In response to a number of users who have expressed concerns about our privacy policy, we have produced a new revision of the policy, providing further explication and chopping out parts of the policy that some users found onerous. The new privacy policy can be found here, and there's even a nifty table that summarizes the changes.
The policy will likely continue to evolve, but we hope you find these changes to be a step in the right direction. Please let us know what you think.
Bravo! The new policy is perfectly acceptable, and I will be reactivating my account. Thank you again for your responsiveness and attention to user concerns.
ReplyDelete[...] Users who are concerned about privacy: please see http://blog.foxcloud.com/?p=38 for more information. [...]
ReplyDelete[...] Rating: [0 votes] Hits: 1Install Now (124.44 KB) View screenshots (2)Developer CommentsWe do not do tech support through this website.If you have questions or comments or need help, visit us at our own website, http://www.foxmarks.com/.Users who are concerned about privacy: please see http://blog.foxcloud.com/?p=38 for more information.OverviewIf you use Firefox on more than one computer, you'll want Foxmarks. Install Foxmarks on each computer, and it will work silently in the background to keep your bookmarks synchronized. As a bonus, log in to my.foxcloud.com from any computer anywhere to access your bookmarks.A simple wizard guides you through the startup process. After that, just forget about it. It's simple and solid. [...]
ReplyDelete[...] Rating: [0 votes] Hits: 0Install Now (131.63 KB)Developer CommentsWe do not do tech support through this website.If you have questions or comments or need help, visit us at our own website, http://www.foxmarks.com/.Users who are concerned about privacy: please see http://blog.foxcloud.com/?p=38 for more information.OverviewIf you use Firefox on more than one computer, you'll want Foxmarks. Install Foxmarks on each computer, and it will work silently in the background to keep your bookmarks synchronized. As a bonus, log in to my.foxcloud.com from any computer anywhere to access your bookmarks.A simple wizard guides you through the startup process. After that, just forget about it. It's simple and solid. [...]
ReplyDeleteFeature Request:
ReplyDeleteLove Foxmarks!
Need ability to have multiple Sets of Bookmarks.
IE: one for Work Computers versus one for Home Computers - Very different sets of bookmarks.
I like the idea of Foxmarks, but i should be possible to define which bookmarks you want to share. i.e.: I may have a set of bookmarks I want to share between home and work, but other bookmarks I want to keep only at work (or at home). Foxmarks should merge the defined set, and leave alone the "private" bookmarks.
ReplyDeleteThanx!
on different sets of marks;
ReplyDeletedon't know if 'naked' firefox can handle multiple bookmark-sets
- if not, then get a bookmark-manager add-on which may be
able to do it, if such exists.
The idea of 'staged' bookmarks sounds really good. Everything could default to an 'open' set. Subfolders could be set to only show up with a different password on firefox login. You could support multiple password/folder combinations.
ReplyDeleteAdmin Password
I am still worried about privacy. When installing the plugin, full name is asked. Username and password would be enough, maybe also e-mail for recovering a lost password. Why is full name asked, and what is it used for?
ReplyDeleteIn your privacy statement says:
"We may disclose information to fulfill certain legal and regulatory requirements or if we believe, in good faith, that such disclosure is legally required or necessary to protect others’ rights"
This doesn't look promising. How can the user be sure that his bookmarks in together his full name and e-mail address are not given to FBI, NSA, MPAA, RIAA or other similar organizations?
You also have:
"We may analyze in aggregate the bookmarks of all users in order to deliver services of interest to other users."
Please note that some links may be really private, and not meant to be viewed by any other people or organizations. For example, a link in the bookmarks could have a form ftp://user:password@somesite. This kind of link really can't be used or listed anywhere.
@Worried About Privacy:
ReplyDelete> Why is full name asked, and what is it used for?
This is actually a hold-over from the server we borrowed when we launched Foxmarks. We don't need your full name and don't use it for anything.
> In your privacy statement says:
> “We may disclose information to fulfill certain legal and regulatory requirements or if we believe, in good faith, that such disclosure is legally required or necessary to protect others’ rights”
> This doesn’t look promising. How can the user be sure that his bookmarks in together his full name and e-mail address are not given to FBI, NSA, MPAA, RIAA or other similar organizations?
