• macniel@feddit.de
    link
    fedilink
    English
    arrow-up
    40
    arrow-down
    2
    ·
    1 year ago

    Silently, but with a huuuuge Banner that notifies you that the extensions were disabled; not really silent then?

    • foobar@lemmy.villa-straylight.socialOP
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      3
      ·
      1 year ago

      You would have to be looking for it:

      Note that the warning appears in the Extensions popup rather than on the Extensions icon, so you wouldn’t know that StopTheMadness was disabled on YouTube unless you opened the popup (or unless you saw the autoplaying videos on YouTube that StopTheMadness would otherwise stop.)

      What happens, though, if you pin the extensions to the toolbar for easy access to their settings?

      It turns out that when you pin an extension to the toolbar, it no longer appears in the Extensions popup! Consequently, the quarantined domains warning no longer appears in the Extensions popup either. In fact, there’s no longer an Extensions popup: clicking the Extensions toolbar icon simply opens the about:addons page, which doesn’t show the quarantined domains warning anywhere.

      • macniel@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I would like to see a link to that setting even with a security banner in front of it where you have to agree that everything that happens from now on is on you and not firefox.

  • rookie@programming.dev
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    This does feel like something you should be able to toggle off. I can understand their security concerns, but I didn’t switch to Firefox because I wanted less control/trust from my browser.

      • axtualdave@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        The intent behind the feature is obviously to keep a list of known-bad domains there, to disable extensions Mozilla hasn’t vetted as safe on said malicious domains.

        If I had to guess, I’d say it’ll be set to "" by default, unless you crank up some security setting to extra-paranoid, or, obviously, set it yourself.

  • fubo@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    It’s unclear exactly what’s going on here. It could be a good idea or a bad idea.

    Good idea: When accessing the login page for an important service, the user should be warned before low-trust extensions are enabled, to reduce the chance of hostile extensions stealing user credentials.

    Bad idea: Allowing web site operators to dictate what extensions users may use on those sites.

  • qwop@programming.dev
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    I wish I could have extensions default to off and be able to turn them on selectively on sites. For things like darkreader I don’t want to use it 90% of the time so it shouldn’t need to have at access to site data.

    By the way, I don’t like the title of this article, how is it done “remotely”, it’s just a list in about:config, no? Sounds clickbaity.

    • AnyOldName3@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Most people leave those settings alone. If you’ve never changed the value, whenever Mozilla change the default, you’ll be updated to the new default when you update your browser. That’s a remote change to which websites remain unaffected by extensions, except for the minority of users who’ve done something about it.

    • where_am_i@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      extensions are already disabled on Firefox help website. No dark reader will work there. They probably extended that capability into an actual backdoor.

      • qwop@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Last time I checked companies don’t share backdoors they’ve added in release notes.

  • zosu@vlemmy.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    i could imagine putting a banking site on that list to make sure no banking data can be leaked to an extension. two edged sword tho

  • AProfessional@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Access to literally every website is a very scary permission that is too common. I’m not sure the best approach but limiting this, with some user input, is a good move.

  • ArkyonVeil@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Can confirm. I just upgraded to 115, and tried out my own extension Obliterate Curves, which is similarly not monitored by mozilla due to how tiny it is. If the current domain is a “Quarantined Domain.”, all extensions which aren’t monitored will get downright disabled.

    Do note, the list was empty by default. 100% troubling but hard to say where they’ll go with it. Might end up as a “tick this website as secure” box later, though I’d personally prefer control over which sites an extension is allowed to run in.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Yet another reason to use mullvad-browser instead of vanilla Firefox.

    Removing user agency is a big deal, to do it silently is a massive red flag. Even if the intentions are good paternalistic behavior removes agency from users.

  • db2@lemmy.one
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    69
    ·
    1 year ago

    fiReFox iS So much BEtTer tHan ChrOme foR PrivACY