Follow

Mozilla brought out a password app called Lockbox, which lets you fetch the stored logins from your Desktop Firefox.

- A 41 mb kludge about the size of Firefox for Android

- No, you can't enter logins, read only

- Adjust tracker included, who wants privacy

And last not least, it's always good to have all of your logins on a Server in the web. Sooner or later, somebody will love that.

IMHO, use Keepass2Android or KeepassDX, but not this crap.

snarky xD 

@rudolf
Well it has to be 41 mb and kludgey, otherwise people might find where they nsa's code is before becoming exasperated and throwing it out the window!

@CaptainStack The tracker tracks what you do and sends this info to a mobile marketing company calked adjust.
adjust.com/

@rudolf Hm that sounds unlike Mozilla. How do you know the tracker is in Lockbox?

@CaptainStack Firefox from Playstore had zwo traclers BTW. Fiirefox from Fdroid, called Fennec there, doesn't have them.

Use Classyshark from Fdroid to see what trackers are in an app, or look at exodus in a few days.

reports.exodus-privacy.eu.org/

@rudolf if it's based on the same protocol as Firefox Sync, then everything is encrypted clientside and the server does not learn the passwords.

@Wolf480pl I didn't say the logins a readily readable, but those leaks do happen, even though it was not expected. I simply won't take this risk.

@rudolf looks like that was because LastPass is a website, and even if you use the browser extension, the website still takes part in the process.

I think Firefox Sync is much better isolated from websites you open (Lockbox certainly is as it's a standalone app), but I can nothing to back that.

@Wolf480pl The keyword is unexpected. If I could predict these, I'ld be real rich.
Remember all the crypto stuff, like WEP, TLS 1.0, etc. which used to be safe once upon a time, until someone proved otherwise.
If others don't have my encrypted logins, they can't crack them.

@rudolf well yeah but then how do you sync your keepass store between devices?

Well there probably are ways to do this such that it never leaves your LAN. And depending on your requirements and threat model, that may be the best option.

@rudolf 'pass' is very comfy too. Syncs well to Android with Password Store.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.