Is there an alternative that you would have us implement for a service that is open to all comers?
> “We may analyze in aggregate the bookmarks of all users in order to deliver services of interest to other users.”
> Please note that some links may be really private, and not meant to be viewed by any other people or organizations. For example, a link in the bookmarks could have a form ftp://user:password@somesite. This kind of link really can’t be used or listed anywhere.
Noted. We don't do anything with bookmarks of this form.
-Todd
@Worried About Privacy & Todd:
ReplyDeleteI too am worried by this provision:
"We may disclose information to fulfill certain legal and regulatory requirements or if we believe, in good faith, that such disclosure is legally required or necessary to protect others’ rights or to prevent harm. "
I find this provision entirely too vague, and it has a chilling effect on the user's ability to feel secure in sharing their information with your service, largely due to the absence of "direct" preceding "harm" -- although there are much stronger ways in which this could be rephrased to better protect users' rights. Regardless, the simple addition of "direct" preceding "harm" would go a long way in adding users' rights, although the statement could still be considerably strengthened (by limiting information sharing to only that which is required by law). If you really and truly believe that you are going to prevent a murder, kidnapping, child rape, etc, by sharing personal information, why not just breach your privacy agreement to do so in these precise and specific circumstances, because you are already required to lest you be considered an accomplice before the fact, due to your failure to share such information with law enforcement authorities? The way your policy currently reads gives you far too much discretion to share a much broader array of information and harms the civil liberties of your users.
How does your policy apply to knowledge of "victimless crimes" such as prostitution or drug use? Let alone the less contentious examples of political dissent when your service is used in countries who have weak protections of such activity.
Without (at very least) "direct" in there, the provision is so vague that almost anything could be considered possibly harmful to another person. I could view myself as psychologically harmed by someone else's bookmarking of teletubbies sites -- due to the way your agreement currently reads, and if you "in good faith" agreed with me, it would give you the right to breach said user's confidentiality and share information about this user and their other behavior with me.
@Ashley Newton:
ReplyDeleteThanks for your comments. We do take our users' input about privacy seriously; it was just this kind of user comment that led us to revamp our privacy policy last summer after we released the (admittedly careless) initial version. We review user comments periodically, and will certainly take yours into consideration for our next tweaking of the policy.
In the meantime, you are welcome to use Foxmarks with your own server, which would avert these issues entirely.
-Todd
@Todd:
ReplyDeleteThank you for your response. I will say I do like the revisions you have implemented in your privacy policy and do hope my comments with be including in your next revision review.
Regardless, I would love to use foxmarks with my own server -- would I still set up an account through your setup wizard, or do I have to do something else, etc?
@Todd, et al.:
ReplyDeleteLike Ashley Newton, I welcome the ability to setup my own server. Unfortunately, you did not respond to her last post of March 23rd, 2007 at 2:27 pm.
I will search your site for the information. However, it would be nice if you either answered in this forum or placed a link here for the location of that information.
Thank you!
@Todd, et al.:
ReplyDeleteI found the link, "Foxmarks: Using Your Own Server," at http://www.foxcloud.com/wiki/Foxmarks:_Using_Your_Own_Server. Unfortunately, this does not appear to be a simple matter for most folks!
More information is available at Lifehacker.com, including setting up our own Web, DNS, and FTP servers. Start with at "Home Server: How to set up a home FTP server - Lifehacker," http://lifehacker.com/software/home-server/how-to-set-up-a-home-ftp-server-130806.php
Your Privacy Policy says:
ReplyDelete"Disclosure of Information
"We may disclose information to fulfill certain legal and regulatory requirements or if we believe, in good faith, that such disclosure is legally required or necessary to protect others’ rights or to prevent harm."
I would be more comfortable -- by orders of magnitude -- if it used language along the lines of:
"Disclosure of Information
"We will only disclose information under final order of a Court of competent jurisdiction."
In my view you should not need a privacy policy about the bookmarks, though you need one about the other data. That's because you should not store the bookmarks on your server. You should store an encrypted blob which can only be decrypted using the user's password, which you don't have, and is in fact not ever sent to your server.
