https://blog.mozilla.org/blog/2017/02/27/mozilla-acquires-pocket/
Mozilla had previously made Pocket a mandatory part of Firefox and that really annoyed a lot of people because Pocket's business model was to spy on users for profit. This acquisition gives me hope that the spying will be eliminated, making Pocket - which is a genuinely useful tool - safe for all to use.
Pocket will join Mozilla's product portfolio as a new product line alongside the Firefox web browsers with a focus on promoting the discovery and accessibility of high quality web content. (Here's a link to their blog post on the acquisition). Pocket's core team and technology will also accelerate Mozilla's broader Context Graph initiative.
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 28 2017, @02:58PM (2 children)
> If the pocket server is not something I can physically touch then it can still be searched by 3rd parties for fun, profit and politics.
(a) Yes, that's true. But Mozilla has credibility that they won't make that sort of thing part of their business model.
(b) If they open source it, you can host your own server.
(Score: 2) by Immerman on Tuesday February 28 2017, @05:44PM (1 child)
(a) they already did, once, when they made pocket mandatory, presumably in exchange for a share of the profit. Hopefully they learned their lesson, but...
Sync used to be secure, but they removed that option so now Mozilla (and anyone who sufficiently compromises their servers) can spy on your bookmarks if they are so inclined, though I believe the password vault at least still has the option to be client-side encrypted.
Now, as I recall they claimed user-friendliness as the reason for compromising the Sync security, and I can certainly understand that, but the fact that they completely removed the truly secure option, coupled with the Pocket fiasco, makes me suspicious.
That said, I still trust them far more than any of the other browser makers.
(Score: 0) by Anonymous Coward on Tuesday February 28 2017, @08:19PM
You are misinformed about sync.
The change they made opens a specific window of vulnerability - they can potentially capture the sync decryption key at the time of creation. But (a) they say they do not store permanently and (b) that is the only time a sync user is vulnerable. If LE came by with a warrant afterwards and wanted to decrypt your sync'd data they would be SOL.
You can choose to believe they are lying. But then you might as well choose to believe that they are lying about all kinds of other things, like firefox not reporting your browsing history. So if you are down that rabbit hole, might as well just use Chrome because at least google isn't lying about spying on you...