
Promoted Add-ons Pilot - ameshkov
https://blog.mozilla.org/addons/2020/09/09/introducing-the-promoted-add-ons-pilot/
======
Animats
I just applied. I don't want my add-on "promoted". I just want to get rid of
the Mozilla message: "This is not monitored for security through Mozilla's
Recommended Extensions program. Make sure you trust it before installing."

I wrote back to Mozilla: "This is an old add-on. I just want to get rid of the
warning label. How much will that cost me?"

I feel like I'm asking the extortionist goon how much it's going to cost me to
not be beaten up.

~~~
surround
Meanwhile, commercially owned extensions which are terrible for privacy and
security, like Grammarly and Honey, are going to get promoted by Mozilla.

The open-source projects with no income are the ones getting hurt.

~~~
Cyphase
How are the Grammarly[1] or Honey[2] addons terrible for security?

I can guess why you say they're terrible for privacy, but they both mention
what data they share on the addon page. So it seems not so much that they are
violating users privacy, but that you think people should be more concerned
with the amount of privacy they give up.

For the record, I am pro-privacy, and would never want to use addons like
these that send my browsing and other data to a third-party. And I know the
vast majority of people don't read privacy statements and might not fully
realize the amount of privacy they're giving up. But that's a much bigger
problem than Mozilla giving these addons that openly collect this data a
Verified tag. Also, the tag will ostensibly indicate some level of
verification that the addon isn't doing anything sneaky (on the client side),
so it's not "just" promotion, according to the announcement. If you don't
believe Mozilla is going to do that verification well/honestly, that's a
different discussion.

Regarding open-source projects, I share your concern, but would be interested
to see some evidence that they will be hurt by this.

[1] [https://addons.mozilla.org/en-
US/firefox/addon/grammarly-1/](https://addons.mozilla.org/en-
US/firefox/addon/grammarly-1/)

[2] [https://addons.mozilla.org/en-
US/firefox/addon/honey/](https://addons.mozilla.org/en-
US/firefox/addon/honey/)

~~~
gilrain
Open source extensions already wait weeks or, more often, months to be
reviewed and have that scary warning removed. As this program is planned, any
commercial or other well-funded extensions will be jumping the queue ahead of
them. That seems strictly worse, unless they also pay to play.

~~~
cassepipe
Well the Mozilla add-on website maybe isn't the only way to distribute
webextensions. Mozilla already hosts and lists the add-ons for free. It seems
only normal it warns users that no verification has been made as they might
assume since it's on an official website. Extensions may be hosted elsewhere
and reviewed by online communities too. For example, the Krabby extension that
add Kakoune keybindings to web navigation is hosted on github.

~~~
Animats
_Well the Mozilla add-on website maybe isn 't the only way to distribute
webextensions._

It is now. All add-ons must be signed by Mozilla. There's a development mode,
but test add-ons disappear when the browser exits.

~~~
cassepipe
Thanks for the precision. I did not know it was the case. Indeed you have to
use Firefox Nightly to use Krabby... But if no verification is made on add-
ons, does it mean it is easy to have them signed? It seems rather
contradictory that a add-on has to be signed only to end up with a banner that
warns it might be harmful but still can't be distributed elsewhere. It's like
you want a store like everyone else but you don't have the perks of a store.
What's the point then?

------
bartvk
I really like this step, but I think this limitation is quite a shame: "You
(or your company) must be based in the United States, Canada, New Zealand,
Australia, the United Kingdom, Malaysia, or Singapore, because once the pilot
ends, we can only accept payment from these countries"

I've got two extensions which I'm really fond of: "I don't care about cookies"
(1), and its paid version "No thanks" (2). The creator, Daniel, lives in
Croatia and thus they won't be able to join this program. I hope the country
limitation is lifted soon.

1) [https://addons.mozilla.org/en-US/firefox/addon/i-dont-
care-a...](https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-
cookies/)

2) [https://www.no-thanks-extension.com/](https://www.no-thanks-
extension.com/)

~~~
ffpip
FYI, you don't need another extension for the 'Don't care about cookies'

Go to the home page and click the 'AdBlock Plus' link to add to uBlock Origin
- [https://www.i-dont-care-about-cookies.eu/](https://www.i-dont-care-about-
cookies.eu/)

1 less addon with access to all sites you visit.

To remove cookie banners permanently on lesser known sites, follow this 30
second guide by the dev -
[https://www.youtube.com/watch?v=8TvCGWwQr5o](https://www.youtube.com/watch?v=8TvCGWwQr5o)

