I created and maintain an extension that is used by visually-impaired people around the world (it has been translated by volunteers into Dutch and Chinese, for example).
Occasionally a Firefox update breaks this extension. OK, fine, that's the cost of doing business. Of course, the automated compatibility report that Firefox creates is utterly useless; it almost never catches the breakage. But that's a side rant....
There can be a decent turnaround lag (sometimes on the order of a few days) to get a new version of an extension reviewed by addons.mozilla.org. In the meantime, I have made a habit of building a new version of the extension and giving it to anyone who asks. Some people rely on it to use the web and can't wait for Mozilla to do their thing (another side rant: I once stupidly forgot to check in a key resource. I've since changed my development process to keep this from happening again. But the non-functional extension that I pushed passed Mozilla's review just fine. Makes me wonder how much value the review process is really adding.)
If I want to be able to continue this process, I will need to sign the extension myself (and who knows what histrionics Firefox will throw if a user tries to replace an extension with one that has the same UUID but a different signature!)
We see many copies of Firefox infested with rogue add-ons the user didn't ask for or isn't even aware of. Sometimes these add-ons even ship with big-name software, with no opt out or with the opt out squirreled away in some dark corner. Typically, they do one or more of the following: (1) spy on the user, (2) add affiliate codes for money, (3) cause performance problems and crashes.
The network is a pretty hostile place these days. It's no longer 14-year-olds playing around for fun; there are moneyed interests in the game. And the sorts of people who don't frequent HN are pretty much helpless and clueless in the perpetual tug of war between various companies and mafias. As a "user agent", we have the opportunity defend users who lack the sophistication to root around and remove invasive software they didn't ask for.
Of course, if you're reading this, you're in a different category. You have a better idea which software to trust, and you know how to scour your machine if something gets past you. That's why nightlies and the Developer Edition let you do whatever you want: you aren't the ones who need hard-coded protections to shield you from pref-twiddling installers.
I hope that provides some needed context. Safe surfing, all!
Like Pocket or Hello?
The only two options you are giving us are:
1) Either remain on 'ESR' branch, which is always outdated, OR,
2) Reveal private Enterprise source code to you to get it signed (it might even be illegal for employees to do that).
Both of them could be unacceptable to many organizations.
There is no way of doing this that both respects users freedoms and prevents malicious software.
why Firefox could not remove these extension itself? I needed to remove some files from the harddisk --I doubt john.doe will be able to remove such evils
Please excuse the rant tone, these things make me feel my intimacy raped
You can still use Dev Edition or Nightly with an about:config pref set.
And what's stopping said malware installation routine from patching my firefox.exe or /usr/bin/firefox or whatever to bypass the signature check? Or patching the running program in-memory? How would it even access that checkbox? This concern seems a bit far-fetched to me.
Modifying the Firefox installation directory would get flagged by any anti-virus, but software using the defined extension points does not -- the user "agreed" to it.
This seems like a good approach to me. Instead of Mozilla itself signing developers' extensions, why can't Mozilla issue certificates so developers can sign their own extensions locally? If a developer turns rogue, Mozilla can revoke their certificate.
Actually, the link says
> Files submitted for signing will go through an automated review process. If they pass this review, they are automatically signed and sent back to the developer. This process should normally take seconds
You may be thinking of a different type of review process, the signing one sounds almost instantaneous.
This seems to be part of Mozilla's effort to be more like the Apple and Google stores.
Mozila AMO - Learn to embrace the pain.
Addons are running in the chrome context and are thus pretty powerful. It's trival to compromise the whole computer if they aren't reviewed.
Reviewing extensions is critical to their user-experience.
If this really doesn't have an team of paid staffers, that's unfortunate.
This can be mitigated by having more volunteers (or paid staff (or both)) to help though.
Nobody knows what it checks for or how it works.
For example you can no longer set the User Agent string on a per site basis natively in Firefox preferences . This would be very handy to force HTML5 video on BBC News when you don't want to install flash . I only discovered this setting was deprecated by finding that bug report whilst researching the blog post.
To me, that's the way Firefox should work: a fast, lightweight browser, with a powerful extension system.
I get disappointed when Mozilla add "features" to Firefox, like PDF viewers, Pocket, etc.
I'd have no problem with Mozilla releasing a separate PDF viewer, either as an extension, a standalone application or even a Web site. I also have no problem with Mozilla setting Firefox's default PDF application as a stub which downloads their separate viewer. But it shouldn't be built in to Firefox.
In any case, it is not the job of a Web browser to subvert the user's OS setup.
No, because that means you still do have a PDF viewer, but it's whichever the user has installed, most likely Acrobat, which is vulnerability-ridden.
> But it shouldn't be built in to Firefox.
Why shouldn't it? Browsers aren't limited to HTML. They also support plaintext, SVG, many image formats, XML, and so on. What's wrong with supporting PDF?
I didn't say "having no PDF viewer in Firefox", I said "having no PDF viewer".
