- You can still manually install extensions. From now on, all installations will need explicit user confirmation.
- No extensions can be installed silently. This is what sideloading did, all extensions in a special folder were installed in all Firefox instances on the computer without the user's consent.
This is most definitely a Good Thing, as it means for example no malicious extensions can be silently installed by malware etc. Communicating this change could've been done better, though.
And assuming that's possible, doesn't that mean they've just made side-loading more difficult to do than actually prevented it?
If that's the case, it just means that _you_ won't be able to sideload, effectively, but Skype et al will put in some programming time and be able to sideload again.
Correct me if I'm wrong!
I think you'll need to review whatever method Firefox uses to flag what extensions the user approved.
In general, the OS provides different ways to store data in an encrypted manner so that only your application can read it back. (Keychain on Mac, and DPAPI on Windows.)
Furthermore, modern OSes provide sandboxing so that your application can not be tampered with. I'm not sure if Firefox uses this.
Also, if you're able to figure out how to hide a private key, (perhaps in the Keychain or via DPAPI) you can then use things like digital signatures to know what the user really allowed, and know if your approval mechanism was tampered with.
Granted, these mechanisms aren't foolproof... They just make it harder for malware to see things it shouldn't.
> This is most definitely a Good Thing, as it means for example no malicious extensions can be silently installed by malware etc.
So, imagine I'm writing some kind of desktop app that needs a companion browser extension to work correctly - a malware scanner, password manager, etc. The program will break if the companion extension is not present.
I guess for the user who installs the program, the installer can ask the user to visit AMO and install the extension themselves - however, how would this be accomplished for other users?
Or, when they click OK you can make your installer tell the OS to "run" your .xpi file, which will open Firefox, and ask the user whether that extension is really something they want to install. And then when they click no you tell them that they can initiate the .xpi install process at any time by going to your application's help -> install extension or something.
What you _can't_ do, and what you should never have done in the first place, is copy a file into the magic Firefox directory that forces that extensions to be loaded outside of the control of every user and profile for Firefox on that computer.
Yes, but not as XPI file. For manual installation, you can install similar to Chrome, that's from source code folder
What gave you the impression that XPI files would not be supported?
The title. In normal usage, the word "sideloading" implies installing an extension file (apk, xpi, ...) yourself instead of via an app store.
Reading the article, I understood they mean something different, but the title is very misleading.
In the world of android, "sideloading" became parlance for installing applications because historically you used adb on a computer to sideload the app on.
Sideloading only means that you are providing the thing yourself, as opposed to using official channels.
"sideloading" can mean many things.
In the page yorwba linked, it shows how to generate a signed XPI file that can be distributed and installed locally from that file in a more conventional manner (e.g. drag & drop the file onto Firefox’s Add-ons page).
Yes, the older method of extension side-loading, supported at some point by Edge, Chrome, and Firefox, was for IT departments who created OS deployment images with software (incl. extensions) burned into them. Usually this was combined with Group Policy / Device Profile settings that made the extensions impossible to deactivate or remove ("force enabled") and potentially blocked any extensions other than those preinstalled.
I believe that all the browser makers have, at this point, reached a consensus that deploying extensions directly as on-disk files this way makes it 1. too easy for malware to just set itself up as seemingly "deployed by Group Policy"; and 2. makes it too hard for these extensions to be updated as often as they might need to be, or disabled if the browser-maker declares incompatibility with an API in them, etc.
What all the browser-makers seem to favor nowadays, for IT departments who want to do OS-image deployment, is an approach where the burned-in Group Policy will just list out a set of extension IDs that are to be force-installed and force-enabled; and then the browser itself will do the work of retrieving and installing them (but will still treat them like any other extension as it goes through the install process, vetting it for compatibility, upgrading it through its registered upgrade channel, etc.)
