Anyone know why Firefox on Alpine Linux prompts to use a system secret store if I want it to save a credit card number, and how to tell it no I don't want that I want it to do the saving itself in my profile dir like it does for secrets that are orders of magnitude more impactful?
Conversation
Notices
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 22:31:13 JST 
Rich Felker
-
Embed this notice
yoasif (yoasif@mastodon.social)'s status on Wednesday, 14-May-2025 22:45:39 JST 
yoasif
@dalias I believe this is just using OS authentication to validate access to this data (and not actually storing it differently). Can you share the prompt you see?
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 22:45:39 JST
Rich Felker
@yoasif I'll screenshot it next time it comes up. But anyway, the point is I want no "desktop integration" here, just for Firefox to operate independently and save/use the data I asked it to.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 22:47:00 JST
Rich Felker
@yoasif I imagine it's another case of Mozilla asshat lawyers thinking they are party to actions you use the software to perform, and that "protecting card numbers" is something they're obligated to do for PCI compliance. 🤬
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 22:49:11 JST
Rich Felker
@yoasif That would affect the password manager, which is not affected. And it's documented as only being on Windows and Mac.
-
Embed this notice
yoasif (yoasif@mastodon.social)'s status on Wednesday, 14-May-2025 22:49:12 JST
yoasif
@dalias FWIW, I believe this is the feature, and under the hood, it doesn't change the way the data is stored, it is more of a roadblock to people who can't exfiltrate your data: https://support.mozilla.org/en-US/kb/firefox-password-authentification-prompt
-
Embed this notice
yoasif (yoasif@mastodon.social)'s status on Wednesday, 14-May-2025 22:50:06 JST
yoasif
@dalias Eh, I think it is a real feature - security comes in layers - but it isn't going to work for a determined hacker.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 22:50:06 JST
Rich Felker
@yoasif If it were for security they'd be applying it to the data that's actually dangerous to lose - login credentials and session keys - not credit card numbers where it's the bank who's screwed if you lose them.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 23:24:56 JST
Rich Felker
@yoasif Thanks for finding the keyword, OSKeyStore.
Apparently this was intentional breakage as the outcome of https://bugzilla.mozilla.org/show_bug.cgi?id=1486954
No idea if there's a configuration knob to fix it.
-
Embed this notice
yoasif (yoasif@mastodon.social)'s status on Wednesday, 14-May-2025 23:24:57 JST
yoasif
@dalias I think that there is some integration with your "OSKeyStore":
Some references to this in automated tests:
https://searchfox.org/mozilla-central/source/toolkit/modules/tests/browser/browser_CreditCard.js
I found someone referencing this in troubleshooting as well: https://www.codejam.info/2022/05/firefox-credit-card-autofill-not-working-on-linux.html
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 14-May-2025 23:31:13 JST
Rich Felker
@yoasif So it looks like for now the answer is just "Firefox storing credit cards doesn't work because they insist on it using some desktop-integration-centric secret management and they even intentionally removed the support for not doing that". 🤬
-
Embed this notice
All GNU social JP content and data are available under the