So, Addons are mostly reviewed by volunteers. Sometimes people make mistakes. The best course of action is to try to reach out for the AMO team on IRC or their mailing list.
- Addons forum is at https://discourse.mozilla.org/c/add-ons
- All contact info for AMO dev stuff is at: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons#Con...
- Developer Hub for addons is at: https://addons.mozilla.org/en-US/developers/
There is no need for FUD or conspiracy theories. We can just talk to people and find out what happened and maybe revert it if possible.
There seems something off when spyware infested stylish remains an acceptable addon and this gets arbitrarily blocked.
A vague "try and reach out" doesn't, to me, seem to come close to an appeal process.
Usually from your add-on admin dashboard you can reach out to the team and send messages to the reviewers, right from the same tool you use to admin everything.
That’s a design problem - if the voting system made things become more visible, then likely fewer people would feel the need to shout. That has its own drawbacks, though.
It’s a hard problem building anything remotely social. I don’t think they realised what they were putting themselves into when they were building Issues.
"It appears that your Add-on violates the Firefox Add-on Distribution Agreement and the Conditions of Use. Both prohibit Add-ons that violate the law. Your Add-on appears to be designed and promoted to allow users to circumvent paywalls, which is illegal.
We are responding to a specific complaint that named multiple paywall bypassing add-ons. It did not target only your add-on."
I'm really disappointed at Mozilla regarding this. I recently wanted to do some Firefox customization for my own private use (not even an extension, I just wanted to have some visual indication of which Firefox windows belong to which profile). I was surprised to find out that even just a header .png in a theme can't be loaded locally but must be on-line and vetted by Mozilla. Utter craziness.
Mozilla is, to some extend understandably, concerned with the image of Firefox and patrolling what Addons are available in the store is part of that. Apple does the very same thing.
This is a non-sequitur. Reviewing things on their addon store has nothing to do with requiring a mozilla signature for sideloading.
One is happening on their property. The other is happening on the user's property. They also want to exert control over the latter, which is causing these problems.
It's a big annoyance for me too, because I use private extensions extensively for some business stuff (used by the users here), but had to switch to a different mechanism (because I don't want to deal with verification). It sucks for me, but I totally understand why they are doing it.
And the decision to not even let users add additional signing root keys is yet another axis on the decision space that was totally neglected.
Until you have different access levels and can both restrict users/programs from running at the base level required to do this, and condition users to recognize when increased access is being requested, I don't see this problem going away. Windows UAC is basically what we're talking about, and it still took years to users to understand it and not just always allow it (if that's even true!), and that's a system shared over all of windows.
I think the only sane way to accomplish this that worked for users and didn't cause enterprise admins to totally shun Firefox would be to piggy back on Windows' certificate store and register certificate for Firefox use only (I assume this is possible, I'm pretty sure you can do this for app-to-app communication such as MSSQL encrypted connections), but then you have to make sure you also handle the mechanisms to do the same in Linux and OS X, and now we're seeing it's a much more complex undertaking.
Protecting users from their own stupidity is a tough and mostly unsolved problem. Punting and eating their own resources to provide the safest solution they can, even if it's annoying for a more technically literate subset of users, is a solution I can understand and respect, even if it's problematic for me, because it's putting safety and security the majority of users over a simple solution that would be worse overall.
And I really dislike the "can be socially engineered around" buldgeon. If taken to its final conclusion you would have to lock-down systems and give users no freedoms at all because they could be convinced to do something bad with enough effort.
And yet you don't take the "freedom" argument to its final conclusion, which is that you must grant Freedom -1. That's the freedom for anyone, anywhere, to run any software on your hardware, at any time and for any purpose.
And this is only half-joking: all access restrictions, even ones as basic as filesystem permissions, impinge on freedom in some fashion. You can work around them, of course, but you can work around Firefox's extension signing (and Apple's app signing, and lots and lots of other systems that people insist are objectively reducing "freedom"). Which means that to be consistent, you either have to be against even those basic access-control mechanisms, or you have to compromise on absolute "freedom" and begin arguing about how difficult or complex a workaround can be before you personally would rule out allowing a system to require it.