> Browsers aren't limited to HTML. They also support plaintext, SVG, many image formats, XML, and so on. What's wrong with supporting PDF?
I would call that feature creep; even so, there are still a few differences:
HTML provides mechanisms for embedding images, so trying to support some common formats in the browser is a reasonable approach. A better approach would have the OS handle image formats, eg. like the datatype mechanism in AmigaOS.
The example image formats at  include single-page, non-interactive PDFs. Supporting such an image format might be reasonable, although I've never seen such a thing used in the wild. That's not what Firefox provides, though. Instead, it provides a whole application embedded in a tab, with a GUI for navigating around documents. The equivalent analogy for images would not the facility to decode the format; it would be the bundling of a whole image browsing GUI like Gwenview, which I certainly would object to. As it stands, FF treats a standalone image file as if it were a standalone img element, which is perfectly reasonable. The same goes for plain text, which FF effectively treats as if it were in a pre element. Again, it doesn't provide a special application for navigating text files.
SVG is also specifically mentioned in the HTML spec, hence providing browser support for SVG isn't straying too far from providing support for HTML. Again, FF doesn't provide a embedded GUI application for navigating SVGs (unless you count the Web Inspector stuff, which also has no place in the browser and should be either a separate extension or rolled into Firebug).
XML is just a syntax, which browsers need to support if they want to support XHTML, in the same way they need to support UTF-8 as a syntax for representing the text in HTML documents. Hence it's completely in-scope.
Ironically it had a vulnerability last week, but that's ONE and that's why it got so much attention. Adobe Reader and similar have had hundreds.
This seems like a uselessly fine-grained control. I was surprised to hear that they ever supported it.
It's very useful for sites that complain or even block you from visiting depending on your browser, which you'll undoubtedly find if you venture far enough on the Internet.
Two details: the extensions need to be signed by Mozilla, and only US English speakers will be allowed to disable this requirement.
The point of free software is that users, individually and collectively, are free to modify it as they wish, without requiring approval from third parties. (And of course to use, copy, and redistribute.) This is a sharp turn away from the free-software ethos that made Firefox possible in the first place.
I understand the issue of users being tricked into downloading and installing malicious extensions. If you let someone program, they will be able to paste malicious code. I just don’t think that taking away users’ ability to modify their own browsers is an acceptable solution to that.
If this disturbing move sticks, Mozilla will become an increasingly tempting target for whatever group wants to control what software you can install on your own computer — whether that’s Sony Pictures, the NSA, or Amazon.
The old free software movement has died. We need a new free software movement.
I think they removed alternate signature checks from the base code (may affect other browsers), and the preference to disable Mozilla signature checks is a global switch. So they've made things even harder than they have to be for those who don't want to comply with the new model.
According to Mozilla, they have to do this because a user who has control of their OS might install malware and might grant it root/admin privileges. Such malware could not only tamper with extensions, it could tamper with the permission and preference systems and other key components and files. IOW, if Mozilla continues to pursue this policy, we may be looking at the beginning of a more comprehensive lockdown of Mozilla applications.
It might be wise to try to hold the line somewhere. In general, we aren't going to be more secure if we allow ourselves to be locked into simplified configurations that suit the mass market.
Might? This happens very frequently.
> might grant it root/admin privileges
They don't need to, if you have the browser you have all the good stuff.
Do they assume that non-English speakers are just drooling baboons who cannot decide this for themselves unlike English speakers?...
ESR has some bits about "Learn English if you want to code" - but politics of it aside, this isn't even about coding. This is about using a plugin that someone has not signed (like, for instance, RES for Chrome which for the longest time did not have a Store entry iirc).
Why would using the lingua franca that everyone agrees on be imperialism?
We should stop self-deluding ourselves in believing that English exits in a geopolitical void. English is the language of the anglosphere, and speaking English is a huge favor to those economies, and that comes with a sense of cultural inferiority as well, in many peoples.
Aviation is a curious industry. English is commonly spoke between flight crews and ground stations world wide (with few but notable exceptions). Circumstances where the English meaning of a word wasn't well understood by the flight crew or the wrong words were spoken have, on occasion, lead to disaster--Avianca Flight 52  comes to mind, among others.
I simply cannot agree that mutual intelligibility is bad simply on the merit that it somehow creates a "sense of cultural inferiority."
What I'm suggesting is that having a standard for communication is less likely to put lives at risk. I can't help but wonder if you're invoking Poe's Law by advocating from what is arguably an extremely fringe standpoint.
Otherwise, the alternative would be to require air traffic controllers to learn a dozen languages, and then you wind up with an even worse problem than having everyone settle on a single language with codified standards.
Didn't the Browser Wars teach you anything? :)
You've been on HN for over six and a half years. Surely you can't be this jaded or obtuse?
That freedom is absolutely, unequivocally preserved: The entire source to Firefox is available under OSI-approved libre licenses.
