I stan Firefox but I am scared about this to the point not much discussion exists on this.
Yeah this is problematic for open source software. Plenty of better ways to implement a security feature. Seems they will probably end up blocking adblockers eventually with features like this. Why was it approved, surely there is some discussion on the Dev mailing lists?
The bug tracker almost has no discussion, just a few comments. I archived it on Wayback Machine personally, nobody did it in 2 days.
That’s worrying. I wasn’t surprised that google did it with chrome, but this is surprising. I was thinking surely people would be looking to fork it and take it in a different direction. Maybe it’s finally time to switch to another browser. With just chromium and Mozilla engines, I wonder what the good options would be.
There does exist override option. Read blog post I linked. user.js still retains all the power we need.
They have a knowledgebase article explaining why …
… that doesn’t explain why. Yes it explains the technical mechanism by which extensions can be blocked, but no explanation why this feature is even there. There’s just a sentence about “various reasons, including security considerations.”
I think it would help if they explained some of those “various reasons”, maybe with an example. Then I might even agree that those are situations where that might improve the user experience. Or the security.
But I would absolutely demand a transparent process for how, why and by who these decisions get made. And possibly a way to enable the extension regardless - you open a page, an extension is blocked, you get a notification explaining why and giving you an override option.
Part of me wants to believe that this is just very poorly communicated. Mozilla has been doing this for a while, for example extensions don’t work on addons.mozilla.org or any of the about: pages. And that seems reasonable to me. But I also don’t like the thought of mozilla policing what a user is or isn’t allowed to do.
There does exist override option, as Jeff notes in the blog post I linked. The whole stuff surrounding this implementation though, is the real problem.
I don’t mean some obscure about:config setting. I want it to show me some indication (doesn’t have to be a popup, those have their own set of issues) that tells me “Firefox blocked x extension on this site [enable it]” - like they do for popup windows that have been blocked.
It is not obscure if you bothered to read linked blog writeup. It is as obscure as literally every option in about:config page.
It is a bit concerning if Mozilla Corporation (which is ultimately supposed to serve the goals of its shareholder Mozilla Foundation) are trying to develop things which are not exploitable security bugs behind closed doors. The reason for Bugzilla supporting confidential bugs is so 0-days aren’t available for anyone to browse, and that justification doesn’t seem to exist in this case.
Of all genz slang, i hate the word “stan” the most
calling Stan Gen Z is hilarious.