If you don't like that, you can use the unbranded version of firefox or the dev edition.
This was a change introduced in ~August 2016, to ignore your preferences on that setting.
(As you note in the sibling thread, you can get it in a special development version, but that still contradicts your claim that you can toggle something to allow it.)
2. You have the set of people who can compile the code from source and who want to get outside of the wall.
3. You have the set of people who want to get out of the wall but don’t have the technical expertise to know the dangers of doing so.
4. You have people who have the technical expertise to know the dangers but not the technical expertise to compile code.
I think people in group 4 should learn how to be in group 2, because we have almost four decades worth of evidence to know how badly people in group 3 can do.
Edit: changed group 2 to group 3 in the last sentence.
And I don’t think expecting the user to personally recompile for every update is reasonable, especially if you claim to let users gain control of their machines again.
Googlers working on Chromium dev get maxed-out machines for this reason.
I’m all for platforms being in a wall gardener by default where you have to jump through a few hoops to unlock an “advanced mode”.
And signing up for WDN (Windows Developer Network?) hopefully you would get signed drivers.
You can’t imagine the number of times my mom has done the perfectly reasonable thing of searching for Windows printer drivers on Google and ended up installing crapware from a third party site instead of getting the official driver. Signing requirements from MS would hopefully alleviate that and let advanced users try to figure out how to load unsigned drivers.
(Also tangentially, why are printer drivers still a thing on Windows anyway? Anyone who connects a Mac, iPad, or iPhone to my home network - if I give them access to the non-guest network - automatically can print.)
I'm not dismissing people who aren't as capable as me either, I've mentioned alternative approaches and I'm getting tired of having to repeat "there is the dev and nightly edition" to the same 5 people over and over again.
Mozilla is making tradeoffs in protecting the average user and giving the power users a little bit less freedom unless they use an edition of firefox intended for power users and developers. Simple as that.
You can't live in the modern world and expect all choices to be handed down without consequences and tradeoffs.
The average user cannot be trusted with full control of their machine and it's fairly reasonable to say that power users need to take the extra steps to, for example, install a power user edition of firefox.
I'm asking for: "If the user goes into a deep part of the obscure developer options and bypasses the warnings about unsigned addons, and then uses a non-obvious but documented process for side-loading, something virus peddlers can't really walk users through, then Firefox should honor that while explicitly displaying the list of unsigned addons the users added."
>I'm not dismissing people who aren't as capable as me either, I've mentioned alternative approaches and I'm getting tired of having to repeat "there is the dev and nightly edition" to the same 5 people over and over again.
And I and others have explained how those involve unacceptable tradeoffs and run directly contrary to "give users back control over their machines" ethos, though not, of course, to your extremely limited version of the ethos.
Any such process would have to be difficult for external programs. As it stands, the best way to get verification of such a setting is through the built in binary verification that firefox does, which require that any application needs to reverse engineer and patch the binary to install it's own addons.
Your process requires editing the about:config values, which is possible for an external application and installing an addon, which copies it into a specific folder and is also possible for an external application. We know this is possible because this is what other applications did to install their shitty toolbars.
>And I and others have explained how those involve unacceptable tradeoffs and run directly contrary to "give users back control over their machines" ethos, though not, of course, to your extremely limited version of the ethos.
It seems to me that further discussion is unnecessary considering you continue to ignore significant portions of my comments.
Why? If the user already has a malicious 'external application' running on their system with sufficient privileges to do any of this, then they're already screwed, and they have bigger problems to worry about than malicious WebExtensions.
More generally, I don't think we should hold applications responsible for the security or behaviour of parts of the software/hardware stack at equal or higher privilege level to them, including other applications. Mostly because, well, they can't do anything truly effective in that regard.