APIs change, but the freedom of the software isn't determined by its exposed APIs, but by your ability to exercise the Four Freedoms enumerated by the FSF at http://www.gnu.org/philosophy/free-sw.html. Debian exercises these freedoms with every build of the IceWeasel browser from Firefox's source.
I agree that, yes, in theory, you legally have that freedom. But if Mozilla thought users were practically able to exercise that freedom, there would be no way for them to impose a change like this; all the users would switch to a fork. In practice, maintaining a fork of a major active software project is a huge amount of work and easily to do poorly (think of the Debian OpenSSL hole), and nearly all the people qualified to do it work at Mozilla or are burned out. And Mozilla, if they want to make it harder to maintain a fork, has a wide variety of strategies at their disposal.
(In case it matters, I'm typing this comment in Iceweasel!)
As a side note, it seems to me rather in poor taste to attack my intelligence in the first line of your comment, and suggests that you think your arguments won't stand on their own merits.
As to the English issue, we have absolutely no intent to restrict the signature opt-out to English speakers.
Much like with our Nightly builds, the unbranded copies of Firefox will only be pre-compiled with en-US strings. Additional locales can be added at any time through https://addons.mozilla.org/firefox/language-tools/.
For users that want to disable verification without installing a language pack, the Developer Edition and ESR builds will always allow for opting out and will continue to be released will a full complement of pre-compiled locales.
As a Debian user, I'd like to draw a parallel between these measures and the default requirement for GPG signatures on packages installed by apt, which has been the case since version 0.6 in 2003. These signatures are tools to ensure integrity and provenance, not to restrict your freedoms. Much like with the secure apt initiative, it's entirely possible for users to opt out of these protections after jumping through minimally invasive hoops.
I have been using localized builds from https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-c... for several years - are they not part of the Nightly builds?
I didn't realize that latest-mozilla-central-l10n/ subdirectory existed; I've always gone straight for latest-trunk/, which it turns out is a symlink to latest-mozilla-central/, which only contains the en-US builds. Thanks for pointing that out. I'll file a bug to get https://nightly.mozilla.org/ updated to point to the localized builds.
Said parallel is imperfect. With APT, you can add custom signatures (say, if you run a private or organization-specific repo). AFAICT, Firefox offers no such capability.
I would have no problem with signature verification if, as with apt, users can decide which keys to trust. (And you don't have to download a whole new copy of apt to do it!) But the intent of this announcement seems to be that Mozilla will prevent users from doing that, on the theory that they will make bad choices. Well, some of them will!
But it's far more dangerous to take those choices away from them — that guarantees that they're trusting the wrong company.
And caring about users' security is to be commended.
I think it's just another battle in The War on General Purpose Computing. I like to keep this quote in mind: "Freedom is not worth having if it does not include the freedom to make mistakes."
Yay more botnets.
> Two details: the extensions need to be signed by Mozilla, and only US English speakers will be allowed to disable this requirement.
This is not what is written there. The addons need to be signed by mozilla. The process is automated.
The unbranded version of Firefox is distributed with the English locale. You can install other language packs.
Firefox Stable and Beta can't disable the signing requirement. Firefox DevEdition, Nightly and Unbranded can.
There is nothing wrong with the free software movement just because someone does something disagreeable---that's like saying there's something wrong with your operating system because you have malware on it.
"Users should have the choice of what software and plugins run on their machine."
"Firefox is dedicated to putting users in control of their online experience"
"Firefox Puts You in Control of Your Online Life".
The slogan, as found on https://www.mozilla.org/en-US/firefox/new/ , is now "Firefox is created by a global non-profit dedicated to putting individuals in control online." I believe it used to be "users" - see above - but was silently changed. I suppose these "individuals" are the people at Mozilla...?
Lets review what the article says: addons needed to be signed. The process is automated. It takes only seconds. It prevents some malware from spreading.
You can still host your addon wherever you want. This is just an extra step that can actually improve security. It requires more effort by the part of the developer but it also helps prevent some security issues.
Firefox Dev Edition and Nightly will have switches to turn this off. Firefox stable and Beta will not. Do you want to switch this off? Move to more bleeding edge versions. Or pick the unbranded version.
The unbranded version is available only in English and this is a problem that can be solved with language packs which are available in the hundreds.
Heck, this is an improvement to security. You can opt out by moving to a different Firefox version, there are three versions you can use, DevEdition, Nightly and Unbranded. If you opt-in you have an extra level of confidence in the addon you're installing.
Developers take only couple seconds to submit and retrieve back their addons and the added bonus for security is great. This will prevent those pesky spyware/malware from hijacking your browser which is a problem faced by many users that are not as tech savvy as this crowd here.
And yet people throw a tantrum....
I also heard mozilla got an NSL for my "Ed Snowden for president, Find out more on wikileaks" add-on, or rather, I didn't because NSL.
Speaking of which, what about my "mozilla - not protecting Brendan from harm was shit" add-on, is that compliant with the mozilla trademark policy that I need to abide by per https://developer.mozilla.org/en-US/Add-ons/Add-on_guideline... ?
