Mozilla can be a contentious topic among certain security and privacy advocates. Detractors, including myself, feel that the company’s close relationship with privacy violators like Google and other Silicon Valley giants nullifies its status as a privacy advocate (some of us consider it “surveillance capitalism”). It appears that now, however, the company is attempting to regain trust among skeptics by rebranding and overhauling its Firefox password protection service into something called Lockwise.
This change specifically affects Firefox’s Lockbox, and more notably, is going to create a password management service that does not need to rely on third-party software. Though there is no official press release at the time of writing this article, Bleeping Computer’s Lawrence Abrams was able to piece together information about the new browser password manager via bug reports. According to his article, the bug reports that give the most information on Lockwise are [Product Marketing]: LockWise in-product marketing copy and Change the OAuth client name of Lockbox to Lockwise on May 21st.
The first bug report mentioned shows how “the Lockwise team needs localization assistance for EN to FR translation of in-product and marketing copy.” The second bug report is a bit more technical, but also hammers home the May 21 deadline for the service:
On May 21, the Lockbox apps will be renamed to Lockwise. On this day, we will want to update the OAuth client names of each of the clients to “Firefox Lockwise”
:jbuck and :jrgm, this is the list of client_id’s associated with Lockbox:
1b024772203a0849
98adfa37698f255b
e7ce535d93522896
Note, the desire is for all 3 apps to be named “Firefox Lockwise” rather than, e.g., “Firefox Lockwise for Android”
Additionally, which is of some concern, Mozilla appears in another bug report titled Investigate high value features for Lockbox and Monitor to be seeking a monetization feature for Lockwise’s password management. I say this is concerning as Mozilla cloaks itself in a veneer of being open source and “for the people,” yet despite massive corporate funding they still want to nickel-and-dime users. The specific sentence that mentions this in the bug report states, “What will people pay for with respect to Monitor (identity monitoring services) and Lockbox (password management and secure storage product)?”
Overall, this development is a mixed bag. On the one hand it is good that Mozilla is seeking to improve its password management system, but are they really doing such a thing for the betterment of the general public’s privacy? Or are they just another facet of the surveillance capitalism they claim to be against?
Featured image: Flickr / Marco Verch
Article is disappointing, as it considers only generalities, and is not a specific review of Lockwise features and performance as compared with LastPass and other competitors.
David, at the time of my writing this article, there was little to go on from Mozilla. Literally the small mentions of Lockwise in bug reports were all I had to analyze. I submitted this article pre-launch, I can’t help that the editing team published it eight days after release of the Lockwise. Hopefully that clears it up for you. I do my best to analyze everything I report on, but I can only do so much when given minimal data.
David, I think it’s because LockWise is still new in the market. I was trying to see if there is any assessment by experts and nothing found to date.
This was part of the issue but also mainly the issue was that I wrote this prior to the release of Lockwise.
Hi Derek – So is there any actual password manager that can be trusted by non-tech users and where can we find informed, non-biased reviews forthe same? Thank you.
Isn’t the problem with any password manager that they have to know your passwords? Information that should only be known to you?
Why even bother with passwords if they’re not secure?
Modern password managers don’t store your passwords in plaintext. They’re encrypted and can only be decrypted using a master password that only you know of (this master password isn’t stored by the password manager). The decryption is done locally on your computer, so plaintext versions of the passwords are never sent across the Internet.
Password managers are definitely worth it. Take a look at these myths about password managers: https://monitor.firefox.com/security-tips#five-myths
@Titus — Lockwise, like most password managers, encrypts your passwords before sending them to the network so that the sync service cannot access them. You can see more information about Firefox’s approach at https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
Regarding the funding model that Derek seems to be taking issue with, ask yourself: would you prefer Mozilla be funded mostly by money from surveillance-forward companies like Google, or would you prefer that they offer some premium services for users to help keep the lights on? The ideal endgame here would be taking zero dollars from companies who spy on you, but that’s not gonna happen without an alternate revenue model.
So you’re saying that Mozilla should not take money from Google or other tech giants; but they also should not ask for money from their users. So you’re saying that the whole of Mozilla should be based around volunteer work. Sorry, but I really feel that’s just completely unrealistic.
FF 70 broke the password manager. Not only you STILL can’t export your passwords keeping you locked with Mozilla, but now you can’t see all your passwords in a nice list, sort them, see where you use the same password, have the window manager pop-up instead of a new tab and most importantly SEARCH them!
Andrew is totally right!
So I will still to remember my long list of passwords… But in 2019, it’s quite hard now.
Hate Firefox Lockwise ,, I agree with Andrew, can’t look up usernames or sort passwords ..