I see you're worried about average users unknowingly installing random malicious crap, and I've seen a lot of that myself. I think the way forward is pretty much what is being done on mobile platforms currently: universally applied application sandboxing, usage of existing fine-grained access control models (and also the development of ones that are saner to use), and better communication to the user about what their applications are doing and what the permissions they are requesting actually mean. Yes, it's still a clusterfuck, but it's an improvement.
A security model involving applications in an arms-war with one another, using increasingly byzantine restictions in an attempt to prevent external manipulation, feels less like something I would want any part of, and more like something out of a dystopian sci-fi novel.
: Although I think Google went too far on the "lock things down completely" side of things when they made it outright impossible to, say, use rsync to backup or sync the entire contents of a phone's sd card to/from the network
Most users, ie, the average user plus a significant amount, don't really care that they can't install random addons from outside the addon store.
Mozilla wants their branded Firefox to be something the user can trust and that means controlling what code with elevated privileges (ie, Addons) can run in the browser.
edit: It should be mentioned that in response to the first question; Firefox performs some binary verification and won't run or attempt to repair if it detects tampering.
It's a really long-winded way of saying "we know better, you cannot be trusted, freedom is slavery".
The correct solution is to remove malware, not to play games with it that require freedom-reducing gambits.
I think it's a bit unfair to quote Orwell when the overall goal is to prevent the user from hurting themselves, not brainwashing them into thinking they don't need unsigned addons. If they need those there is the developer edition, which is officially supported by mozilla and allows installing any addon you like.
The default installs that most users will see simply have a different default setting. If you don't like that you can choose another edition or compile Firefox yourself.
As my dear old mom used to say, 'if everyone else were jumping off a bridge, would you?' The fact that Apple constrain their users doesn't justify Mozilla doing the same.
My browser belongs to me, not to Mozilla and not to anyone else: I should be able to load any extension into it that I wish to, just as I should be able to load any program onto my phone or install any root cert in my operating system.
Mozilla does claim to live up to that standard.
 This isn't to say they're wrong; there are legit reasons to want a device with good defaults that are hard to bypass.
Apple constraints their users for certain reasons which they believe are good for the user (with some negative side effects that Apple also likes). Mozilla likely has a similar motive; doing good for their users.
It doesn't mean every user will be happy with that, the average user will however be better off. The non-average user can then install the developer or nightly edition of firefox or even compile it themselves too get unsigned addongs if they so choose. Choosing the branded release branch of firefox means that Mozilla wants to keep you safe to some extend. This means not allowing third parties to install arbitrary addons into your browser, for example. Users rarely know what they want or if they do, they go about it in destructive ways.
Install the developer edition and you get your "I want to be able to load any extension".
I understand that Apple does everything in its power to make the life of developers miserable (such as requiring a Mac to be used for iOS development), but Mozilla were supposed to be the good guys on the web.
Apple's primary aim by limiting the access to the store isn't to make devs miserable, it's to have users trust the app store.
Mozilla's aim is (likely) the same. If a user finds an addon in Mozilla's addon store, then Mozilla wants the user to fully trust that this addon will not violate their privacy in unexpected ways or install malware on their computer or otherwise interfere with them.
Similarly, Apple spends a lot of money on making sure the PR image of the app store is clean. People should be able to fully trust Apple's app store, in Apple's opinion.
That doesn't mean there won't be addons you don't like, it just means that malicious behavior is not allowed. If the user doesn't like it they can remove it without consequence.
They still won't let me install it.
(Good luck compiling it yourself.)
I'm currently running the branded release but I could pick unbranded, beta, dev or nightly editions of Firefox if I wanted. It's not hard to automate and especially with the unbranded version you have permission to distribute the binary that results, a permission you don't have with the branded edition.
You can also use the Nightly or Developer Edition of Firefox as well.
And do you plan to set that all up in the middle of your workday when a forced update disables your extensions?
Plus, there is more ways than developing FF addons to get into coding that Mozilla wants to stimulate, developing the browser itself or websites is also an alternate goal you can join in addition to trying out making your own addons.
Mozilla focuses on maximizing the user's freedom to browser the web without being hindered by harmful addons.