ReplyDeleteThe plugin would connect to your server, and fetch encrypted blobs that were encrypted by other copies of the plugin with deltas to the bookmarks file. Or fetch the most recent copy of the bookmark file (encrypted) and decrypt it locally. The password again, would never be sent to your site, you would not even know what it is.
In this state, your privacy policy becomes "We can't access your bookmarks. If you select a poor password it's possible we could crack it but we won't try." Simple and solid.
(For true security, you can also use a truly uncrackable encryption key which is stored on each machine, but which the user must physically move from machine to machine via an independent channel like an email box, or usb key or whatever they trust.)
Now, if I want to log onto your web site to access my bookmarks, then I would have to give you the password to see them, and then you could have a privacy policy that declares you forget the password after the session is over, and never reveal it to anybody.
That's a real privacy policy -- a policy that guarantees privacy with mathematics, rather than contacts.
So why don't you do this?
I'm interested to note the comments on this forum regarding privacy! In fact I was checking out firefox bookmarks to see if it was possible to actually find an online bookmark manager that takes peoples privacy seriously.
ReplyDeleteLets take simple bookmarks for example. Most people don't give a second thought to this but lets take for a minute supposing I close my account and the server administrators keep my IP number and keep that information indefinately? Now suppose I happen to be a doctor, and perhaps I have got a medical condition such as aids, and my bookmarks show that I look at alot of gay contact websites or that I look at aids related websites, now imagine if for whatever reason that company was ordered by some authority eg. court warrant due to some case against me in court (Civil case from a patient or client even) now it would be quite easy and it is quite probable that all my bookmarks would be accessed due to my IP number, now suppose I had also got on my list of bookmarks visits to viagra suppliers, hair regrowth formulas, can you imagine how personal these are, and can you imagine for a minute how hurt, and humiliated I would be.
For any of you who think this is beyond possibility just google, "legal cases online browsing, used as evidence, search engine history ordered" or similar and you will see that in all countries and in all walks of life what you do on the internet is watched and used against you in all spheres of activity.
So yes, I want to know what happens to my bookmarks, my IP history etc after I close my account.
I live in the UK, the UK is the most heavily watched country in the world, a head of a major police force (Equivalent to cheif of police of a state) was recently quoted as saying "We are in danger of having a true George Orwell 1984".
In the USA apparantly I understand that the authorities can even quite legally and quite properly track the library books that you take out of the library, so if I am a young man serving in the military and I go to the local library and checkout "How to come out of the closet" it means the authorities have the legal right to use that against me if they so desire.
The problem is that people do not realise the extent to how all of us are tracked and tagged, the problem is "the potential for this data to be misused" my personal concerns are not majorly from my Government who I generally trust, but it is the private sector, I mean who has access to this data? Anybody can get hold of it.
So could someone tell me what you guys do with all customer related information after he or she closes his or her account.
Thankyou and your positive response to the other posters does seem very encouraging.
Best Regards
James
I still don't understand why companies including Foxmarks have to make their privacy policy so vague and abstract. Here is what I call a very good, open and honest policy. This is from a large, well respected online bookmark service. I'll not mention their name as I don't want to give reason for this to be removed.
ReplyDeleteHere is an example of an "excellent privacy policy" and a policy that I ask Foxmarks "Why don't you give your users the same care and regard for privacy that this other company does"
As a potential foxmarks user I must say after reading your privacy policy and after realizing you store users IP addresses permanently (or so I am led to believe) why can't you just produce something similar?
1 in 7 users of the internet has some kind of problem to do with misuse of their private and personal information. Why should you want to store personal information of your users? The simple act of storing information is a security breach in itself.
If your users/readers read and compared your privacy policy with Spurls what will they say? I personally prefer Spurls and I would ask you to please follow their fine example of how to respect peoples privacy in a proper way. That simply means just let people use your service as if they are using a public telephone. There are millions of public telephones in the United States, and every time someone makes a phone call, there is no record which can personally identify someone like a car registration or something simlar in the way that an IP address does.
Privacy policy
Spurl.net takes great care to NOT collect or store ANY personal information about its individual users. Spurl.net does not store users real names or street addresses. Providing us with an email address is optional but not obligatory.
