I'm the author of "Runet Censorship Bypass".
We help Russians to circumvent state censorship while with some
tricks the extension may also be used to bypass private discrimination or sanctions-based censorship.
We received no notifications about this restriction.
Waiting for the official statement or just any comment from Mozilla.
As a russian I felt comfortable using this add-on and recommending it to others because it was closely associated with Roskomsvoboda organization that have a very strong reputation for fighting against different forms of state oppression.
Please, do not imagine yourself in our shoes if you dont know their shape.
Who would you trust then? Mozilla, to guard you against the content you should not be allowed to see?
If I were either a Russian, living in Russia, or had any family or friends in Russia, and if I also wrote tools to circumvent Russian state censorship, I sure would want to stay pseudonymous!
> Is this a way for Mozilla to censor add-ons they don't like, enforce copyright, government demands, etc.?
> No, the purpose of this is to protect users from malicious add-ons. We have a set of guidelines (https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Revie...) for when it is appropriate to blocklist an add-on and have refused multiple times to block for other reasons.
Is Mozilla refusing to sign the add-on? Or just refusing to host it on addons.mozilla.org? There's a big difference. If the extension can still be signed, it's easy to install on production Firefox builds. If it can't be signed, then it can only be installed on Nightly or Developer builds with xpinstall.signatures.required disabled in about:config.
So it looks like they are still signed, but they are not available on amo in Russia. The extensions can still be installed on production Firefox builds if they are hosted elsewhere, such as:
So posting the contents of my ~/.mozilla/firefox/default/extensions/ on GitHub is going to remove all of them from the store? Goodness, I wonder why no one thought of that until now.
I absolutely hate what Putin and his goons are doing to Ukraine and Russia.
Having said that the list contains many names of people who would be hunted and killed by any government. Imagine Apache starting revolt, murdering civilians, keeping / trading slaves, cutting heads etc. etc. Whoever the author of the article is - they did a shitty job.
This list is a big disservice to true victims of Putin, like Navalny and the likes.
The Apache tribes fought the invading Spanish and Mexican peoples for centuries.
The first Apache raids on Sonora appear to have taken place during the late 17th century. In 19th-century confrontations during the American Indian Wars, the U.S. Army found the Apache to be fierce warriors and skillful strategists.
OK, I'm imagining people defending their homelands against invaders.
I am talking about now. In the end Indians were conquered with all the consequences. If they wake up now and start the war for independence it will be exactly the same situation as with Chechnya with exactly the same results.
This would be just speculation, and I could be way off base. This would also be assuming that Mozilla is looking out for the best interest of users, which may or may not be the case.
We saw that when companies like McDonalds could no longer operate in Russia, Russia essentially took the McDonalds and created a knock-off. If Russia decided to ban Firefox, they may just fire up a knock off and sell it to the populace as Mozilla is an evil American corporation so they have created RuskieFox and all that national pride stuff. Would tech saavy people trust the Russian knock off? My guess is the tech saavy people won't and will find ways to get firefox from Mozilla. But the non-tech saavy? Probably not. From this, if we assume Mozilla is doing what it can to protect users (which may or may not be the case), it would be better to comply but Russians get official builds of Firefox than being banned and the Russian government replacing Firefox with their own build.
There's already a Yandex browser, there's no need for a Firefox knock-off.
> Would tech saavy people trust the Russian knock off?
No one with a single brain cell uses the Yandex web browser. It's akin to giving the Russian authorities full access to your entire web presence.
> But the non-tech saavy?
For those Firefox has never existed. Most people in Russia use: Yandex web browser, Opera or Google Chrome.
> From this, if we assume Mozilla is doing what it can to protect users (which may or may not be the case), it would be better to comply but Russians get official builds of Firefox than being banned and the Russian government replacing Firefox with their own build.
Mozilla loses nothing from not complying but gains reputation and trust of not sharing the bed with Putin.
Because no one is helped by that, least of all Russian people wanting to use Firefox. It seems fairly obvious that "all of Firefox is not available in Russia" is worse than "two extensions are not available in Russia".