And at the end of the day, Firefox is a Mozilla brand, using the Firefox browser associated with their Brand means to some extend that Mozilla will want to ensure that the average user has a certain experience with that brand. The average user is perfectly fine not installing unsigned addons, which is arguably something the more advanced and above average user might want, who has the full freedom to use a edition of the browser that is explicitly marketed to them, no?
Nothing prevents me from compiling my own binaries and running them on my Mac.
But the issue here (AFAICT) is that Mozilla won't even let you sideload your own stuff on your browser. This is horribly broken.
There's no way to allow that that doesn't also allow crapware / malware installers from injecting stuff into Firefox.
But it certainly guarantees there won't be any apps Apple doesn't like and haven't paid the appropriate fee.
It's incredibly naive to think the primary reason for Apple is trust and security. At least as far as their mobile ecosystem is concerned, their control over what the user can run is a major revenue source.
I'm not saying Apple's intent is pure but there is a primary driving factor behind it, that to my knowledge, seems fairly pro-consumer. Doesn't mean it has other, anti-consumer motivations.
It really isn't. It's to prop up their own services through anti-competitive blocking, to maintain a level of terrifying censorship, and to rent seek on what remains.
It's still bad overall though.
Both points are true and a problem but it's distracting from what this is about, no?
These are Apple taking aggressive measures toward developers. Squeezing them and potentially blocking them from perfectly legitimate apps.
It still means you can separate the good ideas that apple has from the bad ideas. Not everything Apple does is inherently bad or evil because they do some evil or bad things, no?
And this is simply extracting the good part of apple's store policy; patrolling and checking apps so that users can trust what is in the store.
Still costs more than any other development. Where'd you get your's second hand?
All XCode projects are automatically code signed on every build. If you have a developer membership with Apple, it uses a certificate issued by Apple. If not, it's just a locally-generated certificate.
If you use make or call Clang directly, obviously there is no signing process, but there is a command-line tool that you can use and integrate into your non-Xcode build process just fine.
> Please don't impute astroturfing or shillage. That degrades discussion and is usually mistaken. If you're worried about it, email us and we'll look at the data.
The last time I did this it took so long I was able to write my own HTML parser while I was waiting (and I had never written a parser for a context free language before.)
If interested check this plugin out:
I wrote this Hitler parody about it: https://www.youtube.com/watch?v=taGARf8K5J8
Text version: officers tell Hitler that he has to upgrade FF because of bugs but warn it breaks his extension again. He dismisses the importance until they break the news he can't install the recompiled extension even if he says it's okay in about::config. Hitler goes ballistic about how that defeats FF's mission to give control back to users.
Climax: "If every tweak must be personally approved by Mozilla employees, why not just shrink-wrap the browser and make me buy it from Microsoft at Best Buy?"
Epilogue (real-life): Mozilla has now broken extensions so badly that you can't recover some of Pentadactyl's functionality, like customizing key commands. (At least, they won't take effect while on a tab until that tab's JS has loaded. Seriously?)
But hey, at least I get Looking Glass forced on me with a cryptic message that makes me think I've been hacked. That's worth the tradeoff, right?
This was the excuse they used anyway when trying to justify their signature requirements were "not a walled garden". I didn't believe it of course.
You can also just mark the addon as "not listed in AMO" when submitting it to addons.mozilla.org and it will not be listed on the store, but it will be signed.
More details in
When you criticize someone this strongly, it pays to at least acknowledge the reasons they've given for making the decisions they made, even if you don't like those reasons. Here they are: https://blog.mozilla.org/addons/2015/04/15/the-case-for-exte...
That's just a giant gateway for despotism.
> Here is what the creator actually said
> >One of the community reviewers removed it from the store claiming it violated the ToS, which is BS. The ToS never mentions the word paywall once. Please support me in appealing! https://wiki.mozilla.org/Add-ons#Getting_in_touch
> Which sounds more like a zealous community member than Mozilla taking a position.
Corporate power arises through the capability alone, not necessarily its frequent execution.