~~~
lukaa
Yes, this addon looks like repackaging and selling someone others open source
work. I'm really not sorry for that author.

~~~
kiboke
I'm the author.

I maintain both the "I don't care about cookies" and the premium "No, thanks"
extension and the filter list. All by myself, for the last 8-9 years. Please
don't write stuff you didn't recheck first.

While the list is a cool addition for those who can't install the extension,
it really can't do much when cookie policy needs to be accepted for the
website to work properly. The extension accepts policies automatically when
it's needed.

Cheers, Daniel

~~~
nicbou
I love your extension Daniel. Installing Firefox Mobile, then this was a
revelation. Unfortunately, it was killed by the Firefox update two weeks
later.

~~~
kiboke
They'll fix that. I think they realized they will lose so many users without
extension support.

------
the_duke
There are currently 21,100 add-ons on the store.

Considering the relatively small market share of FF, I feel like the amount of
companies that would pay for review could be pretty small (<= 1000).

The ad model also creates an awkward conflict of interest: the add-ons most
willing to pay good good money for placement are probably ones that you
shouldn't install and Firefox should not promote. Think tracking, ads, .... Or
commercial ad blockers trying to always appear above Ublock Origin.

It will be detrimental to open source/hobby add-ons in general, unless Mozilla
includes those in the review program for free.

Overall, I can't see how this will bring in any considerable amount of
revenue, not even considering the labour cost of manual review. At least while
keeping shady actors out.

I can imagine this just to be an effort to balance out the costs of curating
the store, while still bringing in a bit of additional money.

I'm tentatively supportive, assuming they provide free reviews for non-
commercial open source extensions and are strict with the promotions they
allow.

~~~
jngonsfip
> the add-ons most willing to pay good good money for placement are probably
> ones that you shouldn't install and Firefox should not promote. Think
> tracking, ads, .... Or commercial ad blockers trying to always appear above
> Ublock Origin.

The whole point is for people to pay to have their add-on manually vetted by
Firefox staff to verify that it meets the recommendation standards. As the
article says, this process is repeated regularly to account for updates.

> I'm tentatively supportive, IF they provide free reviews for non-commercial
> open source extensions and are strict with the promotions they allow. No
> mention of this in the announcement though...

This is already how it works, every recommended add-on has been manually
reviewed. The article says that they will use this to expand the reviewing
process, not to replace it. They also say, "During the pilot program, these
services will be provided to a small number of participants without cost." The
extent of the two promotional "levels" are clearly outlined as well.

This is just a way for companies to get their add-ons on the fast track to
wide adoption by having them reviewed for policy compliance and, if they
choose to pay more, added to a promotional section to increase visibility. The
Twitter-style hot take to find a flaw right away is not warranted.

~~~
tgsovlerkhgsel
It does create a conflict of interest, and a significant risk that at some
point greed will win - compare e.g. AdBlock Plus that started with the
"acceptable ads" program and then allowed the worst of clickbait (Taboola &
Co.) despite heavy user complaints.

On the other hand, it also provides an opportunity to have a _trusted_ addon
ecosystem. If the price is reasonable, popular free addons can collect it
through donations, and in exchange, users can be sure that the addons were
actually reviewed (hopefully thoroughly and by humans, i.e. with a much lower
"oops bad thing slipped through" rate than addon stores that rely mostly on
automation).

Could even be a great way to generate revenue. Have two versions of the addon.
One is free. One costs $1/year but is reviewed. Same addon. I know which one
I'd pick (for myself and all relatives). Mozilla and the addon dev can split
the revenue 50:50.

~~~
Vinnl
That might even be an interesting next step: allow users to chip in for
review, right on the AMO page.

------
ocdtrekkie
Seems like a reasonable choice to bring in some revenue and also scale up
their extension review team. I personally prefer to trust an app almost solely
based on the permissions it asks for, but many of the "Recommend Extensions"
have wider permissions, and I suppose the fact that Mozilla has reviewed them
comforts me a bit.

The fact that Mozilla will only promote/market extensions which have been
reviewed by humans for security and privacy issues is a big step up over
pretty much everyone else.

------
surround
Mozilla has been recommending a copy-cat extension for ~3 years, despite
reports from users and developers.