It is not "all of Firefox is not available in Russia," as there will be unofficial mirrors, torrents, etc. But I hear you, it's indeed better to have two extensions available from unofficial sources only than the whole ecosystem.
Here's the statement we're sharing with the press:
In alignment with our commitment to an open and accessible internet, Mozilla will reinstate previously restricted listings in Russia. Our initial decision to temporarily restrict these listings was made while we considered the regulatory environment in Russia and the potential risk to our community and staff.
As outlined in our Manifesto, Mozilla's core principles emphasize the importance of an internet that is a global public resource, open and accessible to all. Users should be free to customize and enhance their online experience through add-ons without undue restrictions.
By reinstating these add-ons, we reaffirm our dedication to:
Openness: Promoting a free and open internet where users can shape their online experience.
Accessibility: Ensuring that the internet remains a public resource accessible to everyone, regardless of geographical location.
We remain committed to supporting our users in Russia and worldwide and will continue to advocate for an open and accessible internet for all.
Mozilla is starting to seriously have a long list of highly questionable if not directly user hostile behaviors. They are hiding behind the fact that they are the almost only viable alternative to the chrome ecosystem... But they may well loose that advantage. What should we think of their VPN they try to promote so much if they bow to Russian demands for blocking extensions...
Starting? Remember the time they silently installed an extension written for a TV network?
The project manager for it used to work in the advertising industry. When the ticket was filed in Bugzilla, she quickly set it to be private to try and hide it. Another mozilla employee put it back to public, and then the ticket was set such that not even employees could see it by Mozilla executive leadership.
How about them ramming Pocket down everyone's throats?
Or the 2022 "partnership" with Facebook over an advertising a "privacy preserving" advertising standard?
How about the CEO's astronomical pay increases while market share sank? How about the fact that they now have a billion dollars in assets, half of that in cash? And they slashed their software development budget a year or two ago? And paid someone ~350,000+ to write an "AI and racial justice" report?
I have good expirience with Vivaldi. Yes, Chromium based, but very-very customizable, a bit slower than other browser, again because of customizations, but in general it looks like they believe that user know what he/she is doing.
An independent browser engine is top reason I use Firefox. Anything based on Webkit/Blink is just reinforcing the monoculture and further locking out alternatives.
> Mozilla is starting to seriously have a long list of highly questionable if not directly user hostile behaviors.
Would you care to provide examples? I am a longtime user of Mozilla products unfamiliar with the topic and I am genuinely curious.
> What should we think of their VPN they try to promote so much
Mozilla does not have its own service but rather resells Mullvad, one of the most privacy focused services in existence. Is there more to this story that I am unaware of?
Allow me to add this to the other sibling comments: Pocket was an... interesting series of choices.
"""
Mozilla replaced a feature that was end to end encrypted with one that sent private data to a third party for data mining.
They denied getting paid for the integration. That was technically true. They eventually admitted they got paid for referrals.
They bought the company in 2017 and promised to release the source code. They still haven't.
The Pocket website says "as a member of the Firefox family, privacy is paramount."[1] The first part is misleading and the second part is simply false.
Open Sourcing something is never a easy task especially if it calls for a complete rewrite which i assume is why it still has not been open sourced yet
Buying a technology company, they buy a proven idea. If the bought tech has a diffrent stack than everything else Mozilla already had then rewriting it is going to be a good long term idea.
Because what people really want is a browser that can't use Netflix or Spotify...
Firefox would no longer exist today if they hadn't included DRM. Ideological purity is fun and all, but it's perhaps a good idea to occasionally recognize reality.
So in exchange for their principles, they got to keep 3 whole percent of the market? That's a victory?
I think that's a poor argument. However, I think the stronger argument is that in this case it's actually relatively okay. Like, it'd be a better world if DRM didn't exist, but given that they lack the market power to do anything about that, EME actually seems like the least bad option:
* It's sandboxed.
* It's optional and doesn't run by default.
* Firefox prompts the user and asks if they want to run the DRM.
In fairness, I understand that there are different views on this; I stop one tiny half-step shy of the GNU/FSF position, in that I would argue that people should have complete control of their machines, but that that includes the right to run software that doesn't respect their right to control the machine.