I think that Mozilla is actually a great company to demonstrate how responsible platforms could operate. Past examples might be Pockets non cloud based recommendation engine or their encrypted user account setup.
> "It appears that your Add-on violates the Firefox Add-on Distribution Agreement and the Conditions of Use. Both prohibit Add-ons that violate the law. Your Add-on appears to be designed and promoted to allow users to circumvent paywalls, which is illegal.
> We are responding to a specific complaint that named multiple paywall bypassing add-ons. It did not target only your add-on.
Frankly, those of us who went to Pale Moon may as well have been the last rats off a sinking ship.
I definitely do not agree with Mozilla on everything, but stating that they are harming their userbase based on your single point of view is moot, to say the least.
And Firefox, a sinking ship with not even rats on board anymore? Come on now.
Howso? I've been using FF forever and I didn't notice this change…
Do you have a source for that? Moz has a ton of data about how harmful to users it was to have an ecosystem full of trashy spam extensions. The leap from "this solution has some downsides" to "this solution's downsides outweigh its upsides" is skipping the most important part of the question.
I wish that this data were available somewhere—not this specific data, but in general. Mozilla's response to community push-back is always "trust us, the data show that this is what's best". If you trust them already, then that might be good enough; but, when this is always their first, and often their only, response to push-back, it's hard to distinguish it from the empty response of someone with no data who wants to avoid questions.
Frankly, there needs to be more community input, more opportunity to speak & act against wrongheadedness. It's part of why I prefer Pale Moon. If something is asinine, I can talk to the head dev and the team. They'll either show the community their sources for making a change or put it to a vote of the active users.
However, restricting add-on installations to a community-moderated app store model is not a secure enough way to do it. It's hard to prove that it helps at all, but it sure is annoying.
The only way to install an unsigned extension is to install the Beta or Developer builds of Firefox, which still honor the above setting. Or, I suppose, to use one of the many forks of the Firefox codebase that restore user choice.
Browser extension malware is a big, big problem in a way that some otherwise tech-savvy people in here apparently don't understand. Why are people so quick to ascribe malice when nobody can come up with even a single potential malicious motive for Mozilla requiring signing of add-ons? There's no profit motive or perverse incentive here. Mozilla doesn't make money from this process. Frankly, they'd make a lot more money if they didn't run AMO at all and didn't bother hiring any stuff to run it and vet extensions.
> Anyone can sign and run their own add-ons, or offer those add-ons for others to use.
And this is consistent with what Mozilla says here: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Dis...
I get where they're coming from, really I do. Malware is a huge problem and the average user has zero clue how to vet extension code. I dunno, I have mixed feelings about the solution. I'm not sure if there's a middle ground to be had.
Firefox Developer Edition is stable but supports unsigned addons.
But I can certainly see your point.
Without a proper log payment disputes can't be resolved legally.
You can do tracking in such a way only the person browsing has a log. In the case of a dispute, the log file can be revealed to the website so they can determine how to resolve the dispute.
In the undisputed case, the website wouldn't see the log.
Taxes mess that up. A large number of jurisdictions charge a sales tax or VAT on sales to people in their jurisdiction and require the seller to collect. Some tracking is necessary in order to figure out what the tax is and where to send it.
That tracking doesn't necessarily have to be at the content provider. The service handling the micro-payments could also incorporate tax handling. The buyer would have to give up personal information to the payment service, but they probably already did when funding their micro-payment account.
It could also be handled by having content providers sell through aggregator sites, with the aggregator sites being the seller to the end user as far as taxes are concerned. Then the buyer only has to give up personal information to the aggregator site, instead of every content provider site that they buy an article from.
Aggregator sites would also help with the costs of dealing with taxes. An aggregator would have enough sales in each jurisdiction for the costs of filing to not be excessive. That's not necessarily true when individual content providers sell on their own sites. Some jurisdictions, for example, require tax collection and payment if you have more than 200 transactions in the past year in that jurisdiction, regardless of how low the total dollar amount is. Sell 200 articles for $0.05 and you've earned $10...and will be paying way more than that in quarterly filing fees.
