Security: Kinto and Mozilla Thunderbird

By default Mozilla Thunderbird uses a remote kinto backend to store client settings in json format. I have managed to build and run a kinto server on my localhost in order to understand what this backend does.

So far I’m still clueless about the exact purpose of using a remote storage to save client-related settings in a database such as redis or postgresql. Interestingly, kinto is a fairly advanced http api and json-based backend in front of redis and also includes a optional (node.js) admin interface.

Note that changing the value of “services.settings.server” to “http://localhost:8888/v1”, seem to work without problems and is helpful. Lastly more info about kinto can be found here: API — Kinto 15.1 documentation

Any thoughts or comments on this interesting mozilla feature would be appreciated.

Regards,
smart

I suspect that this is used for mail server settings.

It would make sense not to put that info into the installed package as it is subject to change.

The Gmail setup here was a bit painful. My guess is that it relates to email server with multi factor stuff.

There’s some interesting background info about this “kinto story” here:

https://blog.mathieu-leplatre.info/the-history-of-firefox-remote-settings.html

Interestingly, “Mozilla Cloud Services” also seems to use a similar json api
to store the settings of its users in a remote redis backend.