Yes, those examples are a bit contrived, but actually not that much over the top. Also, please note that I do not necessarily condone these things ;)
My point being: Security through tech-enforce policy is nice and has a lot of upsides as you say, I agree, but it also may have downsides you aren't even aware of.
>Files submitted for signing will go through an automated review process. If they pass this review, they are automatically signed and sent back to the developer. This process should normally take seconds. If the file doesn't pass review, the developer will have the option to request a manual review, which should take less than two days.
Right now, the automatic signing will probably only fail if malware is detected. The "Right now" part is what worries me a bit, tho.
Many of us have been using software from Mozilla, and Netscape before them, for decades now. Generally we've been happy with the software. We were more than happy with earlier versions of Firefox, in fact. But lately we've seen changes made that have not benefited the users of Mozilla's software.
Your comment actually describes some of the problems we're talking about. Users and developers now have to jump through one hoop after another just to get a basic installation of Firefox working.
It wasn't always like that. We used to be able to download a sub-10 MB installer, run it, and have a usable installation of Firefox ready for use.
Now we have to choose from the "correct" stream, download a 40 MB or larger installer, run it, change numerous about:config options to allow us to install our own custom unsigned extensions and to disable unwanted functionality that Mozilla has added, manually remove unwanted toolbar buttons, install a number of third-party extensions that also fix additional problems introduced by Mozilla, and in the end we're still stuck with a user interface and a user experience that isn't very good.
Now if we're developing extensions, we'll have to also jump through more hoops thanks to this signing process. You say it "takes only seconds", but I've seen enough comments here from other developers saying they've been waiting months for reviews. That's not acceptable.
Firefox used to get better with each release. A new release of Firefox was something we'd look forward to. But lately, each new release of Firefox has brought us new problems to deal with, without bringing any notable improvements.
Repeatedly disappointed people will express their disappointment. Don't misinterpret it as "hatred". See it for what it is: disappointment!
>It wasn't always like that. We used to be able to download a sub-10 MB installer, run it, and have a usable installation of Firefox ready for use.
The Web Platform advanced a lot in the last few years. A lot has been added to browsers. They are no longer a simple HTML engine with some CSS and bad JS engines. Browsers these days are almost their own operating systems for good and bad. They have so much stuff going on between all the multimedia features, multiple JS engines and compilers, there are lots of stuff going on. Browsers are larger because the Web grew a lot (not in the sense of size but in complexity)
> Now we have to choose from the "correct" stream, download a 40 MB or larger installer, run it, change numerous about:config options to allow us to install our own custom unsigned extensions and to disable unwanted functionality that Mozilla has added, manually remove unwanted toolbar buttons, install a number of third-party extensions that also fix additional problems introduced by Mozilla, and in the end we're still stuck with a user interface and a user experience that isn't very good.
Firefox has always been customizable and the about:config feature enables lots of under the hood tweaks that are not possible everywhere. Making Firefox your own its part of what makes it great. Its a browser you can change to suit your needs, thats less common than people think. Your needs are not the same needs of others. As for running your unsigned extension, there will be six versions of Firefox available (stable, unbranded stable, beta, unbranded beta, dev edition and nightly). Of these six, only two will force addon signing. All the others are a tweak away.
> Now if we're developing extensions, we'll have to also jump through more hoops thanks to this signing process. You say it "takes only seconds", but I've seen enough comments here from other developers saying they've been waiting months for reviews. That's not acceptable.
Please don't mix addon signing with AMO review, they are different process with different objectives. Addon signing happens in seconds because its automated. The signed addon is returned to you in seconds and you're free to distribute it as you see fit. Now, if you want to have your addon on AMO then you need to submit to AMO review which may take a long time due to the lack of people and the overall complexity of reviewing that type of code.
Okay, I want a branded Firefox. I don't want to run a dev edition or nightly. My choices are stable or beta. I probably don't even want beta, but it doesn't really matter. So, I don't really have a choice here.
I can see why signed extensions are a good thing, but removing the option from about:config is unnecessary.
Nightly comes with obvious stability and security problems; I don't know about "dev edition", but wouldn't be surprised if it isn't kept up-to-date at the same rate or comes with some presets regarding UI layout or otherwise that are annoying to someone who is not intending to primarily use it as a testbed.
Then it would work like it used to (installing bullshit extensions, wrecking the browser overall, and being damn near impossible to remove)
In other words, if malware can open up the configuration of a separate program and alter it, then malicious browser addons are probably the least of your worries.
Plenty of malware runs as the user rather than the admin, so they can install an extension in your profile or change a config setting but cannot rewrite the Firefox binary without an additional exploit.
Similarly, code signing is increasingly common so an attacker who wants to replace Firefox would need to have their own signing certificate and that offers a way to track down the malware authors.
Yes, none of this works against a complete system compromise but security is all about defense in depth. It would be irresponsible not to protect millions of people just because you cannot do so perfectly.
