Chrome doesn't sign extensions though, and getting them listed isn't anything more specific then a 5$ charge—how can you judge whether its "hardly a dealbreaking change" based on that?
Each vendor is moving at their own pace and in their own way, but the endgame is clear. With that comment, I was also referring to the depreciation of XUL more than the signing requirement.
No, its absolutely not. The new firefox addon signing requirements are a hundred percent more restrictive then the requirements to get listed on the chrome store.
Wrong. Chrome IS more restrictive, they don't allow non-Chrome Store add-ons AT all. With Mozilla's implementation all non-AMO add-ons need to do is go through the automated signing process. Which only takes a couple of minutes, at most.
> they don't allow non-Chrome Store add-ons AT all
This is wrong. You can drag and drop an extension into the Chrome extensions folder (or enable the developer mode in the extensions page) to install any extension in Chrome.
> Judging by the number of users on Chrome, it's hardly a dealbreaker change for most. Signing & locking down extensions is a necessity. Anyone who has to deal with the user side of IT will attest to that.
Fewer people might need the flexibility, but Mozilla effectively dictating the browser experience still seems excessive. Comparing it to Windows, it's almost akin to Microsoft requiring signatures on all software that can be installed.
> Comparing it to Windows, it's almost akin to Microsoft requiring signatures on all software that can be installed.
The equivalent of a Windows app is a Web app. Nobody is requiring signatures on all Web pages that you visit.
A better analogy would be Windows requiring signatures on all kernel-mode drivers that you install. Which, in fact, it does, and has for 8 years now, starting with 64-bit Windows Vista.
Requiring code-signing is fairly controversial by itself, but even still, comparing add-ons to drivers isn't really accurate. For monolithic systems, drivers imply kernel mode, which implies Ring-O privileges, which also implies root access. An add-on is restricted to user privileges or less.
1. If the browser is an operating system (which it is) then the browser itself is naturally "ring 0". An example of where this matters is the fact that Hacker News can't access your bank account, while addons can. It is hard to imagine anything more security-sensitive than your bank account.
2. "An add-on is restricted to user privileges or less" doesn't mean much for the Firefox addons that are affected by this—they run with full user privileges, which for many attacks (malware, spying, TLS interception, keylogging, etc.) is close enough to ring 0 as to make no difference.
There are security vulnerabilities, I don't think anyone in their right mind can deny that. Ultimately they're no different than being able to install software on your computer though. So, assuming reading your bank account were a user-level privilege, nothing prevents software you install from accessing it. As long as you can install software, you can install malicious software.
Theoretically, gpg could be capturing my key password. It couldn't capture other peoples' key passwords though.
Said add-ons can also access your entire browsing history, listen to you type in your passwords to your online banking account, get access to your emails and hence online identities, and generally know everything there is to know about you in a very short amount of time and code.
I'd argue the threat here is that malicious extensions at this level can be done by somebody with little to no experience, compared to kernel extensions which actually require some modicum of skill.
Requiring signing is a recognition of the fact we are increasingly moving our lives online, and hence into the browser.
Add-ons can do malicious things, requiring signatures doesn't stop that and it could even give a false sense of security. However, I think the major concern with signatures is the authority aspect.
You're absolutely right, as indeed pcwalton says above - but it's a step in the right direction from "let anybody have access to anything they feel like".