My prediction is that if we move away from the ad model for funding content providers, we will see a big move toward aggregators for all but the major newspapers and magazines. The websites of smaller newspapers and magazines will just be summaries, and when you click to get the full text it will take you to some third-party publisher that the paper has licensed the full article to, and it is from that publisher that you will buy full access.
I think the aggregator market will end up concentrated in a very small number of aggregators that together have pretty much all of the "professional" content on the web, except for a few major newspapers and magazines that are big enough to justify consumers maintaining separate subscriptions just for them.
> When you pay with Taler, your identity does not have to be revealed. Just like payments in cash, nobody else can track how you spent your electronic money. However, you obtain a legally valid proof of payment.
If you don't want to see ads then fine it's your computer.
But Brave is hijacking ads by force then strong-arming websites to sign up to their own shitty crypto currency if they want to be paid. It's basically an extortion scheme, or a mafia stye "protection scheme"
I bet that's a common battle ground between consequentialists and idealists.
Fun aside, I don't think the comparison holds up very well. I don't think that anyone has a right to execute code on my devices just because I'm browsing a website. In this concept, "hijacking" ads is completely void of any ethical meaning.
Braves platform attempt is still not very good. A good solution for paying content creators would need to be open, decentralized and accepted by the stakeholders involved.
In that case, you requested the page and allowed them to.
When a user views a website using Brave, that website doesn't get paid.
There may be extra ethical concerns due to Brave's model, but there's no way you can claim that Brave is "strong-arming" websites.
Cartelize on-line journalism. Make the 4th estate official. Create a pseudo-governmental entity like the US post office, Fannie Mae, or the Fed. If you have an Internet connection, you have the option, through your ISP, to pay $X towards journalism on the web. Your ISP will then cryptographically vouch for any request that goes from a paying subscriber to a cartel member site, such that the member doesn't know exactly who the subscriber is. If you're on a foreign network provider that doesn't participate, you'd have to get crypto keys and a standalone program (or browser add-on) directly from the cartel (that could make you identifiable), or go through a VPN that participates.
If a request comes in with valid crypto, the response is the requested article, with no tracking, and a cartel-fixed standard for ad content. If it does not, it is up to the publisher as to what to do with the response. Deny. Inject intrusive ads. Infect with tracking malware. If you didn't pay, you get what you get. Cartel members are paid from the common fund via analysis of the server logs, targeting X% of the total amount paid out as potentially lost to fraud (so as to not overspend on analysis and fraud detection). Baseline income is determined by quantity of eyeballs. The cartel can then dole out bonuses for quality--if one of your writers wins the Pulitzer, your paper gets extra money. And it's no big deal if bots are visiting sites, because each bot has to pay in order for its requests to count towards the circulation-based distributions.
I'm sure there are a lot of people out there willing to pay $10 a month or more for online journalism, but they don't want that whole budget to get sucked up by one newspaper, only to get locked out by all the others. And there are plenty of sites out there that can't seem to manage online subscriptions or micro-transactions very well.
It took me most of 5 years to obtain a patent on it: https://patents.google.com/patent/US9853964B2
To me the primary advantage would be to open up an untapped segment. There are readers who will never pay, they see ads. There are readers who love a source so much they will pull out their credit card and deal with the hassle of having yet another subscription. In the middle is a large, untapped group who would pay if the transaction costs (pulling out the card, hassle of multiple subscriptions, worrying about how much they're spending etc) were approximately nil.
Seriously though, perhaps a "read in" app (perhaps instapaper) which reconciles payment is what you want.
Some level of tracking _is_ strictly necessary for a system like this, because otherwise there's no way for the system to know which sites to give your money to.
But without a 3rd party payment system, it seems like you're screwed.
The previous version of google contributor was almost a solution.
But it used a bad payment allocation algorithm, it never guaranteed adsense ads would be blocked, and the new version is just a way to subscribe to a handful of sites.
But they also run youtube red, which has the model they need. They just need to copy their own idea.