This means that every extension in these browsers now has to live in the browser's extension store—even if it's a private, just-for-your-own-company extension. (Which, honestly, there's not much to be said against; the "enterprise deployment" parts of app-stores don't usually force developers to go through pre-vetting before new versions are published or anything. It's just cloud hosting—with the proviso that, due to having download logs, the app-store can see if your "enterprise extension" has an install profile that looks more like that of a virus rather than an enterprise, and then blacklist it.)
Here's Google's documentation on the Group Policy settings that modern Chrome looks for, for comparison: https://support.google.com/chrome/a/answer/7532015?hl=en. Probably Firefox wants to move toward a similar model. And more power to them, honestly; right now, Firefox's extension ecosystem is far too easy a target for malware authors.
Developer edition and nighties are not release builds.
Unbranded builds don't get updates.
It needs to be unpatched for updates - I don't allow my normal day-to-day Firefox instance to write to it's own binary anyway. Firefox tells me when there is an update, and I then restart into my special script that unpatches, runs Firefox with permissions to modify itself and a profile that I don't use for day to day browsing, only for updates, and then patches it again.
Scripts to patch / unpatch it are here: https://github.com/A1kmm/enable-unsigned-firefox-addons
Part of the problem is the very delineation between developer and end user.
How about Firefox just be a powerful open platform that anyone can develop for easily with as few roadblocks as possible? We should all be one step away from being developers.
I am so glad I was on the old Firefox 12 years ago. I'm glad that I was able to quickly whip up extensions and share them with my friends. Wanting to automate bypassing my school's wifi captive portal, or wanting to change how the bookmark menu was displayed encouraged me to experiment.
The fact that Mozilla now sees only an audience of consumers that need to be protected from themselves and marketed to is the problem. Mozilla is afraid of their precious precious brand being sullied.
Last week my dad thought he had a virus, but really it was just a BS spam site that he had accidentally allowed to send him notifications. The screen in Chrome to revoke notification access was like 8 clicks deep.
Browser extensions are a powerful, beautiful, dangerous bit of tech. Is it asking too much to put some guard rails in place that really aren’t too much trouble to follow?
No, but that's not what Mozilla is doing. A confirmation prompt is a guardrail. This is a fence.
> Last week my dad thought he had a virus, but really it was just a BS spam site that he had [...] allowed to send him notifications.
That's his own fault. Not an ideal outcome by any means but a private organization has no right to restrict people's freedom just to protect others from themselves.
This is security theater.
> Browser extensions are a powerful, beautiful, dangerous bit of tech. Is it asking too much to put some guard rails in place that really aren’t too much trouble to follow?
There are many layers of guard rails already. The problem is that now they want to also inspect every extension that I use, even if it is for completely private use and will never be available to the public. And Mozilla does not exactly have a good track record with trust.
Added: It's not clear to me how "hostile to power users" this particular change is. But my general statement still applies.
You can aim for the "safest" choice, which seems to be what you are advocating. If so, it needs to be said explicitly and the implications of functionality reduction (that safety increases always brings) openly discussed and debated.
The model of claiming "we will do what is best for users" with a freedom to replace "best" by "X" has been thoroughly compromised by googles and facebooks of this world. We need to be explicit about goals and tradeoffs. Not attacking your post, just arguing for being clear and honest on goals of non-commercial software.
If 1% of users are getting exposed to malicious software by a feature and 0.0001% of users are using it, it's a little more clear than you say. I've made both of those numbers up, but I think it's likely enough that very few end users are depending on the ability of other software to silently inject plugins.
With the caveat that power users are probably the ones to have turned off metrics. Mozilla is probably aware of it, but it's still hard to compensate for that.
An option that just occurred to me is to be able to start Firefox with a special flag that would give access to some extra options to allow actions that reduce security - such as sideloading for example.
To help prevent innocent users being coerced into starting Firefox with that flag it could be something like "Firefox.exe -pleasehackme".
Power users would know what the flag is for but even the most naive user might hesitate to start Firefox using a command inviting themselves to be hacked :-)
Probably a stupid idea, but just putting it out there.
Their justification is that if there were some command line option to allow it, then users could be tricked into doing that.
