I still don't see how this is as complicated as these arguments suggest.
There is a known risk of Firefox being compromised by malicious addons, including those preinstalled by certain organisations. This risk is what is moderated by requiring addons to be signed and hard-coding a block. However, moderation is all this gains, because anyone who is preinstalling Firefox on a computer could still install a modified executable instead.
There is also a known risk of the user's security or privacy being compromised by visiting malicious websites that exploit weaknesses or vulnerabilities in Firefox. This risk is what is moderated by addons that block or otherwise interfere with undesirable content. It doesn't take any sort of hindsight to anticipate this; it is one of the major reasons people advocate blocker extensions, and this has been true for many years.
It is understandable that Mozilla would want to disrupt the former threat, but as I and others have explained, there are tried and tested ways they could do so that are no more vulnerable than the current approach yet would not suddenly remove all protection offered by addons against the latter threat without warning in the middle of a browsing session. The current heavy-handed approach is like building a secure home by making a concrete bunker with no doors and windows: the efforts to secure the addon system ultimately rendered the entire system useless.
Worse than that, though, the current strategy violates the basic principles that attract some users to Firefox in the first place, specifically its extensibility through addons and its relative respect for users' privacy and control of their own systems. The fact that Mozilla have so far shown little understanding of why some users would have a problem with this is regrettable, but perhaps they will come around with further thought after the event. However, the fact that there are people here still trying to defend the policy despite the highly visible train wreck that just happened seems very odd to me.
> However, moderation is all this gains, because anyone who is preinstalling Firefox on a computer could still install a modified executable instead.
Well, apparently that is a line that vendors are not prepared to cross.
> There is also a known risk of the user's security or privacy being compromised by visiting malicious websites that exploit weaknesses or vulnerabilities in Firefox.
When it comes to actual weaknesses or vulnerabilities, it seems clear to me that Mozilla should not rely on add-ons for patching those. But yes, blocker extensions still provide value; luckily, they are also still allowed.
> as I and others have explained, there are tried and tested ways they could do so that are no more vulnerable than the current approach yet would not suddenly remove all protection offered by addons against the latter threat without warning in the middle of a browsing session. The current heavy-handed approach is like building a secure home by making a concrete bunker with no doors and windows: the efforts to secure the addon system ultimately rendered the entire system useless.
You've said this before, so to prevent getting into a loop, I won't repeat my response :)
> Worse than that, though, the current strategy violates the basic principles that attract some users to Firefox in the first place, specifically its extensibility through addons and its relative respect for users' privacy and control of their own systems.
This I understand, and I wish it wasn't necessary too. I do think Mozilla has not shown little understanding - they've repeatedly explained how they are caught between a rock and hard place, and reached a different conclusion than you did, after weighing the pros and cons. That does not mean a lack of understanding of the cons, but merely that they did not outweigh the cons of the alternatives in their view.
This might simply be the result of different valuations of the pros and cons between you and Mozilla; given the amount of data and insight Mozilla has on the use of Firefox, I would also suggest to be open to the idea that there might be a lack of understanding on our side about the scale of the problem of malicious extensions.
There is a known risk of Firefox being compromised by malicious addons, including those preinstalled by certain organisations. This risk is what is moderated by requiring addons to be signed and hard-coding a block. However, moderation is all this gains, because anyone who is preinstalling Firefox on a computer could still install a modified executable instead.
There is also a known risk of the user's security or privacy being compromised by visiting malicious websites that exploit weaknesses or vulnerabilities in Firefox. This risk is what is moderated by addons that block or otherwise interfere with undesirable content. It doesn't take any sort of hindsight to anticipate this; it is one of the major reasons people advocate blocker extensions, and this has been true for many years.
It is understandable that Mozilla would want to disrupt the former threat, but as I and others have explained, there are tried and tested ways they could do so that are no more vulnerable than the current approach yet would not suddenly remove all protection offered by addons against the latter threat without warning in the middle of a browsing session. The current heavy-handed approach is like building a secure home by making a concrete bunker with no doors and windows: the efforts to secure the addon system ultimately rendered the entire system useless.
Worse than that, though, the current strategy violates the basic principles that attract some users to Firefox in the first place, specifically its extensibility through addons and its relative respect for users' privacy and control of their own systems. The fact that Mozilla have so far shown little understanding of why some users would have a problem with this is regrettable, but perhaps they will come around with further thought after the event. However, the fact that there are people here still trying to defend the policy despite the highly visible train wreck that just happened seems very odd to me.