Not even sure how newspapers would be able to figure out that all those readers they are not seeing is because they don’t take micropayments.
By interacting with their users. I’ve written to newspapers in the past asking about their subscription. I remember one ocassion I did it with 2 newspapers. One replied they’d look and I never heard back. The other didn’t reply.
If I write asking if there’s a way to use micro donations and there isn’t or they haven’t heard about that, it might be a good idea to research it.
Another is following news about competitors. ‘We’ve increased readership by x% since we added micro donations’. Or following industry conferences where it might be discussed.
Do the contents of your letters read “I like your website but I cannot in good conscience support you till you support this specific business model in which I might give you a penny, or perhaps as much as a nickel every time I read an article to support your operations and salaries?”
This particular idea has been kicking around for at least a decade that I know of, and since I don’t tend to hear about most ideas when they’re new, most likely much much longer than that. At this point I’ve been forced to conclude the industry as a whole has probably looked into it and come to the conclusion it just isn’t worthwhile. Understandably, they would need some critical mass of readers and enough papers that matter supporting it and a particularly friendly credit card processing agreement in which the processor would need to be happy with a micropayment of a micropayment. Services like Spotify have somewhat paved the way as well and are demonstrating what the long tail of micropayments actually looks like.
* includes crippled without JS, ads, paywalls, poor accessibility, etc.
It becomes a lot harder for journalists to justify spending months on a subject when the business side has hard data showing it brings in barely more than reprinting the soccer scores.
What’s potentially workable is a Spotify-style subscription model.
This is already true with the current advertising model.
What people read does correlate with what's important for them, by definition.
This is one of the reasons clickbait was so prevalent on facebook a few years ago - people clicked on these so much that they were ranked very highly. But in user surveys, the same users claimed they hated clickbait and wished it wasn't there. So what do you do?
Is it moral to allow people to only consume the things they believe they need, even if the things they believe they need are only that because they are addictive and potentially harmful?
If allowing cherry picking exactly what they want is the only moral way to provide the news, does that mean all prior forms of broadcast news publication were immoral (e.g. television & radio news broadcasts)?
Banana Banana Banana Banana Banana Banana Banana Banana Banana Banana Banana Banana Banana.
If doing my taxes were as exciting as my reading list I would get much more out of my paycheck.
That reminds me of Austrian praxeology.
Behavioral patterns that lead individuals away from their goals do exist. Such irrationality is what most of behavioral economics policy advice is all about.
It's easiest to explain with the difference in long term goals and short term decision making. There it gets obvious very fast that peoples immediate preferences do rarely reflect their stated and consistent long term preferences.
If a site evades my ability to disapprove and stay away from it, it should not be rewarded.
>One of the community reviewers removed it from the store claiming it violated the ToS, which is BS. The ToS never mentions the word paywall once. Please support me in appealing! https://wiki.mozilla.org/Add-ons#Getting_in_touch
Which sounds more like a zealous community member than Mozilla taking a position.
I don't think that makes it better. In fact, it's worse.
Why is Mozilla Corporation, a company with gross revenue of $562 million, delegating an important security role to unpaid and apparently unaccountable volunteers?
I really dislike when people assume that because you're a volunteer that you're unaccountable or less capable technically or security wise than an employee. That is simply not true.
There are volunteers in all places at Mozilla and personally, I think this is great. Also treating Mozilla as a company is not really the ideal mindset. Mozilla is at best a NGO, a foundation, who owns a company for legal reasons, who is also a community, who builds a ton of stuff. It is quite a complex entity to be summarized as "a company should handle this different".
You only seem interested in letting Mozilla off the hook rather than acknowledging the systemic issues that gave rise to this situation.
> Also treating Mozilla as a company is not really the ideal mindset. Mozilla is at best a NGO, a foundation, who owns a company for legal reasons, who is also a community, who builds a ton of stuff.
Except the Mozilla Corporation is the entity that develops Firefox and is a company. That company may be wholey owned by a non-profit, but it is still a company.