Users should not enter their name or other personal details into their database if they want to remain anonymous, since this data is shared with other Spurl.net users. The pages and links stored by Spurl.net users are made accessible to all other Spurl.net users through tools like hot-list, just-in, recommendations and other tools. Spurl.net users can, however, not see which user entered any particular page or link into the database.
Users can use the Tell-A-Friend button to tell their friends about Spurl.net. The button invokes the users default e-mail program with a standard invitation letter. Spurl.net does not ask for the receivers e-mail address and will NOT know where that e-mail is sent.
Spurl.net uses cookies to allow the user quick access to his data. There is no personal information in the cookie. It simply allows Spurl.net to recognise the user and save him the trouble of logging in each time he accesses his data.
Spurl.net has no plans to start collecting or storing personal information. Spurl.net may analyze trends in the aggregated database to understand the usage of its users as a whole but Spurl.net will not study the data collection trends of individual users.
If there is a change in this privacy policy,.net users will be notified in advance.
For more information and comments feel free to contact us at: info
Testing Testing!
ReplyDeleteI can't seem to get the blog to work properly. Is there some kind of problem with it?
I'd pay for a portable program that lived on a thumbdrive and let me store multiple bookmark files on the thumbdrive...
ReplyDeleteI'd like a program that let me keep a unified set of bookmark files... the files would be named... I'd use "home", "work", "laptop" and "common" bookmarks filenames, but the names could be anything.
"Bob" "carol, "Ted" "alice", whatever...
Ideally, it could handle either IE or Firefox (the work computer is IE, my home and laptop computers are firefox). So it would need to be able to read and write both formats, and translate between them.
Or to open a bookmarks file, allow double clicking on a bookmark and going there - no matter if the current browser is IE or FF...
I'd be able to open two at once and move bookmarks between them.
I don't like having my bookmarks file on a system or medium that I don't control, so I'd opt-out of my.foxmarks.com
The department I work for has login policies in place that force me to use IE at work, and I've not been able to find a really good way to manage bookmark files that understands both formats, lives on a thumb drive, and syncs the current browser to the thumb drive.
I ran across a mention of Foxmarks while looking for a replacement for Google Browersync because of the massive logs, and looked through the comments on the privacy policy here.
ReplyDeleteAs anyone who is a sysadmin (I was), in the security industry (I am), or just maintaining a proper level of paranoia about security (I do ) can tell you, if you have any really private bookmarks that could cause public embarrassment, legal liability, prosecution, loss of job/spouse/friends, etc., if they were to become knowledge of either the public, the RIAA, the police (someone mentioned "victimless crimes" like prostitution or drug use), then you should definitely *not* be using Foxmarks or any similar service. If you bookmarks could get you in trouble, and you store those bookmarks on public service or server, you're making a really big mistake.
I'm sure the people who run Foxmarks are fine, upstanding people, and I think their privacy policy is excellent. However, if they are given a subpoena for your records, they have to turn them over and not tell you they did it. Period. That's what the law requires. I'm sure they also keep their servers and do everything they can to maintain proper security. However, if in spite of their best efforts and best practices, someone should someday break in anyway, that person is not bound by any privacy policy and can take all of your information and use it any way he/she chooses. Give it to RIAA. Tell law enforcement about it. Blackmail you with it.
Viruses aimed at turning a PC into a spambot routinely plunder its address books. There's no reason why malware couldn't also plunder your bookmarks for fun and profit and identity theft (or worse). Why bookmarks? Identity thieves build profiles on victims from as many sources as they can. I'm in email security, and I can tell you that a lot of phishing mail is at least semi-targeted and much of it is very highly targeted. The right bookmarks could help them put a little more of the puzzle together.
The bottom line is, if you have bookmarks that would put you in a compromising position if they were known to others, don't put them on any publicly accessible server. If you must move them between computers, snearkernet them on a thumb drive. Better still, memorize them or write them down on a piece of paper. If disclosure of some of your bookmarks could really get you in trouble, they should not be bookmarked at all.
This is not to discourage anyone with "normal" bookmarks from using Foxmarks, of course. I'm going to install it and use it myself
Dear madam/sir,
ReplyDeleteI'm not happy with several aspects of your privacy policy and therefore will regretably not not use foxmarks, even though it would be of great benefit to me.
