-important HOT 1
- No graphic on on the "Approval now required" card at the end of the firefox.com/pair flow, HOT 2
- If the firefox.com/pair process times out and reaches "Pairing not successful", the user should be able to restart the pairing process with an offered button or link, or a reload HOT 2
- (l10n) - Duplicate string IDs
- Research @nx/playwright HOT 1
- accounts.firefox.com sends two HSTS headers HOT 5
- fxa-auth-server mock statsd lacks of function histogram
- (l10n) productPaymentCycleNew and productPaymentCycleOld are hard-coded to English
- While subscriptions.firefox.com is loading, it shows a zero-height empty "card" while the loading throbber/spinner is still animating HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fxa.