Storage for private data

Is the storage.sync API suitable for sharing a secret between browser installations? I understand the data is encrypted before upload, but is it sensibly handled locally and is writing to storage.sync (or storage.local) unencrypted fine?

storage.local is saved to a JSON file in the profile directory. I doubt storage.sync is (locally) handled any different. Besides, even if the local files were encrypted, Firefox won’t prompt the user for a password, so the encryption key would be saved on the disc too – which would make the encryption quite pointless.

So if a local, non-web-accessible file isn’t good enough for your use case, you’ll have to do your own crypto.
IndexedDB is better suited for binary data than storage.local. And syncing encrypted data comes with its own set of security implementations.

Unless you are implementing something like a password manager, plain local files and Mozillas encrypted storage.sync are probably ok.
If you do plan to implement a password manager or something with similar security requirements and you seek security advice, you probably shouldn’t do it at all.
It is very easy to get crypto wrong.

Thanks for the response.

Do you mean “security implications”? Either way I’m not sure what you mean.


My concerns are 1) storage is serialized to a more-than-user-readable file 2) storage data ends up in logs or is collected for telemetry.

The documentation for this API in google chrome says:

Confidential user information should not be stored! The storage area isn’t encrypted.

Well, without a master password neither are passwords in Firefox.

Just had a look at the files in the profile folder:
storage.local is serialized into browser-extension-data/extension-id/storage.js
storage.sync ends up in storage-sync.sqlite which is world readable unfortunately:

-rw------- ... browser-extension-data/extension-id/storage.js
-rw-r--r-- ... storage-sync.sqlite

So, I guess I need to encrypt what I want to sync.

Do you mean “security implications”?

Yes. I don’t know how I got that wrong.
I am absolutely not a cryptographer, but what I mean is that if you repetitively encrypt similar data sets and an attacker can read those (which would be the case with synced data) and the attacker can guess at the changes you made in the clear text, that allows for additional attacks.

What I want to say is: Only do crypt for important data if you understand it, and even if you do, have it checked by somebody who really does.


storage.sync ends up instorage-sync.sqlite which is world readable

That the sync file is readable by the group and everyone while local isn’t seems strange. You should probably test if this is also the case in a new profile with the latest Nightly. If it is, file a bug and Mozilla will most likely change that.
Also, you should test this on Windows.