With all the criticism of Mozilla here, it wouldn't be any help to keep these few extensions available, and get the whole website blocked. It's possible to get addons signed and distribute it on other websites. On the other hand, when Apple complies with demands, there's no way to install apps anymore.
Does Mozilla have any assets or workers located in Russia? If yes, this could be the reason, as the censors won't hesitate to go after them, and the law in Russia is whatever Kremlin says it is. If there aren't then it's just unbelievable cowardice which lacks any explanation.
Mozilla does all sorts of problematic things all the time, but none of them have been as ethically terrible as this. I hope this is a temporary misunderstanding.
I think we're at the point where we need to ask, how the fsck supposedly "open browser" prohibits their own users from installing extensions they want to install? I mean, I get signing - if you want signing, you can use it. I even get the config option for enterprise setups, maybe - so if an org wants to standardize on Firefox and prohibit workers from installing unsigned extensions - fine. But when it comes to my own install, that's just bullshit.
It's a trade off between security for normies and power for technical users. I disagreed at the time (as an addon author) yet have come around to agreeing with the choice.
It's not IT. It's the "potentially unwanted software" installers they download. There's no way to distinguish a user installing an unsigned addon vs some malware doing so.
If you're already running an unverified third-party installer, your system is gone. There's nothing Firefox addon signing can do to save you at that moment. You are already at the "running arbitrary code" stage.
Is there a way to side-load Mozilla extensions and circumvent their store? We see now that any central-authority store is a net negative for online freedoms and rights.
The browser extension which might be useful only in Russia suddenly stopped being accessible from Russia? Seems like a possible source of income for the corporation.
MAANG and quasi-nonprofit husks of former megacorps aren't your friends. They tend to do the bidding of authoritarian regimes, enable genocides like Myanmar, and disclose metadata facilitating the targeting of civilians.
This sort of thing is exactly why browser extensions never should have required Mozilla's "approval" in the first place; forcing people onto beta or developer builds to have proper control over their own software is an appalling failure to live up to their stated ideology. If they wanted to "protect" average users, they could have defaulted to only allowing approved extensions and made it clear how to opt out for users who wish to do so.
This sort of condescending, controlling, anti-user behavior was one of the reasons I left Mozilla, and the politically/culturally difficult situations it puts them in are a bed they have, unfortunately, made for themselves.
The depressing truth is I can't recommend anything. Firefox soft-forks can easily allow unrestricted use of web extensions, but I haven't kept up with which ones are popular and actively maintained so I can't recommend anything specific. If Mozilla ends up standing behind this decision I guess it'll be time to do some research.
Mozilla has been problematic for a while now, both with personnel having some... strong political ideas, their governance, executive pay, product direction....
Ugh, I don't want to go back to a chromium based browser but I don't know how what other options I have at this point, short of dropping down to links/lynx/elinks ..
firefox could have some of the wackiest politics in the world but that fact remains that Google/Chrome is one of the key linchpins for the global corporate surveillance capitalism panopticon that we have today.
I still feel like it's an easy recommendation compared to the rest of the browser market.
I honestly can't tell it the was meant sarcastically.
Who defines what the "right" political idea is? And do you really want to live in a society limited only to ideas that are deemed as the "right" ones by whoever has that power?
What do you mean? Who defines the "right" political ideas in a democracy?
My understanding is that a democracy would exist to allow the majority of a society to define what they want, and that in the US we have a democratic republic because our founders still didn't trust the public enough to leave decisions entirely to a majority vote of the public.
You can do the same with Firefox. Simply use Beta, Dev Edition or Nightly. The first two are very stable. You just need to flip `xpinstall.signatures.required` to `false` in about:config.
As far as I know, installing unsigned extensions is also possible in ESR builds, in Firefox from Linux distributions, in Unbranded Builds from Mozilla (but I'm not sure if they keep older versions). In forks and in your own Firefox builds (from source).
