It isn’t just Linux, the same is in the user AppData on Windows (would also guess Mac OS). Both a gift and a curse as I find that when I need to make a backup of peoples’ data before restoring/clean installing Windows/Mac OS or moving stuff to a new PC. Those folders are pretty important to get, as you can have all their bookmarks, history, settings, and passwords just show up (though you need to sometimes have to change the profile if a new one still gets created). Same is true for Chrome and other Chromium-based browsers, but they tend to not bring passwords over the majority of the time (need to manually export and import if the PC is actually able to boot into normal/safe modes of whatever OS used).

FF is easier in the cases where the OS is broken or pulling the drive to copy (though very few people use it to begin with). But it does mean it is a curse if the passwords aren’t also locked (would imagine having a master password might help but haven’t tried to see). While it would make part of my job harder with regards to FF data, it is odd that Mozilla doesn’t break them most of the time when Chromium browsers are able to. Though I haven’t had to help someone with Linux in the same way, so maybe it is just a Windows (and maybe Mac OS been a while since I needed to worry about FF so idk) thing for passwords.

Last bit below is a general rant of a PC repair tech’s daily struggle with customers that freak out when something bad happens before bringing stuff in for repair/setting up a new PC. Just had to get it out, but not specific to FF and just data in general (just kept typing). lol

Would make my job easier if people at least signed into their browsers beforehand and remember their log-ins to get browser stuff working (which would at least give them other accounts/passwords back). But the folks that tend to freak out about their stuff tend to also not make their own backups or sign into their browsers (let alone even remember their passwords for crucial stuff) before anything happens. Password vaults would be the same issue even if they had them, but maybe less if they had to enter their master password daily at least once.

For Windows (and even Mac OS in some cases) cloud stuff like OneDrive being turned on by default for the Documents, Desktop, and Pictures (or the defaults for other services) folders don’t even help them. Because they literally don’t even remember the email used when setting up Windows/services, or for whatever reason lost access to that account and somehow think that just using a different account with a different email will still give them their shit. Claiming that I or my co-workers “lost their data” when it isn’t there due to just the stubs of files that were only in the cloud.

The tilde (~) means that path is located in the per-user home directory. The default behaviour is for user home directories to be only accessible by that specific user.

The encryption you’re referring to is likely specific to Firefox Sync (i.e. syncing your FF settings, history, etc. across devices). Sync is end-to-end encrypted. But I’m not surprised that it’s unencrypted on disk.

It’s a pretty common assumption in software, especially on Linux, that if anyone can access your home directory, then you can’t have any expectation of privacy. Some apps make the explicit statement that secrets are stored in plain text because obfuscation would just give you a false sense of security.

The solution is to encrypt the data on a system level, e.g., with encrypted home directories. You could also create an encrypted volume in a file and store the profile in there. Make sure to protect your private keys with good passphrases.

still it is concerning, that any program can know about the sites I visit

As other noted, that’s the case in Linux, by default all processes are equal, so if your shell process can access a file, the Firefox process can access that file.

But there are in fact many ways to sandbox processes and prevent exactly what you are worried about. One way is to install applications via Flatpak (or Snap), that can limit what files the app can see, while still running as your user.

If there is an app you need and don’t trust that’s not available as a flatpak (or snap), there are ways to sanbox it manually. It does require some tinkering, but people can help you on !linux@lemmy.ml

If you are worried about other users on your machine then you can verify/update your umask so others can’t access your files.

If you are worried about programs under same user then you need to use AppArmor and or firejail heck you can even go crazy and use SELinux.

It is expected, and quite fine… :-)

If you are concerned about a program you installed spying on you, then why do you use that program? If it can access a personal directory in Mozilla, what does it stop from accessing all the other files on your system?