And malware can do all sorts of nasty stuff when it's installed, but the issue with extensions specifically is that they are synced and they can run arbitrary code, so malware that can install one on machine A will instantly infect any other machine that firefox is synced to, as well as silently re-installing if you try to remove it. Plus the extension itself has the ability to download and run additional malware.
I saw a particularly nasty setup one time that a chrome extension downloaded a payload and ran it which would re enable/reinstall the chrome extension if it was removed, and the extension would reinstall the payload if it noticed it was missing. The only way out was to either wipe the chrome profile and machine, or be really quick and remove both of them at the same time.
It's obviously not an ideal solution (to block all unsigned extensions), but but when the options are:
1. Let malware run rampant unable to really combat it in any way (while letting it use your software to spread)
2. Castrate the entire extensions system to make them 'safe' (basically turn them into glorified web pages with the same restrictions and all)
3. Disable unsigned extensions and play the wack-a-mole game in a way that you can actually win it.
The option which works out the best for the vast majority of users is number 3.
4. Have the browser executable perform some sort of integrity check on the settings file to detect if it's been tampered with by something that isn't the browser (which admittedly isn't robust, but it's a start and eliminates at least the more simplistic malware).
5. Implement encryption on the settings file so that it can only be read or modified if unlocked with a user-configured passphrase (such as that used for Firefox Sync).
6. Use an additional config file with the same permissions as the browser executable (i.e. requiring administrative privileges to modify) for critical security settings like whether or not unsigned extensions may be installed, thus preventing user-level malware from editing it.
7. Don't sync extensions automatically (as a Firefox user with several machines, extension autosyncing is actually more annoying than it is helpful; I'd really like to be able to selectively sync certain extensions - like Tree Style Tabs and Greasemonkey - while keeping others (like themes) local to specific machines). This solves the problem of malicious addon propagation that you mentioned, since said propagation would require user intervention.
5, 6, and 7 would be much more useful in Firefox than Pocket/Hello integration, builtin PDF readers, or any of the other cruft that's started to creep in. In fact, I'm pretty sure 6 is already possible through that enterprise configuration addon (I know firsthand that it's possible to have settings locked down to administrator-only access through that).
Regardless, my other point is that by default, if malware can manipulate Firefox' settings, it can manipulate other things that are just as bad as malicious extensions (like one's stored passwords). It's already possible to mitigate password storage risks by setting a passphrase on one's password cache, so I see little reason why #5 shouldn't be possible, too.
Dev Edition is kept up to date. If you check Firefox Versioning workflow, you will see that Firefox DevEdition replaced aurora which was the version between nightly and beta. Its kept very up to date, there are daily updates on the Dev Edition channel. Also the Firefox UI is fully customizable, just click the menu icon in the toolbar, choose customize and start replacing things you don't like.
They've seen Firefox's UI change for the worse in so many ways, even in the face of wide opposition.
They've seen unwanted bloat, like Hello and Pocket, forced upon them, again in the face of wide opposition.
They've seen their requests for bug fixes and performance improvements go unheeded, sometimes for years.
The easy use of extensions has been the only thing keeping many of these people using Firefox. They've been using many extensions to undo, as much as is possible, the unwanted changes that Mozilla has made.
I use Firefox Nightly, and was recently surprised when, after an update, some custom extensions I had written myself were not loading, and could not be easily enabled. When I found out it was due to this, and I had to start adjusting about:config settings, it was nearly the last straw for me.
I don't want to use another browser, but it's like Mozilla is doing everything in its power to make using Firefox a bad experience for me. I know I'm not alone. We've already seen Firefox' share of the browser market drop from well over 30% to a level of around 10% today, if it isn't actually lower than that.
It's truly sad to see what's happening to what was once such a great browser.
I think the real reason many people are angry is that their demographic isn't catered to. I'm part of that demographic, and it does annoy me sometimes. However, unlike Debian/systemd, I find the tradeoff definitely worthwhile.
Hello and Pocket are just two buttons in a toolbar which you can remove.
It is really annoying to have to watch the Firefox news and other channels to get this kind of information, reason about it, and then make my choice regarding what to do.
Browsers for me are a tool to get my work done, and I don't want to spend my time shaping my browser every time some people in Mozilla decide to change something.
There are two solutions I see:
1. The cynical/pessimistic one: the web is broken, all browsers fail to various extents, and one needs to pick one's poison - Firefox is the least of evils, hence I will continue using it with increasing dissatisfaction.
2. The optimistic one: Firefox and Mozilla will eventually get back on track, and revisit their old values - I find this harder to believe as time passes by.
I would have preferred to see bugs fixed, rather than features that undeniably belong in extensions. Even if it'd been issues that don't even affect me.
At least in the case of Pocket, the current browser marketplace seems to disagree: Chrome is the only major browser without a built-in reading list. When it came time to add similar functionality to Firefox, we could either build and maintain our own service and integrations, or we could partner with an established player with sane privacy and data access policies.