But, couldn't the user not also be tricked into simply downloading the developer edition? Couldn't the user be tricked into deleting their home directory?
Personally, I find these justifications dubious. There is a kernel of truth that in some edge cases it can offer some protection. But it feels far more like something Google or Apple would do, and Mozilla is either cargo culting them, or has been pressured into doing this.
So hackers can't just download the signing-disabled firefox and replace your firefox with it.
The hacker can probably still compile one by their own, but at least it will makes them pain in the ass.
I've compiled a branded build of Firefox myself, and it is as simple as setting a single flag at compile time. Almost trivial. The only protection that branding has is legal, not technical. If I tried redistributing the branded build then Mozilla might sue me. Do you think they will be able to sue malware authors when they do it?
There is absolutely nothing stopping a hacker from replacing or patching Firefox.exe with a branded version that will run their hostile extension. Even if they do not have write access to Firefox.exe, they can download it somewhere else and change where the shortcut points to. It would be almost impossible to tell the difference.
This is not a serious security measure.
But I think you are missing the bigger point here. If they can write to files on your computer, then it is far too late. They can encrypt and ransomware your documents, they can install a keylogger, and they may be able to extract all of your passwords and cookies from Chrome and Firefox.
It would be like if someone stole your car, but at least they don't have the keys to the glove compartment.
It is not a justification for Mozilla is doing.
Trying to protect against hostile code already running on the same computer as the browser is futile. At best, it should warn the user if suspicious modifications were made.
And it comes at such a high cost for such a narrow measure of protection.
This is about preventing the naïve from being tricked into manually installing malicious add-ons by a third party.
Perhaps Firefox hasn't been very clear on its tradeoffs but Apple, for example, seems to have been IMO. (Yes, it tends to be wrapped in marketing rather than tech speak but I think they've been pretty consistent about their priorities.)
But an option that cannot be changed is not a default choice -- it is a hard coded design decision. My 2c.
You could argue that Mozilla is either a shepherd (making best decisions for most users and that's it; take it or leave it) or a partner (listen to users and try to implement features they want) but you cannot eat your cake and have it too.
I suspect that if we drill down to this point, you'll find the feature is still available with a trivial amount of work, or on the outside case it's the more specific thing they actually talked about, it's not a trivial amount of work, but it's just not automated for enterprise installs anymore.
So, what's this feature you're referring to?
I also think the discussion moved to a more generic "safe default with options for users to change" vs "choices hard-coded based on perceived safety for general users".
Everything I see indicates that is still supported. Especially if you read the comments to the post. XPI files seem to be supported, what they removed was the ability have an executable installer install them automatically.
The change, which seems to have been communicated poorly, seems to be that some actions within Firefox need to take place (allowing the user to opt-in to the extension) before it will be used by Firefox.
This comment from Caitlin Neiman, who I just looked up on Google and appears to be the Firefox Addons Community Manager, states:
Developers will still be able to self-distribute, and you will still be able to install extensions from self-distributed (non-AMO) sources.
Going forward, developers won’t be able to distribute an extension through an executable application installer.
> I also think the discussion moved to a more generic "safe default with options for users to change" vs "choices hard-coded based on perceived safety for general users".
I'm pretty sure what they did is not hard coding choices. There are multiple ways to get an extension locally, the hardest of which but still works no matter what is installing the developer version and using source (XPI files can be unpacked).
What they actually did was lock down one method of installation which is almost never used by users and is used by orgs and malware, which is to drop extension into the plugin folder with the extension name as the folder name and have it automatically added to Firefox. Now they require you add it through the Firefox browser interface so the user
has to opt-in to the extension.
Having a single entity control what extensions you get to install is not what is best for the general public.
Personally, I think that Firefox should be the more flexible extensible alternative to Chrome. It should be to Chrome as Linux is to Windows.
They need to stop chasing the demographic that is going to hurt themselves.
For certain purposes and audiences, yes.
