Was casually reading through Firefox release notes for version 115, and in “Changes” section there is an introduction of a new back-end feature that restricts extensions behavior
We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns.
This feature is obviously still under development, but it already forced people to look for fixes. This suggests the user-unfriendliness of this feature, which may be related to the goals that the infamous Web Integrity API is seeking: partly, controlling and limiting extensions, which are there for the community(!)
I, of course, understand that this update dates back to 4th of July 2023 - some time before this DRM-the-web thing exploded, but still it contradicts things that Mozilla stated in opposition of Google’s plan to hijack [even more] the internet.
How long before the YouTube page will be too private, sensitive and important to allow uBlock Origin from running on it? Will Mozilla decide that youtube.com is “quarantined domain” or will it accept suggestions from its monopoly colleagues?
This feature bug can be fixed by going to about:config and setting “extensions.quarantinedDomains.enabled” to “False”. For now.
Not trying to make a fuss and/or cause a hysteria, just pointing out that such a thing was introduced and slipped under the radar (haven’t seen a discussion about this on the internet). Mozilla may have other intentions for it, but it doesn’t look like something made truly “for the people, not for profit” as some of Mozilla’s slogans state.
Will be happy to discuss.
EDIT: “uBlock” > “uBlock Origin”
I believe μBlock Origin is one of the add-ons that are actively monitored by Mozilla for security, which would make this automatically never apply to it. At least, it doesn’t have the “This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.” warning that some add-ons have.
Comparing this to the web integrity API seems misinformed at best, and disingenuous at worse. It’s not related either technologically or conceptually. I might agree that it could have some undesirable outcomes if they end up falling down the slippery slope, but this post does honestly sound like the hysteria you said you weren’t trying to cause.
uBlock IS actively monitored by Mozilla, and YOU should actively monitor where this whole thing is going. That’s what I will do. One day they might change how this feature works by limiting even the monitored add-ons. Why not? The technology is there! Why would one be so sure that Mozilla possesses the power of will to stay off the slippery slope? They are either introducing this to later make a weapon of it or they aren’t. Are you Mozilla? If so, how can you assure me that I won’t have to search for an alternative browser in the future? I’m not boycotting Mozilla, nor dissing them. I’m pointing out what needs to be pointed out in order to give it enough attention, just in case.
Stay skeptical, everybody. Fair, but skeptical.
Read where you said “Not trying to make a fuss and/or cause a hysteria”, then reread the message you just sent me.
I apologize. I might have been a little theatrical. If I could send you an audio comment, I would, because then you’d hear my calm and reasoning voice telling you that they may or may not do something bad and/or stupid with it. I assume you wouldn’t blindly trust such a big entity, and would rather doubt everything it says (without being too maniacal) and then compare it to its future actions. That’s what I was inviting you to do - observe its future actions.
Thank you. I’d keep in mind that Mozilla is a nonprofit though - they don’t have the same nefarious profit motives that other companies may have. Which is just another reason Firefox’s continued survival is so important for the internet.
The Mozilla Corporation makes Firefox and is not a non-profit.
Technically true but it’s kind of a weird situation - they’re owned by the Mozilla Foundation which is nonprofit. I’ll yield on this point anyways.
I would definitely prefer relying on a non-profit than on a for-profit company, but still wouldn’t trust them 100%. I may very well be sick, but, for what I see it, it is some sane skepticism.
If they wanted to do it, there is nothing stopping them at any point. The slope doesn’t have to be slippery.
I understand. But if you cannot see the slope of others, how can you be sure?
It sounds like a decent feature if used to protect things like banking sites from potentially invasive extensions. I disable my adblocker (only extension I use) for all those types of sites.
Yes. It makes sense to limit everything except thing required to interact with such sites when accessing them, but, as history tells us, not everything served as higher purpose will remain noble and harmless. It definitely has potential to be used against users in the future. Will it? It is very much in line with what Web Integrity API proposed as a “solution”.
EDIT: added the last sentence.
