Fennec FDroid Pocket recommendation doesn't work

fennec

#1

Firefox has an feature to recommend good websites/articles via Pocket. AFAIK Pocket is a service there you can store bookmarks in a cloud. Although I don’t want that my own bookmarks are exposed to a service outside of my computer/smartphone and although I don’t have an account on Pocket because of that, I’m using the recommendation service from Pocket because Mozilla promise to not transfer my bookmarks and chronic to a server but transfer the data which article is interesting for which site found in the bookmarks or chronic to the browser. Other data are only transferred if you don’t opt out the analytics and statistics (see https://help.getpocket.com/article/1142-firefox-new-tab-recommendations).
So why does a fresh installation of Fennec FDroid only show Placeholder 0, Placeholder 1 and placeholder 2 instead of real recommendation? This feature seems to be broken. Is it removed because of tracking or is it even a feature depending on pieces of closed source software? I try to bypass that problem by clicking on the [More >] button in the Pocket recommendation area getting only English recommendation although my browser and smartphone are using another language, so that’s not a solution.


#2

@Manizuca might know about Fennec’s Pocket feature.


#3

Not really sure, is not explicitly disabled.
However, the ‘MOZ_POCKET_API_KEY’ value i can see in logs is ‘no-pocket-api-key’, so it probably has to be set manually to an authorized key (that we dont have)


#4

Would there be a chance to extract that key from Firefox and insert it in a Fennec F-Droid installation, or any other solution? In the about:config-page of Fennec F-Droid, a search for Pocket get no result. On Firefox for desktop, there a lot of results, including a extensions.pocket.oAuthConsumerKey entry.


#5

I don’t think Mozilla will like this: it seems they deliberately keep this Pocket feature proprietary. Try asking them about possible solutions.


#6

Hi folks, nalexander here. I maintain the Firefox for Android build system, although I’m not really working on Fennec these days. It’s true that Pocket is owned by Mozilla and proprietary, but I wouldn’t say that the Firefox for Android product is trying “to keep this Pocket feature proprietary”. It’s more that there’s a service component which needs an API key to access, just like, for example, the Google search endpoint and Mozilla Location Services endpoints need API keys to access. Running a service endpoint at scale requires the ability to differentiate traffic, to rate limit, and to kill service in the case of abuse – that’s just table stakes for ops.

Technically it’s not difficult to extract API keys from the APK, although I do hope that this community doesn’t do so.

I’m willing to help the F-Droid project get its own API key for Pocket if it’s possible – and I’m not saying it is, 'cuz I honestly don’t know. I expect a requirement will be for F-Droid to keep the key as private as possible – i.e., not include it in public repositories, not leak it in build logs, and restrict access to the key to a reasonable set of people. Does any other package have an API key with that type of requirement?


#7

Hi nalexander,

The “API keys issue” has been discussed several times in the past (regarding other apps). The consensus was that F-Droid does not make such deals because software with “secrets” can hardly be called free. All apps on F-Droid that connect to services with API keys either have those keys in the (publicly available) source code or in the build recipe (also publicly available).

We’re definitely not going to extract the key from the official APK, that’s for sure.


#8

вт, 11 сент. 2018 г., 0:27 Relan:

All apps on F-Droid that connect to services with API keys either have those keys in the (publicly available) source code or in the build recipe (also publicly available).

And sometimes (3) force user to get one and enter it. E.g. LabCoat


#9

Sure. I think that’s a principled position to adopt but it does mean that F-Droid users can’t access all services, including in this case Pocket. I think that addresses OPs question.