Sometimes I think tech people forget 'the general public' is made up of adults capable of learning and making their own choices if educated properly on matters.
It is often reasonable to provide the option to use tools in ways that are less safe. Sometimes that's unavoidable. You can certainly use a chainsaw unsafely although I also think it's perfectly reasonable for chainsaw manufacturers to not provide easy ways to defeat the various safety mechanisms that are built in.
Just remove the codepad, well yes, so long as the manufacturer doesn't weld it on ... oh, and they just decided to weld it on. Such safety, much wow.
While lots of readers will dislike this comment, are not ready to digest it, and will claim that I am wasting my time writing this comment, I think as a society we should prioritize creating competent humans who can appropriately use technology, whereas this move by Mozilla is just more of the same, prioritizing mindless consumers who have no idea how any of the things that their lives increasingly rely on function.
I think such consumers should be left to fend for themselves, as that is the only way a majority of people actually learn. This is especially true for Firefox, which has never been a "consumer" browser, and has always been a browser for people who wish to understand how it works and be able to modify it in a straightforward manner. If someone desires a browser that does whatever it wants without asking, Chrome is a perfectly fine option.
What issues does this change create?
• Preventing malware and enterprises from silently installing unremovable extensions through a special mechanism
What this is not:
• Preventing users from installing extensions without using the Internet (they can just load an xpi file like always)
• Preventing power users from installing unsigned extensions (already not possible in standard Firefox except non-persistently for development, but Mozilla provide unbranded builds which let you use extensions)
Why this is being done:
• Preventing adware adding itself to your browser without your consent and making itself difficult to remove
Not why this is being done:
• Mozilla hates users / the open Internet / freedom (their foremost concern is protecting users from malware nonconsensually installing extensions, they have always provided versions of Firefox allowing you to do whatever you want if you want that, and indeed standard Firefox does let you load unsigned extensions temporarily)
If malware gains enough access to my system to put extensions in the sideloading folder I have bigger problems than Mozilla can protect me from.
Some crazy software companies then used a dark pattern - clicking 'I don't agree,' meant you agreed to install unwanted crap.
Adobe flash, Java runtime, utorrent and any installer from cnet.com are examples. That's why I installed Unchecky to protect me from bundleware and automatically uncheck, skip 'offerings' when installing new software.
Edit: As mentioned below, the Chrome team used bundleware extensively in its early days.
> If you self-distribute your extension via sideloading, please update your install flows and direct your users to download your extension through a web property that you own, or through addons.mozilla.org (AMO).
And what if I don't want to use a "web property" to distribute an extension? What if I want to give my users a honest-to-God file, whether via e-mail or IM message or USB drive?
> Please note that all extensions must meet the requirements outlined in our Add-on Policies and Developer Agreement.
Or what? I can't make an extension and give it to friends unless it meets your policy? That's pushing it a bit.
This is aimed at Joe Average User who maybe downloaded a program from sourceforge and suddenly every user on the computer has Myway Search installed, or something with serious privacy problems that's injecting itself into every web page they visit.
As far as I know, unbranded doesn't autoupdate while beta, nightly, and developer are all buggy software for guinea pigs.
Edit: Why are both the responses I've received worded rudely? Did I say something wrong?
As a fully open source product, with a demand and will large enough, someone could make a fork, even a minimal one, where they take upstream and keep this feature enabled. I personally don't think sufficient demand and will exists for that to happen.
I suppose they could make an about:config option out of allowing it, but really, so few users will probably find it so much of a problem that even a bug report/feature request for that probably wouldn't get traction.
They can't please everyone. Overall, it seems like a reasonable move to me.
FWIW, I agree. Having the choice only between casual user version and unstable dev version is missing a power user option in the middle. I'm personally not going to abandon Firefox over this, but I'm that less interested in embracing web as a platform for productive work.
Like installing whatever extension you want directly from file.