It appears that you collect information cumulatively on usage of your facilities. There is no suggestion that information would be regularly purged after a given time period: the only way to achieve this is to request to be deleted and then to set up a new account again later. However, I do not have confidence even in the policy on this (see below)
In particular the disclosure statement is still problematic: Nowhere is detailed under the rules of which jurisdiction or jurisdictions disclosure might take place. This means that you could operate according to the principle of the "least common denominator" -- let us say the Chinese Government would approach you concerning a user in Tibet, according to this agreement you would feel obliged to release any information about that user. The legal restrictions on information disclosure in the European Union (where I am resident) are a lot more stringent than they are in the USA. As a user, only one breach nullifies the effectiveness of these more stringent rules. Therefore you should offer to adhere to this more stringent standard (and there may be procedures to be recognised or certified as doing so) and to say that this is not available to non-residents of the EU in which case the law of xxx applies (I take it that you are based in the USA, but this is nowhere stated).
Furthermore, th statement under "Choice" that on receiving a request to delete an account that you will "remove its associated information from our system as quickly as possible." Is not adequate on two counts.
It should state "to remove ALL associated information" and moreover, immediately or "within period x". "As soon as possible, means, when there is a legal requirement to keep information for, say, 10 years, then in 10 years time time. This is not acceptable.
Yours,
potential user
It's very intersting to read this page. Really. It's amazing to see how paranoid humans can be. Guys, you are free to use this very good service (which I do, and i like it), or not. If you don't agree with the policy, so what? Just do not use it. From my point of view, I do not see a problem. Even if the people at foxmarks sends every of my bookmarks to the FBI (or another organisation), I do not have a problem. Because I'm not doing anything illegal. I think, just the users who doing ilegal things worries about such peanuts. But that are just my two cents...
ReplyDeleteIn response to Thomas above, who I do hope checks back. His cliched response to concerns over privacy issues - "I've got nothing to hide, I'm not doing anything illegal" - entirely misses the point of the the privacy concerns. This essay by Daniel J. Solove, a law professor at George Washington School of Law, can clarify that point. (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565)
ReplyDeleteSince I'm going to go out on a limb here and guess you receive a lot of your information about privacy in the United States from Fox News or daily opinion pieces, I realize that a 20+ page essay might be beyond your capacity. I'll quote in brief:
--
It is time to return to the “nothing to hide” argument. The reasoning of
this argument is that when it comes to government surveillance or use of
personal data, there is no privacy violation if a person has nothing sensitive,
embarrassing, or illegal to conceal. Criminals involved in illicit activities have
something to fear, but for the vast majority of people, their activities are not
illegal or embarrassing.
Understanding privacy as I have set forth reveals the flaw of the “nothing
to hide” argument at its roots. Many commentators who respond to the
argument attempt a direct refutation by trying to point to things that people
would want to hide. But the problem with the nothing to hide argument is with
its underlying assumption that privacy is about hiding bad things. Agreeing
with this assumption concedes far too much ground and leads to an
unproductive discussion of information people would likely want or not want
to hide. As Bruce Schneier aptly notes, the “nothing to hide” argument stems
from a faulty “premise that privacy is about hiding a wrong.”
The deeper problem with the “nothing to hide” argument is that it
myopically views privacy as a form of concealment or secrecy. But
understanding privacy as a plurality of related problems demonstrates that
concealment of bad things is just one among many problems caused by
government programs such as the NSA surveillance and data mining. In terms
of the categories in my taxonomy, several problems are implicated.
The NSA programs involve problems of information collection,
specifically the category of “surveillance” in the taxonomy. Wiretapping
involves audio surveillance of people’s conversations. Data mining often
begins with the collection of personal information, usually from various third
parties that possess people’s data. Under current Supreme Court Fourth
Amendment jurisprudence, when the government gathers data from third
parties, there is no Fourth Amendment protection because people lack a
“reasonable expectation of privacy” in information exposed to others.
--
That, Thomas, is where Foxmarks comes in.
I'd like to second Brad Templeton's suggestion. The "encrypted blobs" approach would make (most) privacy issues totally moot.