[https://twitter.com/Pythux/status/1154403982342852609](https://twitter.com/Pythux/status/1154403982342852609)

[https://twitter.com/gorhill/status/1165747661691064322](https://twitter.com/gorhill/status/1165747661691064322)

[https://github.com/mozilla/addons/issues/1078](https://github.com/mozilla/addons/issues/1078)

This is an unpaid recommendation. Why would I trust Mozilla now that they’re
getting paid?

~~~
jamienicol
Is there anything inherently wrong with recommending a "copycat" extension? As
long as it complies with the license, why is the fact is has copied an issue?
If it is useful for users and passes Mozilla's criteria why should they not
recommend it?

------
gnicholas
I don't understand what exactly it means to be reviewed. I have an addon and
they review every time I update it. [1] I provide them with source code, and
they often have issues with this or that, and we make changes to satisfy them.

If this isn't reviewing, what is? It makes it seem like this new program is
less about actually reviewing (which they already do) and more about pushing
for advertising revenue. That's a fair thing to do, but it's weird to frame it
as if reviewing isn't already happening.

1: [https://addons.mozilla.org/en-
US/firefox/addon/beelinereader...](https://addons.mozilla.org/en-
US/firefox/addon/beelinereader/)

~~~
edjrage
The second paragraph of the article answers your question. Recommended
extensions go through a stricter review and, if approved, are then
"prominently recommended on AMO and other Mozilla channels". Mozilla has been
doing this curation "for free" and at their own discretion; now they're adding
a paid "shortcut" for anyone whose extensions are under their radar.

~~~
gnicholas
I guess my point is that they've been looking at things pretty darn strictly
already, poking through our source code and asking for all sorts of changes,
even between submissions (that's right—we'd just be sitting there minding our
own business, and we'd get an email saying we'd be pulled from the store if we
didn't address issue). And to be clear, we have never collected any user-
linked browsing data or even usage data, so it's not like we're a high-risk
addon.

If what we've experienced isn't considered a strict review, I'd hate to see
what the next level looks like.

------
TimLeland
This sounds like a good idea. I was lucky to get my Weather Extension listed
as a recommended extension. There is extra work involved and the code reviews
are strict. I plan on submitting my Link Shortener extension to see if I can
get it promoted.

~~~
antman
Any comment or key points from the procedure?

------
Gys
Maybe a first step of turning the add-ons into a kind of paid app store?
Worked well for some others ;-)

If eventually some kind of payments would be possible, Forefox could transform
into a kind of platform and bring completely new possibilities.

~~~
ocdtrekkie
It's the opposite of a paid app store. Instead of users paying to download
apps, developers are paying to list them.

~~~
Gys
Apple and Google require a fee just to register. It is also possible to pay
them for more exposure.

Just saying this might only be a first step. Tipping their toes, see what is
possible. Might work out differently. Or not at all, or the same ;-)

------
gilrain
An interesting side effect of an earlier policy means that the sponsored ads
for extensions will not be able to be blocked. Firefox extensions are
prevented from operating on AMO. This is or was to ensure malicious addons
can't interfere with its operation.

Now, it also means Mozilla is in the enviable position of offering ads to
Firefox users which can not be blocked by Firefox ad blocking extensions.

Put another way, if you want to browse AMO ad free, you will need to use a
different browser.

~~~
ormax3
Look up `extensions.webextensions.restrictedDomains` in `about:config`, you
can remove Mozilla domains from the restricted list.

------
ffpip
More extensions need to be reviewed. This seems like a good way to do it. I
only install recommended or community promoted addons, since I am not capable
of reviewing the code.

------
anoncake
I bet they're going to make bribing Mozilla a condition to get on the
whitelist for mobile Firefox. Which explains why it exists.

~~~
jamienicol
It's hardly a bribe though, is it?

The allowlist exists so it can guarantee users install add-ons which work, and
don't break their browser. Both reviewing and adding support for required APIs
costs money.

~~~
anoncake
Not putting artificial restrictions into the browser is free.

~~~
jamienicol
It's really not. I work on Firefox. Just yesterday I spent some time helping a
user debug an issue they had, and it turned out to be caused by them flipping
a hidden pref in about:config. This is not uncommon, it takes up my time and
my colleagues' time, which costs money.

~~~
anoncake
We aren't talking about hidden preferences but about add-ons. And if you don't
want to support people who installed add-ons you didn't verify, don't support
people who installed add-ons you didn't verify.

~~~
jamienicol
It's not a huge leap to see how the same could apply to add-ons too, it
frequently does even on desktop. It would be many times more likely for the
new android Firefox, hence the existence of the allowlist. Not to mention that
some of the restrictions aren't artificial at all.

As for support, a) we'd like to support all of our users, and b) it often
takes a lot of support time until you establish that an add-on or hidden
preference is responsible.

~~~
anoncake
> Not to mention that some of the restrictions aren't artificial at all.

Such as?

> a) we'd like to support all of our users

Only what the users would like matters. Giving them the choice between being
installing what they want and getting support is strictly better than a forced
whitelist.

> b) it often takes a lot of support time until you establish that an add-on
> or hidden preference is responsible.

Then check for that first.

~~~
jamienicol
> Such as?