We chose the latter. Pocket is already integrated into literally hundreds of applications, and it started life as a Firefox add-on. Embracing that is a reasonable choice in terms of utility and sustainability, as Pocket themselves are already maintaining SDKs and applications on all major platforms.
(Why this is built into the code and not shipped as an add-on was, iirc, an architectural quirk that will hopefully be rectified.)
I myself like Australis but I'm also someone who's loved Chrome from the beginning. That said I think it was a mistake to turn Firefox into Chrome. They should've released Australis as a separate browser like they did with Firefox in the Mozilla Internet Suite days. That way they wouldn't have alienated so many users and their core user base would've been secure while they experiment with big user facing changes.
These days I'm more disappointed in what they didn't add to the browser like built-in ad-blocking and tracker blocking. I understand they have this view that the web needs ads but that doesn't mean it needs third-party ad networks. Just like popups they degrade the user's experience. More importantly they also compromise the security and privacy of the user. Clearly they are a practice that should be fought against. That they haven't tells me they are no longer an advocate of the user but the site owners.
Try opening a private browsing window in Nightly and see what you get... ;-)
Edit: Here's a screenshot for folks without Nightly handy. http://imgur.com/5khKObb. This is still a work in progress, but we're getting there.
Do you know when this will make it to the stable release or when it will be on by default?
I'm not sure what you're asking. It's trivial to remove the block for open source contributors, and in fact Iceweasel etc likely won't have it.
But for people who download Windows binaries (or get automatically updated) it's a godsend.
I think the average HN reader should go out there once and look at the typical household PC. Bring eye bleach.
Arguably this change might give users more control: Trojan horses can no longer secretly side load malware.
You could argue that as long as users can still download a disk editor and change any byte of the disk on their machine they still have control (in fact patching out this signature check could probably be done with a single-byte change to the binary...); the problem is when this control is made more and more difficult.
Anyway, they are both measures taken to stop malware, by taking an option away from the user, that most users won't even notice, but many "power users" will be inconvenienced to varying degrees. I'm guessing Firefox's won't be as bad, since the "developer version" that will let you keep doing the old way probably won't differ from the normal version as much as Chrome's does.
I switched to Firefox since it let me have more control over my own browsing experience (and gave me a good excuse to extract myself just a little bit from the Google hivemind). I'm extremely annoyed to see that Firefox is now going down this route too.
There are FOUR VERSIONS OF FIREFOX WITH A SWITCH TO DISABLE THIS if you're so inclined. You can use: Nightly, Dev Edition, Unbranded Stable and Unbranded Beta. All of which have a switch that you can set to disable addons signing requirement.
In contrast there are only two versions where this is a requirement, Stable and Beta. If you doubt the usefulness of this you haven't seen a browser being hijacked by malware overriding search results, inserting all types of toolbars and more. This will prevent malware from sideloading extensions. And this is good.
The signing process is not the same as the AMO review process. The process takes only seconds and the signed addon is returned to the developer. They can distribute as they see fit.
Now, lets face the fact: Simple signing process that takes only seconds and will help prevent lots of malware, not the most nasty ones but a huge lot of sideloaded crap. Four versions of the browser for those power users who want to disable this.
Now, can someone explain to me without hate why this is a bad thing?
While that may be true, requiring that you run a non-standard version of Firefox to be able to use "random" extensions will probably have a chilling effect on the Firefox extension ecosystem.
That, and it reeks of Chromeism.
The versions I quoted are not non-standard. They are all versions of Firefox being worked on and with all the relevant teams. All those versions eventually become Firefox Stable and after that becomes outdated and a new release is now current. Versions goes from Nightly -> DevEdition -> Beta -> Stable. Each version has some tweaks, for example DevEdition is where they seed and test new devtools. Which means that for the developers, thats the best edition to develop with (still test on the other versions).
Telling people what browser to use is user hostile behaviour. Users will not bother. Non-official extensions will get less interest. Authors will see a smaller user base and have less interest in writing new extensions.
This will have a chilling effect all over.
The assumption being that developers need to test as they develop. And are a more informed user.
(In addition to people always being able to recompile the browser with whatever modifications they want, of course.)
Developer edition is what used to be known as "Aurora", which is in between Beta and Nightly.
"There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build."
Because of that, I was definitely considering to start releasing it on my own, instead of through Mozilla's add-on website. It looks like I will be able to do that, but I'll have to use the signed extension process.
I'll believe this system works when I see it. After my experience with add-on reviewing, I am very skeptical.
Now please tell me how to do a Windows release-build with all release features enabled (except for official branding), aka. a ton of configure switches, and also please do it for my language using the official de locale, because neither the source tar.bz2 nor the hg you'd normally clone contains that. I'm starting from scratch of course.
And suddenly it is less easy and trivial..
Tweeted to Chris Beard: "Dear @cbeard, please give your users the choice and control they deserve in @firefox. Allow extension signing to be disabled in FF42."