ReplyDeleteI recently started using Foxmarks. At first I was a delighted user. I now fear I was a bit hasty. I jumped into using it based on what were some glowing reviews and high recommendations in the Firefox community and Foxmarks' appealing basic function. As such, I assumed security and privacy were well covered. As I further evaluate its approaches to and more, priority for, privacy and security, my concern grows.
ReplyDeleteWhile added user functions (many good suggestions are in the various fora...more will come) are great, if security and privacy are not covered, these are moot. The existing function is already very useful to thousands of users. I would like many of the suggested functional improvements others have mentioned.....but ...for me, and maybe many others if they really looked closely, security and privacy would get some more immediate emphasis. One serious incident can do a lot of damage. There have been some good suggestions on how to begin to address these so it seems there are users who would contribute their input if needed.
I also am concerned that it looks like I can't stop using it now and erase my tracks. I assumed (yes I know about assume) a programmed 'remove/reset me' function.
Call me paranoid if you like but I have spent many years in the technology business and understand what can be done by both creative developers and creative thieves.
Thanks for all the work that has been done....
I am grateful for the discussion here.
ReplyDeleteIt reminds me that privacy is something I should protect even though I don't think I have anything to hide. I don't know what info in my bookmarks might be useful to someone whom I'd rather didn't have that info. It seems some awful things can happen to me just because I shared some bookmarks online.
Do the benefits of using this service outweigh that risk? I'd never know until it was too late. Maybe a bookmark about unions would keep an employer from hiring me.
Since I can't weigh the risk, it seems logical for me to just stop using foxmarks. Thanks, anyway, but I'd rather not share my bookmarks.
@Jim Z:
ReplyDeleteYou can actually delete your Foxmarks account--and all associated information--at any time by visiting http://login.foxmarks.com/account and selecting the proper link.
I'm the first to admit that I'm quite a bit paranoid. I even agree that probably quite needlessly too, since nothing much about me absolutely really needs to stay secret. Still, it's a matter of principle for me and also about me being a very private person: I would never seriously consider storing any information that came in any meaningful contact with me, outside my physical reach, particularly within other's reach. Certainly not on anybody's server - no offense... Not because I would actually suspect any bad intentions / unpleasant consequences, but because I know I would be powerless to prevent them should they ever occur. As astronomers like to say about killer meteorite hits: it's not if, it's when it'll happen.
ReplyDeleteActually, like most people on the internet i guess, I do keep a real-life net-identity that NEEDS to be accurate (for payments, deliveries, reservations, transactions etc.) with my real name address and all, and one (or more) non-real net-identities (mail included), that NEVER contain anything remotely traceable to me. Many times even having just one of the latter is not enough to keep thing separate. My data on the left here is of the latter variety . Anything remotely resembling a bookmark that I use definitely belongs in the former category.
That is why I could never use your server no matter how user-friendly you policy is, or, for that matter, why I would never consider using google docs for anything remotely serious; well, for anything at all, (too-) much of the time. Encryption might change that, of course, assuming I would trust that encryption to be well and truly unbreakable by anyone with any realistic amount of resources in the foreseeable future. Frankly, I would be hard-pressed to confidently name such an encryption scheme, right now.
Now as foolish as all that does sound, the sheer amount of contributions right here suggests that I'm far from being alone with those concerns, event though I'm 99% sure neither me nor any of these people actually have anything really worth hiding / protecting. It's human nature, I guess. Conclusion for you guys? Host nothing (you optionally allow that already); what you host, never be able to look at: encrypt (as has been suggested).
Let me end it on a fitting note with a joke (?) about the 5 rules of communism:
- don't ever think;
- if you do think, at least don't talk;
- if you do talk, at least don't write;
- if you do write, at least don't sign it;
- if you did sign it, well, don't be surprised... ;)
kNOW, I think I'll want to back out of this subscription,
ReplyDeletethe last thing I want is someone perchance creating a profile of me based on the profile of sites I bookmarked.
An excellent idea but potentially subject to abuse, not necessarily by Foxmarks but my those even Foxmarks may be helpless against. Think "Telephone Companies", "ISP Providers" and I am not talking of China here.