For extensions, as I understand it not all the APIs are implemented yet for
geckoview. Not my area though so can't provide more details. For about:config,
again lots of the preferences don't make sense for geckoview, or can even
break it completely.

> Giving them the choice between being installing what they want and getting
> support is strictly better than a forced whitelist.

For you perhaps. But for many users having a working browser is more
important. Users don't deliberately break their browsers, yet it happens all
of the time. I believe (and I'm speaking for just myself here, not Mozilla)
that finding a balance between allowing users to install/tweak many things
whilst ensuring a usable browser is better.

> Then check for that first.

Sure we could immediately check if users have any addons or prefs set, and
just ignore them if so. But that would let many genuine bugs slip through, not
to mention not be very nice to those people.

------
shahsyed
This is the exact same thing they said they wouldn't do, and now they're doing
it.

This is very unfortunate. I'm not liking how the future is looking here. Fired
a bunch of people, then announce a partnership with Google, and now this.

~~~
lykr0n
The company needs money. They're the only browser out there not directly
controlled by Google & Apple.

~~~
aninteger
Do they though?

[https://www.zdnet.com/article/sources-mozilla-extends-its-
go...](https://www.zdnet.com/article/sources-mozilla-extends-its-google-
search-deal/)

~~~
TheChaplain
Yes. It's unwise to depend on a sole source of income.

~~~
jrott
Yeah this seems like an ok experiment so they aren't totally dependent on
google for income.

------
laksdjfkasljdf
Firefox should just stop tiptoeing and absorbing useful addons regularly.
Starting with uBlockOrigin and youtube enhancer.

Make adblock be a first class feature that you enabled/whitelist in the main
browser option screen.

------
dzonga
things like an os, browser etc are now at utility level. and should be funded
through taxes and grants. you know like nato contribution grants but at the un
level. everyone needs a reliable, privacy based browser and os. & I would
reckon it a human right.

~~~
_odnes
How would state coercion bear better fruit that the love of freedom?

I'm not yet a taxpayer, but I'm not looking forward to having my money be
wasted on yet another "service" that neither I nor most people would choose to
benefit from. I'll wager the postal service is an example of waste of public
funds that translates well across borders.

Evidence that open source leads to better software abounds. I don't think one
could say the same about state-funded anything unless one lives in that
fictitious country called Finland.

------
pkaye
What is the difficulty in accepting payment from more countries. Don't most of
the payment providers like Stripe support a broad range of countries.

~~~
netsharc
If you take money in exchange for services in a country, then you have to deal
with taxes and regulations of that country...

~~~
Nextgrid
Is it though? Mozilla would still be providing the service based in their
country of incorporation and where their website is hosted regardless of where
the customer is based. As long as they comply with the regulation of their
host country (export restrictions, sanctions, etc) they should be in the
clear.

------
Vinnl
Will people be paying for review (with angry developers of rejected add-ons)
or approval (with misaligned incentives to approve them)?

------
coldtea
Yeah, what will help live up a moribund (share wise) browser platform better
than paid add-ons?

------
hartator
I don’t fully understand the positivity here. Isn’t Firefox sell itself as a
non-profit?

~~~
marsrover
I think the positivity comes from the fact that Mozilla has struggled to
survive since its inception and is generally a good company.

~~~
aaomidi
Except when they fired basically all their talent. I don't really have any
love for them after this.

Mozilla should've always been structured as a co-op.

~~~
leeoniya
if they asked their advanced users to pitch in $10/mo to keep at least some of
that talent and to ween off google revenue, i doubt any of us would have had
issues. but they did the most absurd thing possible :(

~~~
wizzwizz4
Haven't they been asking for that for years?

~~~
leeoniya
it has always been impossible to donate directly for firefox or any specific
mozilla initiative. any donations just got black-holed with questionable
sideshow shit continuing to happen. i stopped donating at that point; that's
not how i want to "vote with my wallet".

really bummed about the whole thing.

~~~
abawany
I specify in the note where I want the donation to go to when I send a
donation (e.g. "for Thunderbird"); I have received notes back from the
Thunderbird team referencing the donation, which satisfies the question in
mind as to whether my donation preference was respected.

------
1024core
Mozilla makes a gazillion dollars from Google for being the default search
engine. They get free labor from volunteers all over the world, being OSS and
all that. So what do they need extra money for??

~~~
colejohnson66
Because a single source of income (Google) isn’t smart for anyone. And the
more money is involved (in this case, a gazillion), the worse it is to do so.
What if Google just one day decides to not renew their contract? Mozilla’ll be
out a gazillion dollars a year.

~~~
1024core
That's a hypothetical scenario. I'm talking about the reality: Google was
paying Mozilla close to a billion/year to be the default search agent. That is
a shit-ton of money.