Obviously, the Mozilla Corporation's only stake holder is the non-profit Mozilla Foundation, so they can't pay out much of their revenue to anyone other than their employees (and to those in wages that are comparable with the rest of the industry; they have to publish their finances for that), so they certainly can afford to spend more money on things like that, but they're still trying to avoid spending huge amounts of money on something that can be done just as well in 99% of cases at a fifth of the cost.
As far as I know, they have a system where at least two independent volunteers have to approve an extension and some employees will occasionally check up on things, too, and can revoke volunteers that make mistakes too often or are plain malicious.
So, most of the time, this system will fail on the side of things being disapproved that should have been approved. It will much less often be the case that for example malware will get approved (especially since they also have automated malware scans, which is something that Google has, too).
There is a process, it is through the AMO developer hub page for their addon. What I've been saying here is about ways to contact the team if they want to talk to them directly. From the Addon admin page, from the "review history" page, they have a form to message their review team. Usually, if something happen and by any reason your addon is rejects, you can use that form to escalate and find out why it happened. There is also an email address for escalating this stuff which I am assuming they've emailed already.
Can anyone recommend an add-on for automatically hiding/dismissing such popups?
Fanboy's Anti-Cookie Filters (for uBlock Origin, etc.):
I don't care about cookies (extension):
Here's an interesting discussion about the second solution:
Hopefully the maintainer puts the .xpi file somewhere it can be accessed.
edit: someone has replied in the bottom of the git issue thread with a direct install link. use that instead
This situation feels like the old Mozilla vs Firefox issue that happened a decade and a half ago. Perhaps the fact that the Mozilla Foundation is treating their browser like an Apple device is the final impetus to move elsewhere?
 - https://bitbucket.org/chromiumembedded/cef
Could they be have been sued?
Profit over all, always and forever.
This is a strawman, the GP did not say AMO shouldn't be curated. [Edit: added missing "n't"]
> The title saying that Mozilla "pulled" this extension is not merely incorrect, it is blatant misinformation.
Mozilla selected, manages and empowers the reviewer who made this decisions. Since organizations are not people, delegating authority like this is the only way that organizations can ever do anything. Therefor to claim that Mozilla did not do this is spurious at best.
Now, Mozilla can disown the decision by saying the reviewer did not follow the appropriate process in making the decision. If that claim is shown to be true, only then would the title possibly be incorrect or misleading. Until then, Mozilla is as culpable for the authorized actions of its agents.
It's okay to say no to ads, but then we shouldn't circumvent paywalls. Free content is free only as long as someone somehow still pays for it.
I guess they could upscale in tech, but how would they pay for it when they can barely earn enough money to fulfill their primary function?
I don’t think publishers have a problem. I think users do. I hate online news as much as everyone, but I still want deep, intelligent and critical journalism, so I subscribed to a paper which sells it.
It’s one of the most successful news papers of my country, financially, and up until April this year they didn’t have a website. They do now, but it’s basically just a digital version (also available in audio from apps) that you can still only access if you subscribe.
I couldn’t be happier, and they earn money. So maybe the whole free content thing isn’t really a good way to go for either the user or the publisher?
They'd best gain the ability, then, or fade into irrelevance and die.
And honestly, we're talking about serving a few images from their own webserver. It's not rocket science.
The question arises, what images to serve. Someone has to sell advertisement, find clients, persuade them to advertise with the given site, etc. That's something they are getting with ad networks for free.
Its also not a new problem. Newspapers have always had to have their own add sales department or outsource add sales.
What you say may work for big news portals and stuff, but if this becomes the norm then it will kill the small publishers resulting in further concentration of net content in the hands of the big guys.
So this direction would hurt the little guys and help the big guys, because they have the resources to adapt.
My concern, however, is Mozilla putting themselves in the position of making that judgement for their users. Even if we agree that this isn't a good addon, does that mean it's fine for it to be censored by Mozilla?
What's worse is that both Google and Mozilla are equally vile, so what browser am I supposed to use? In the end I guess I'll go with Brave.