Now, if we consider China and the Google - Yahoo debacle there is another bag of worms, but I do not live in their jurisdiction.
I third Brad's suggestion for encrypted blobs.
ReplyDeleteAlso, could whole sessions be bookmarked? For example, my tabs are currently like this:
Foxmarks | Discuss Foxmarks | Foxmarks Blog
And let's assume this hypothetical second window:
GMail | WordPress.com
Could Foxmarks remember that arrangement? If so, could I also choose to record the two windows separately? If not, could I record the two windows separately, anyway?
Foxmarks in general has a huge problem, and that is when you supply your password within the Firefox Plugin configuration for Foxmarks, if you specify an incorrect password during setup, you can still Sync your bookmarks. This means that I can specify any other username and sync with their bookmarks completely and entirely without knowing their correct password.
ReplyDeleteThe program will alert you that you have specified an incorrect password after several minutes, but the sync has already taken place.
I have not tested this with the most recent revision to foxmarks.
@Ben:
ReplyDeleteThis is incorrect. You can access only bookmarks for which you have the correct username/password combination.
Firefox does cache credentials, though, so if you did the following...
* Provide the correct username/password
* Access your account
* Provide an incorrect username/password
* Access your account
... you may find that you can still access your account the second time even though you have provided incorrect credentials. That is because Firefox has cached the successful credentials from the first access and it ignores the credentials that Foxmarks supplies to it the second time.
I can see how this behavior would lead you to conclude that you can access anyone's bookmarks, but that's simply not the case.
If you still think there's a security hole, please post here again or email us with additional details of the steps you've taken.
I have read several of the responses to Todd and the privacy issues. Most of those long legal responses sound as if they were written by attorneys who for the most part ruined this country. Privacy is a wonderful thing and if you don't want to share don't use the site. Most of the responses were telling someone how to change something, which may have been started with good intentions; however when the attorneys of America tear it apart the shreds are not worth the time to use.
ReplyDeleteI guess the entire idea that I am trying to convey is, If you don't like it don't use it!
If you where going to use your bookmarks on a thumbdrive, you would merely have to export your bookmarks to the thumbdrive. It's a simple html file wich you could then import on any computer you used that had firefox. Just click manage bookmarks, then file, then import or export.
ReplyDeleteGordon
ReplyDeleteI agree with what you say, but the point is "first people need to know how their information is stored, and retained" before they can then make the decision "not to use it" or "to use it".
Imagine if you didn't realize about IP numbers and how they can be used to track your moves and link you to all kinds of things. If you only knew about this after you had used whatever service then its too late.
Hence why good practice is to "be open and clear with your potential users". That is the point, the point is not to try to dictate how businesses should operate.
Clear information on how user information is stored and retained is of paramount importance.
People can make their own informed choices about it then.
Bill:
ReplyDeleteI second you. Clarity about privacy issues upfront is the key. I just spent 30 minutes, trying to figure out how Foxmarks handles caching in order to come to a decision (use/not use). I only found it in comments. It's not an uncommon privacy issue, so I would have liked to find it in a FAQ or something easy to find.
what about firefox 3 ???
ReplyDeletei just want to clarified one thing , if i installed and use FoxMarks with the option of using my own server , is there any communication at all going from my computer to the Foxmarks server ( or any other server other than the one i specified to stored at) ?
ReplyDeleteI am interested in using this but i simply want to have control of where it is being stored and am not willing to share any information with anyone , anywhere , at all what so ever.
you guys all been taking a hammer to crack a nut who needs to synch when firefox can already export your entire bookmarks folder or selected items (especially if you are well organised with your folder structure) to any folder any location anywhere any secure !! media you want. Then when you go to the other computer you want to share your bookmarks you just import from the location you choose I usually use a USB memory stick or email it to myself sorry if it sounds too simple!!. Check for duplicates with duplicate detector. You will never have to expose any of your nefarious or deviant tastes or your login page for your swiss bank account to any third party, big brother organisation or smear campaign are you really that famous, I doubt you would be spending the time to discuss to the point of boredom the wording on a privacy policy. I mean really what dont they know already any way !! just chill and walk round the obstacles in your way.
ReplyDelete