Lockwise: Mozilla’s better Firefox password manager — or is it?

Mozilla can be a contentious topic among certain security and privacy advocates. Detractors, including myself, feel that the company’s close relationship with privacy violators like Google and other Silicon Valley giants nullifies its status as a privacy advocate (some of us consider it “surveillance capitalism”). It appears that now, however, the company is attempting to regain trust among skeptics by rebranding and overhauling its Firefox password protection service into something called Lockwise.

This change specifically affects Firefox’s Lockbox, and more notably, is going to create a password management service that does not need to rely on third-party software. Though there is no official press release at the time of writing this article, Bleeping Computer’s Lawrence Abrams was able to piece together information about the new browser password manager via bug reports. According to his article, the bug reports that give the most information on Lockwise are [Product Marketing]: LockWise in-product marketing copy and Change the OAuth client name of Lockbox to Lockwise on May 21st.

The first bug report mentioned shows how “the Lockwise team needs localization assistance for EN to FR translation of in-product and marketing copy.” The second bug report is a bit more technical, but also hammers home the May 21 deadline for the service:

On May 21, the Lockbox apps will be renamed to Lockwise. On this day, we will want to update the OAuth client names of each of the clients to “Firefox Lockwise”

:jbuck and :jrgm, this is the list of client_id’s associated with Lockbox:

1b024772203a0849
98adfa37698f255b
e7ce535d93522896
Note, the desire is for all 3 apps to be named “Firefox Lockwise” rather than, e.g., “Firefox Lockwise for Android”

Additionally, which is of some concern, Mozilla appears in another bug report titled Investigate high value features for Lockbox and Monitor to be seeking a monetization feature for Lockwise’s password management. I say this is concerning as Mozilla cloaks itself in a veneer of being open source and “for the people,” yet despite massive corporate funding they still want to nickel-and-dime users. The specific sentence that mentions this in the bug report states, “What will people pay for with respect to Monitor (identity monitoring services) and Lockbox (password management and secure storage product)?”

Overall, this development is a mixed bag. On the one hand it is good that Mozilla is seeking to improve its password management system, but are they really doing such a thing for the betterment of the general public’s privacy? Or are they just another facet of the surveillance capitalism they claim to be against?

Featured image: Flickr / Marco Verch

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Deploy Windows from the cloud to on-premises hardware? Yes, you can

Wouldn’t it be nice if you could deploy Windows from the cloud while sipping an…

5 hours ago

Blackbaud data breach after ransomware attack hits universities, nonprofits

Blackbaud, a cloud services provider focused on the education sector and nonprofits, suffered a data…

10 hours ago

Sending email from Linux terminal: Efficient and powerful solution

Knowing how to send email from the Linux command line is important, especially when you…

1 day ago

Family Tree Maker genealogy software experiences data breach

A data breach affecting popular genealogy software Family Tree Maker has been discovered and patched,…

1 day ago

Review: Microsoft 365 monitoring solution GSX Gizmo

In a world of distributed employees, GSX Gizmo provides monitoring of Microsoft 365 and on-premises…

1 day ago

Nmap: All about this free open-source network monitoring tool

Nmap is a free open-source tool used to scan networks, identify vulnerabilities, find open ports,…

2 days ago