2) If user script or CSS not enough, you can write an addon, create a free Firefox account, submit the addon to your own account at https://addons.mozilla.org/en-US/developers/addon/submit/agr... and download the signed addon XPI file. Then you can distribute the file in whatever way you want, provided you are not violating any license agreement.
It's not important who this is aimed at but who it hits.
They should just release a Firefox preskool edition for Joe Average User.
But this is a great example of the rot in Mozilla. When Apple or Google sacrifice functionality to appeal to users that don't like computers, it is because they make more money by expanding their platform.
When Mozilla sacrifices functionality to try to attract new users, then what? They aren't really making any money off of it. They are just getting new users for the sake of it.
If Firefox has to remove so much functionality to become more popular, than why bother at all?
It is like if everyone is eating McDonalds, and you are selling healthy produce, but only 20% of the population ever wants your healthy food. So you start coating your healthy food in sugar and deep frying it. Even if you win, you lose.
> This is aimed at Joe Average User who maybe downloaded a program from sourceforge and suddenly every user on the computer has Myway Search installed, or something with serious privacy problems that's injecting itself into every web page they visit.
I think this is a lie. I mean, yes it does mitigate a specific kind of malware injection, sure. But if someone already can write to your filesystem, then it is game over. If Firefox actually had any marketshare and was a big enough target to care about, malware could simply inject malicious extensions some other way. Having the web browser trying to secure itself on a compromised system is a fool's errand. And it is not a justification for such a massive regression in functionality. It is not a rational decision.
I strongly suspect that it was a rational decision for Google to do this with Chrome; to put up roadblocks for users trying to have too much control of their browser, and justify it in the name of security. And then Mozilla irrationally copied them. Because they are a Google cargo cult.
> They should just release a Firefox preskool edition for Joe Average User.
Seems like that's Developer Edition. The Joe Average won't know the difference, so obviously the default has to be for him.
And yeah, I also don't like were this is leading and wish they would have found a better way.
Users who are sick of the effects of unhealthy food will actively seek out Firefox. I and many others were willing to put up with the bugs and slowness of Firefox to leave Internet Explorer.
And when websites were IE6-only, the attitude was not that Firefox needed to win them over, but instead it was too bad for that site they would not get traffic from Firefox users.
And Firefox could afford to not be the best browser for all users, because they are a non-profit, and are not constrained by the same market dynamics as their competitors.
Firefox does not and should not pander to users wanting the sugar, because it will likely drive away loyal users more than it will win anyone over. And again, they can certainly afford to not win those users over. Their browser is not a cog in a content distribution platform like it is for Apple and Google. They can afford to not grow their user base at all, and focus instead on improvement. I would actually like to see Mozilla discard their user metrics and just blindly focus on making something good, instead of something popular.
You still can give your users a file, as long as it's signed my Mozilla.
> Or what? I can't make an extension and give it to friends unless it meets your policy? That's pushing it a bit.
You can still install unsigned extensions if you're using Beta, Nightly, or Developer Edition, which are intended for power users.
> Note, however, that your add-on may still be subject to further review, if it is you’ll receive notification of the outcome of the review later.
So other than hosting, I fail to see how this is different from distributing through the official channel — you still have to pass their review.
Note that I’ve never written a Firefox add-on (I’ve written plenty of Chrome extensions though), so please correct me if I’m wrong.
This raises some security concerns in theory (your user now has to run an executable that is not sandboxed by the browser), but they were already trusting you enough to plug in a USB stick.
 - Do you still own a copy of Firefox? That's probably the hidden crux of the issue.
And if you don't want to be subject to AMO's security review process, then out of those options, don't pick AMO.
Everything is fine. This is blocking automatic extension installation. You can still install extensions manually.
Mozilla is blocklisting benign extensions distributed outside of Firefox Add-ons which do not follow these guidelines .
They are working on disabling a method which allows users with root access to configure Firefox to load unsigned extensions , citing concerns over adware with root access. The feature is being disabled even on Linux, where such adware was never really a problem, despite making several other use cases impossible.