You want to protect the user, then start making extensions more secure and require permissions to do things. E.g. If an extension can access contents of webpages, pop up a dialog and ask the first time. There are other ways to protect users without going authoritarian on us.
Now, let's just hope that the other side of the coin is a concern for API backward compatibility, so that people don't need nightly versions of addons and a developer edition to keep their addons in a usable state...
EDIT: It passed the automated review, but my point stands. If I wrote the code, then you can be damn sure I trust it.
Mozilla has to balance the needs of several hundred million users, who are being attacked by malware every day, with the needs of people who write their own add-ons. Is it really that difficult to see it from that perspective? And it's not like you have no options now. You can either use the developer edition or the special release version where this feature is disabled.
"What are my options if I want to install unsigned extensions in Firefox?
The Developer Edition and Nightly versions of Firefox will have a setting to disable signature checks. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build."
- Special version of the software
- Can't run my own version of AMO
You can, AMO is open source: https://github.com/mozilla/olympia
Run your own instance and make your own builds of Firefox that point to it and you're good.
Yeah, let me just get all of the potential users of my AMO alternative to compile a custom version of Firefox for it
https://addons.mozilla.org is an integral part of Firefox, if you set it up with an alternative you're effectively making your own fork.
And no, I'm not in a corporate environment. I'm talking about decentralization.
The issue is that most users don't understand software on a deep level, and just click "yes" on dialog boxes, etc.
It does make sense to keep the defaults where it prevents most users from harm.
And by experience supporting users, this is not how bad extensions get installed on the system: they're pulled in by malware which gets installed by other means.
This is only going to irate legitimate extension developers, which already have to wait weeks for AMO to review even the most basic change. I've been distributing extensions separately precisely for this reason.
2) Politics(especially taxes & wars)
Specialisation always was this species strong point. Acceptance that the user might have his strong-point elsewhere and is so nice as to not harass you with his worldview. Imagine if you went into your local bakery, and there behind the counter stands a guy all in white:
"Good morning. Try our donuts today. You could make donuts too. Its easy. Come on ill show you. And then you will be self reliant when it comes to donuts. There are thousands of great recipes online - okay, some are broken, but you dont get to become a expert in donut making - without giving a little bit back..
Sir, Sir - you forgot your Donuts. Maybe he is diabetic and forgot - or evil cooperate donut buyer - or the one dough ring to bind them all is too much of a power.."
With great specialisation comes great loss off understanding on other parts of your life.
Literacy took much longer, but the benefits are clear today.
Wait, did we have an extension-caused apocalypse recently leading to this requirement ? Erm, I guess not. So why do we exactly need it ?
Firefoxs plugin development is already a pain in the ass. They should focus on making it simpler, not giving more reasons to fork it.
Fdroid is working on third party repositories, maybe that will catch on to decentralize the mobile world a bit. Something like that for browser extensions would be sweet. Take a look at Fennec Fdroid for a cleaner Firefox mobile experience at least.
If you allow a tick box to disable this, then how do you stop the junkware authors from simply checking that box on behalf of the user? Because that's what would happen, the user would click "next" on some random installer (which the junkware authors argue grants them expressed permission to install), and the junkware will claim they tick the unknown sources box to fix a "backwards compatibility issue."
What they're trying to do is make the option to disable the check SO niche that it really isn't a valid option for the junkware authors to use anyway (since most consumers won't have it, only corp. networks which are a hard target for junkware for other reasons).
Have you read the article? In the FAQ section they explain which versions of Firefox you can use if you don't want this requirement to occur.
(So as I Debian user I don't really care, but it worries me slightly for the future of Mozilla.)
What about private add-ons used in enterprise environments?
We haven't announced our plan for this case yet. Stay tuned.
In the interim, ESR will not support signing at least until
version 45, which won't come out until 2016.
Allow an extension signing certificate to be place in a directory/store which requires elevated privileges to modify (ie /etc/ or similar).
Extensions in the user's profile signed by this certificate will load as if they were signed with the Mozilla certificate.
If the user has enough privileges to add an extension signing certificate then they also most likely have the ability to modify the Firefox itself, I think this addresses any concerns that this method could be used to load malicious extensions (if the user is willing to run unknown executables with elevated privileges then extensions with apparently valid signatures are the least of their worries).
This allows enterprises to sign and distribute their own extensions, with the additional step of creating and distributing the signing certificate, and could work also work for home users.
When Chrome came along they decided to go in a different direction entirely slowly making it more and more painful to accomplish what used to be easy in the name of security. The review process went from automatic if you were trusted to weeks and then months and then more than a quarter year. They started demanding source code. It became scary to release to addons.mozilla.org because you never knew how long it would be before your next release would be approved.
Mozilla needs to realize they're hastening their own demise - Chrome now offers better features than when Mozilla was the leader including releasing to a percentage of users and faster nearly invisible to the user updates. They should go back to their roots and embrace developers again.