The answer people don't want to hear is that the answer is to abandon the web. The standards are too complicated and evolve too fast. It costs too much. The bills have to be paid and that means everyone has to sell the users out "just a little bit, but at least we are better than the other guy".
> browser extensions never should have required Mozilla's "approval" in the first place;
You don't need Mozilla's approval; anyone can publish an add-on anywhere and anyone can install it in Firefox. I've distributed some bespoke non-public addons like this.
It's just the Mozilla add-on website/listing that's curated, which seems reasonable; it's their website and they can have their rules.[1] You can make your own "clipsy add-on listing" website if you want.
[1]: in this case, it's not even "banned", just not displayed in Russia. It was probably a "ban these extensions or we'll ban all of Firefox" type scenario. Saying "njet" to Putin is tempting, but how does all of Firefox being banned in Russia help Russian people? It doesn't. You may not like the situation, but simplistic takes which simply ignore the reality of the situation are not serious.
The extension needs to be signed by mozilla for the normal production builds of firefox to let you load it on startup. If it isn't signed, you need to manually load it in using about:debugging each time you restart firefox.
Mozilla is not preventing from signing anything here (and the "security checks" on who can sign are so weak it might as well not exist in the first place).
Same applies to Chrome as well by that logic; it allows you to sideload unverified extensions too at the cost of annoyingly making you set it up at every startup.
That's you're pedantically language-lawyering my post while not engaging with the far greater falsehood that the previous poster was perpetuating is not a good look.
And the reality is Mozilla can always block any extension they want. They can just change the Firefox source code. It doesn't matter what functionality does or doesn't exist now or what the policy they do or don't have – everything can always be changed. That's true for almost anything.
So what they "could do" is a complete distraction in the first place because the "could do" anything. What they ARE doing matters.
No, pointing out that your claims are conceptually false is a fine look.
It's not about things Mozilla could theoretically do to block you, it's that they require you to proactively get their permission to run an extension (in a prod version of the browser on an ongoing basis, which I think is reasonable table stakes). Here's their official docs for self-distribution, i.e. not using the AMO at all: https://extensionworkshop.com/documentation/publish/submitti... Notice that step 1 starts with giving Mozilla your extension to approve of, step 4 goes so far as to say that if your extension doesn't pass their checks then
> The message informs you of what failed. You cannot continue. Address these issues and return to step 1.
then step 7 is make sure Mozilla reviewers can read your source code, step 9 is wait for them to get back to you, and step 13 is download the XPI that Mozilla has approved to be allowed to run in their browser.
So yes, you absolutely need Mozilla's approval to publish an extension, even if you self-publish the XPI after they've blessed it. If they do not perform the action of signing it, they don't need to change any source code, it won't install. It may be true that in this case they have given that approval, but that doesn't invalidate the general point, and this is a fundamental restriction, not "language-lawyering".
I have to disagree that I'm perpetuating any falsehood here. Mozilla literally needs to approve an addon for it to behave normally. That you are satisfied with the process they have for approving doesn't change that.
To me it seems absurd for a company that claims to be so pro-privacy to not allow any genuinely private extensions to exist. Anyone who wants to make a 'real' addon has to share their code with mozilla.
I actually mostly had the top poster in mind, not you, sorry for the confusion.
What you're saying is technically true, but also not relevant, as explained. They can have the best system in place today, and just change Firefox tomorrow. So it doesn't really matter how the system works now. This is true for anything from Mozilla to XFree86 to Redis to left-pad.
De-facto reality is that right now anyone can create an account and just create a signing key and distribute their extensions $anywhere. Approval is little more than rubber stamp. Mozilla not going around granting "approval" or anything like that.
And they certainly didn't revoke the very weak "approval" here; people can distribute and install it. It's just not listed on the Russian add-on store. So that makes it doubly irrelevant.
thanks, didn't know about that. with all that censorship i been backing up a lot of programs and source tarballs locally. perhaps one day i'll go completely offline and off the grid and move to the mountains or some shit like Tuva where i will have goats and cows livestock. it's all getting so tiresome, i want out of this technological hell.
We received no notifications about this restriction. Waiting for the official statement or just any comment from Mozilla.