Requiring extensions to be signed by default is a great initiative by Mozilla, but we must be given ways to install private extensions in the release version of Firefox without disclosing the source code to Mozilla, or worrying that an extension for personal use may be blocklisted.
Forbidding local extensions in the release version of Firefox, without a way to override the option, guarded by administrative access and appropriate warnings, is heavy-handed and has a questionable threat model.
Signing can be turned off in Firefox Developer Edition (based on Firefox Beta) and unbranded builds (no automatic updates), but those browsers are not meant for end users. We must be given ways to install private extensions in the best version of Firefox, and that is the release version of the browser.
Not even Google is this heavy-handed, they allow installing local extensions in Chrome after users enable an option, although a warning is shown on browser restarts about the presence of external extensions, which can be dismissed.
edit: Like, look at your second link. The extension was running remote code loaded from a third-party site! I'm sure you see why Mozilla can't just let that happen.
The extension was running remote code from Google Translate. The extension's author could no longer run a safe, unlisted extension in their own browser. Mozilla should have no business in what code people run in their own browsers, when that code was distributed outside of Mozilla services.
This is esentially arguing that user scripts, and the extensions which enable them, should be banned too.
CORS is a security directive set by sites over which users have full control through browser configuration and extensions.
* Firefox refuses to display that resource, even though your website told it to, because it doesn't think displaying the resource would be safe.
I think that's also the right perspective here. Firefox won't run unsafe extensions, in the same way and for the same reasons as it won't run unsafe cross-origin requests.
You keep bringing up CORS, but that is a security directive that can be disabled in Firefox. Even an essential security measure such as CORS is allowed to be disabled using extensions approved by Mozilla, opening users up to universal XSS by any site they visit.
In any case I don't think CORS is relevant in a discussion about Mozilla taking away user freedoms under the pretext of a threat model that falls apart once subjected to close scrutiny.
I just fundamentally don't agree that taking away extension functionality means taking away user freedoms. Even if Firefox developers are completely wrong about security, I have no moral right to make their project execute my code. My user freedom is to develop and run a modified version of the Firefox code, which Mozilla does allow by making Firefox free software.
This is how you get "we added an addon that you can't remove" and "we re-added icons to the toolbar that you removed" and now "we won't let you simply install any addon".
And presumably next year "only addons from the Mozilla walled-garden"? That seems to be the direction it's going.
Mozilla allow users to do stuff, you say. They used to be about enabling users. Only allowing things a user has a moral right to demand of you doesn't sound like FOSS.
Chrome has "--disable-web-security" command-line flag which disables CORS. They may start locking it to be only usable with "--user-data-dir" (see Chromium bug #327804) but that's a clear failsafe, not a limitation.
Firefox doesn't support anything like this. You don't have any control over its behavior, even if you may need this for some unconventional reason.
Why can't Mozilla treat their users as arbiter of what the use may do? They really don't have to decide for users what the only allowable extensions are; they could just advise rather than dictate.
1% of 500M users is still millions of users. I don't know what the actual fraction of Beta/Developer vs Release users is, but the scale is significant enough that the beta channel is definitely intended for end users.
IMO Beta is the best channel of Firefox. Release is just an outdated version maintained for corporate/enterprise installations.
This does not make sense if it is just to fight malware. I no longer believe that Mozilla is acting in good faith. It seems that Mozilla is trying to claw control of Firefox away from users.
I do not trust them to decide what extensions I can have. Once they have locked it down even more, are they still going to be so nice about approving extensions?
Either this is just hubris and contempt for users, or a poor attempt to copy Google's restrictions, or something worse.
Mozilla is working on achieving exactly that, and in fact Firefox is already worse than Chrome in this aspect, see my comment here: https://news.ycombinator.com/item?id=21418604
: Not that I have one such exploit, but even without access to “tabs” permissions, extensions can still query the status of tabs, run benchmark processes, and add context menus with various “filters” such as right click on a text or image. Sure this doesn’t give direct access to data, but timing attacks and such should be possible.