I was recently searching for user agent switcher add-ons as part of a blog post  and almost all have -signed in the name. To some people it could look like the un-signed ones are more stable and better.
>No, the purpose of this is to protect users from malicious add-ons. We have clear guidelines for when it is appropriate to blocklist an add-on and have refused multiple times to block for other reasons.
Copyright, DMCA, and legal concerns are not listed. So I take that to mean nothing will be rejected from signing for those reasons. Hosting on AMO has stricter rules, so they could sign the extension for you to host, but refuse to host it themselves.
If tomorrow Mozilla can shut down any extension, the calculus changes. Forcing Mozilla to kill ad blockers still makes EvilCorp look like assholes, but it might be successful. There's a big upside now, so much more reason to try and force Mozilla's hand.
(Btw, I wouldn't say a U.S. liberal will automatically sit on the right of the European discourse, today. Traditional socialism has virtually disappeared as a political choice in Europe as well, so really there is very little disagreement today between a U.S. liberal and a European with mainstream social-democratic sensibilities -- except maybe on foreign policy.)
I know that some Mozilla supporters will justify that huge difference by saying, "but unhappy people will always complain and happy people won't say anything", but I don't think that's necessarily the case. Here we have Mozilla's own stats saying that a lot of their users are extremely unhappy with Firefox.
Clearly something is very wrong for the disapproval rating to be so high, and the satisfaction rating to be so low. In other situations, such a high disapproval rating would be met with extreme concern, immediate retrospection, and panic.
Even in the case of US presidents, where people don't have an immediate alternative like they do with web browsers, and where people's emotions run rampant, it's very rare to see an approval rating under 40%. The very worst approval ratings still are around 25%.
So something is seriously wrong for Mozilla's products to consistently have an approval rating of only 10%, or even 20% if we're being generous.
Firefox for Android is a fundamentally different beast from the browser on Windows/Linux/MacOS. I am quite happy with the desktop version, yet I find the mobile experience quite underwhelming.
If you limit the selection by platform, on Android it will even show "100% sad, 0% happy" -- Mozilla has some work to do there. On Windows 7 you get "81% sad, 19% happy". Still bad, I agree, but don't just dismiss the inherent bias of a feedback system. And compare them to the stats for competitors, too.
"I accidentally installed a prank addon/script (can't remember the name or which one, though it did come with a clear warning). Now my Facebook comments are garbled (scrambles text (makes it worse when I use punctuation-multiplies it). Please use and add some malware cleaner in some future update to get rid of this nasty prank script/addon. I use Stylish addon and I'm guessing I got it from this! Makes using Facebook defunct and troublesome!"
Mozilla Heartbeat is constantly asking for ratings from a random sample of Firefox users.
The Heartbeat rating for Firefox Desktop is currently about 4.3/5- or 86%.
P.s. Despite the amount of negative feedback in Input, the portion of feedback which is positive is about twice what it was in May.
Input is anything but representative, it's not meant to be. It's there to catch things as early as possible.
I've been reading Mozilla's bug system for 17 years and the bug numbers keep going up. That can't be a good sign.</sarcasm>
I've written Firefox extensions for personal and business use, and Mozilla are preventing that from every happening again. Why? Cui bono?
I'll mention, again, that they completely broke the security of Firefox Sync: it's no longer a trustworthy place to store passwords. Why? Cui bono?
So I suspect it's to the benefit of the "average user" if that's what you are asking.
I'm going to step outside of HN for a minute and say that in my work I work with people who rely on the Internet, but have no concept, and I mean none, how it works. They do not understand that when they create a Yahoo email account that no one can help them when they forget their password. They do not understand that if you type "yaho com" that you are not going to get anywhere (until auto search came along, that is). I've come to realize that Internet safety is not a simple set of rules, it's a complex understanding of the whole ecosystem that can't be readily taught in the time I have with these users (and never taught to some). I can't explain why I click on links in some emails and not others, so I just say "don't click on links". I can't explain why you shouldn't use the same password everywhere to someone who needs to reset their password literally every time they log on, so I just tell them to use the one their friend or child has written down for them. It's terrible, but I get it when vendors draw a line in the sand and say "this is to protect those users."
That said, as a user who does understand, there's an element of frustration. Hopefully they bury an override option somewhere, or maybe just add it to their ESR but I doubt I would ever use it.
Or using any other channel to get your extension.
!Thanks Mozilla, really.
Also, as a developer, I never cared to run the "nighties": I don't want an unstable browser, and I don't want fancy new features. I always ran the stock version, also to ensure compatibility with the user base, and never needed anything else.
Maybe Mozilla should also remove the developer tools from the stock version, because clearly it's too dangerous in the hand of people that could cut&paste code with full privileges into it, and it's only a keystroke away!
This is a giant slap in the face, frankly.
I don't see a difference between a walled garden such as google play and this.
I wonder if I can have a refund? I'm very disappointed in how Firefox has aged.