Please chill. Just because there was a really bad proposal doesn’t mean everything coming out of browser companies is evil, especially Mozilla of all people. Specifially read this part on the page you linked:
If you are aware of the associated risk and still wish to allow add-ons disallowed on a site by Mozilla, you can do so from the Configuration Editor (about:config page)
So this just disables some extensions by default, but you can still enable them if you wish. That sounds very reasonable to me!
I understand. Just saw some similarities and thought of the worst. I repeat: I trust Mozilla (non-profit) muuuuuch more than I trust Google (for-profit), for example, but still not enough to exclude doubt. I personally like this quality in me, but I can see how, sometimes, it may lead to a misunderstanding like this post right here. Just wanted to have some external opinion on this, and make people who didn’t notice it notice it.
This is a pretty good hyperbolic rant. Nothing positive, all negative and an unsubstantiated “I can’t prove it but I think they’re doing this because…” which always gets the blood pumping and fingers flying. I give you an 8 out of 10. I could have given you a solid 10 on this effort if you had blamed the libs or a cabal for the nefarious deeds occurring in your about:config.
They didn’t hide the release of the
bugfeature, they posted it on the Moz website for future patch notes.The “for now” about the config setting actually made me chuckle. It’s an option that you can optionally choose to disable. They’re not testing their evil deeds on you by letting you turn it off.
Google is making their move because of their ad dollars at stake, Firefox will only benefit in terms of market share when that happens because they’ll have another bump in user count in the form of a mini-exodus from Chrome, just like they did when Chrome announced stopping ad blockers from running in their browser. Almost all income from Moz comes from partnerships with the search providers listed in the browser search options. 0 dollars comes from advertising, so there is absolutely no reason for them to keep you from blocking advertisements on pages that only helps their competitor.
It’s very clear to anyone that’s paid attention that Moz is trying to protect a user that’s downloaded a malicious addon(or one that’s been hijacked) from siphoning data like login/pass on your banking site when, for example, the addon is supposed to only change the youtube site from displaying shorts in your feed. Prior to this
bugfeature, an addon that could see all data on a webpage could see all data on any webpage, whether it needed it on that page or not which is comically bad practice. They’ve finally implemented a method of restricting addons that don’t need to see your most sensitive browsing from doing something nefarious like selling that data, using it against you or robbing you blind with it.Here’s the best part of it all though. Simply use a forked version of the browser if you feel you’re using one now that an evil entity is trying to enslave you with by forcing you to see their competitor’s advertisements(logic!). There’s many “hardened” versions of Firefox, like librewolf, which strips Mozilla phone-home stuff like telemetry, sync, etc., The code is open source meaning you can build your own from the sourcecode, which will allow you to pore over every line, looking for hidden treasures that are trying to ruin your browsing experience. Or at least make an uninformed guess that is what it’s doing.
Been writing these from Librewolf all along. I am in no way against progress. Instead, I am simply taking it like handles of a pot on a stove - not sure if it’s red hot or pleasantly warm. I am indescribably glad that extensions will no longer, knowingly or unknowingly, watch porn with me, but you can’t ignore the fact that, sometimes, things introduced, as awesome as they may seem, may not be used how God intended them. I’m sure Mozilla have all the best intentions regarding this, but, as I wouldn’t trust a stranger with a pocket knife (a tool that can be used as a weapon), I won’t trust Mozilla not to abuse this feature. I apologize once again for being hyperbolic and theatrical in my original post - that’s just how I write. I’ve been using Firefox, including forks, since forever and won’t abandon them just for a suspicion. As I said, I will be watching this thing grow hoping that this suspicion of mine will remain just that.
I’m not asking this facetiously but truly curious; Have you ever witnessed a single Firefox feature designed to harm your web experience? I don’t mean telemetry, etc but blocking ad blockers, forcing you to view ads, etc. I’ve been using Firefox for over 20 years, since it was named Phoenix and can’t think of a single example similar to the vein of your OP.
No. I have never witnessed Mozilla being evil. But there is first time for everything, right? They must be, maybe not entirely good - no such thing - but less evil than many other entities out there. Just trying to be cautious.
You’ve seemingly moved from “cautious” to “paranoid”, though.
Guilty. Although I sometimes give myself a wake-up slap.