Mozilla is trying to defend against malware or adware with root access on the device.
Malware with root access can do what it wants, inluding just replacing the Firefox executable, keylogging, making screenshots, intercepting traffic, or patching Firefox in any number of ways.
Adware can legally do the same if users give consent. Most antivirus software in fact injects code and is capable of controlling processes, they also intercept traffic to monitor for threats.
If both malware and adware can do esentially what they want on the device, then we are left with how this change affects users.
Users can install a different browser, or patch Firefox, but it becomes prohibitive for regular users to control their own browsers if they choose to continue using Firefox, because they lack the expertise to make the necessary changes.
Disallowing local extensions at all costs in Firefox has minimal security benefits, while greatly harming user and software freedom.
Extensions which require signing by uploading to addons.mozilla.org are controlled by Mozilla and can be blocklisted, it does not matter from where the user ends up downloading the extension.
This practice is worse than what is allowed in Chrome. Google allows installing local and private extensions that have not been signed, after an option is changed in Chrome.
...You absolutely can install extensions from outside the Chrome extension store, though?
"To give users more control over their extensions, support for sideloaded extensions will be discontinued."
During the release cycle for Firefox version 73, which goes into pre-release channels on December 3, 2019 and into release on February 11, 2020, Firefox will continue to read sideloaded files, but they will be copied over to the user’s individual profile and installed as regular add-ons. Sideloading will stop being supported in Firefox version 74, which will be released on March 10, 2020. The transitional stage in Firefox 73 will ensure that no installed add-ons will be lost, and end users will gain the ability to remove them if they chose to.
From what I read only if those extensions are declared acceptable (aka signed) by Mozilla. Pretending this gives me as user the control seems highly disingenuous. The only entity with all the power is certainly not the user anymore.
It's not like removing a hole in your city wall gives you less control over entry into your city, even though it does remove a method of entry.
This doesn't give users more control, it gives less.
People who wanted to control their own 'hole' might have wanted to let people in that the city elders didn't care for.
I'm aware of some installations which rely on both auto configuration and some proprietary extensions to the enterprises themselves which needs to be non-removable and always active.
Disabling installation of sideloaded extensions may make these installations harder, if not impossible.
The announcement in question pertains to a specific method of silently force-installing unremovable add-ons to Firefox.
Is there some way to submit this post or edit the title to maintain compliance with the submission rule and also make it less misleading?
Seems somewhat tone-deaf with one of the big criticisms of the project being their restrictiveness regarding add-ons.
The side-loading they are talking about here seems to have the goal to avoid the search-bar crazyness thru adding extensions without user acknowledgement.
Given the obvious threats that a single signing authority presents (as proven by Apple recently) Mozilla should be decentralising the signing here to a few hundred redundant parties worldwide.
Isn't kind of contradictory?
Please correct me if I'm reading it wrong.
Saying "To give users more control over their extensions, support for sideloaded extensions will be discontinued." Also seems disingenuous at best...
Sounds good to me. No more annoying adware extensions.
We are removing sideloading (The ability to silently install extensions from your local machine as an xpi file)
- This will not affect the ability to manually install extensions, they will need to be installed from a source code directory (Link to chrome post on same)
- This makes users safer (Malicious extensions will need to be approved and installed by a user)
- This makes it more obvious when an extension is installed (Confirmation dialog)
Thanks for making me read into it further
Isn't this how distributions install browser extensions from package repositories? Now I can pacman -S an extension. With this change I will not be able to.
More control, right.
I think that's pretty fair. Lots of other software that interacts/loads into another bit of software requires manual configuration.
Which was self-hostable.. Promised to be that once again, but still hasn't been opened up again.
I've self-hosted Accounts+Sync with a lots of elbow grease. Even had my own alternative re-implementation - because running all this Mozilla code was more complicated than hacking up something of my own.
I gave up about a half an year ago.
What will Mozilla do next then? Close the source so malware authors can't compile their own Firefox, for security reasons? Only allow installation on DRMed systems?