Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

This is what it looks like: https://imgur.com/a/mriUw

It scared the hell out of me! Are these guys losing their minds?

It was reported as a bug and the response thus far is indeed underwhelming for such a severe issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1424977

>Are these guys losing their minds?

Yes

I don't know what the hell is going on with Mozilla. Ever tried to install Firefox on Android? The new tab page is full of ads by default!

And this is the company we are supposed to trust? Because right now I feel like I trust Google more, and that's a lot to say.

It wasn't supposed to be visible on the addons page

We can't argue with your feelings.

To solve this "problem" on android, check this xposed framework module:

http://repo.xposed.info/module/de.defim.apk.unbelovedhosts

Then these pages should not be full of feelings:

https://www.mozilla.org/en-US/

https://www.mozilla.org/en-US/internet-health/

I don't think that makes it better. Knowing that there's a way to get an addon installed invisibly is going to be more justification for paranoia.

You can disable these studies under Options | Privacy and Security

Could you please be more clear? I disabled all my extensions and still don't see anything there that is based on feelings?

Adds are annoying yes, but they are only bad for your privacy if they track and profile you. Adds allow for free stuff and they can be done the right way. Granted this is becoming more and more rare so I understand your standard association of adds with distrust. The adds you refer to are non tracking (please tell me if I'm wrong though) and will slowly be replaced by sites you visit (often).

I hate the fact that Firefox increasingly makes me jump through all sorts of hoops to find all the hidden options to turn off their various spyware attempts. Its the Win10 of browsers...

Ads abuse the user's time, attention, and privacy. Minus the tracking, that's still two factors of abuse rather than three.

I don’t mind ads... uMatrix and uBlock Origin take care of that noise for me.

Going through your browser settings really is quite the hoop.

that would be worse

You should opt in, not opt out

Yeah, its so intuitive for the average person to type: about:config in address bar and scroll through hundreds of oddly named parameters to turn off spyware.

Comments like yours are illustrative of a certain mindset. When you encounter the complexity of domains you are not intimately familiar with (court system, law, finance, etc), and those complexities are designed specifically to make it hard for you to protect yourself, I'm sure you are just as understanding as you are now.

It is.

There almost certainly is not a way to invisibly install add-ons, unless you are part of Mozilla, and, you know, making Firefox. If paranoia is your thing, it might be worth considering that Mozilla can do anything it wants inside Firefox core, all of it is "invisible" to you.

I think they are feeling betrayed by Mozilla, and that they are saying language like "We all love the web" and "Internet for people" inspires feelings.

How do they abuse your privacy without tracking? Of course if they didn't abuse your time and attention they wouldn't make sense. But someone has to be paying Firefox's development, and it is not you. I'll take that last part back if you contribute to Mozilla. Hey, maybe it's an idea for a donation: make a 5$ Firefox without adds. I'd pay. To bad part goes to Google that way.

You're being hyperbolic, you don't need to go into about:config.

It's right in the main browser settings, under the Privacy and Security section where one would expect settings like this to be

Yes and a big part of this entire issue is users deciding whether we can trust Mozilla with that power or not.

> Adds[sic] allow for free stuff

The opposite is true: ads must be paid for, which makes products and services more expensive.

Ads are a convoluted, inefficient form of wealth redistribution; whether that's "good" or "bad" depends on the specific circumstances.

For example, we might (simplistically) say it's "good" when we receive something paid for by ad revenue, but the burden of paying for (e.g. by price increases) and being subjected to those ads is carried by others. For example, if we tune in to a radio station, listen to a song, and tune out before some ad for a product we don't use.

We could say it's "bad" when the opposite happens, for example if we pay higher fees for shopping on Amazon, which then get spent on advertising Prime Video which we don't use.

No. Firefox was too big for my old phone and I switched to palemoon when firefox stopped allowing unsigned plugins on my desktop. I've been using habit browser on my phone. I don't really trust it at all so I give it minimal permissions and try not to do any browsing on my phone I don't expect to be tracked or monitored. It's fast and customizable and has a built in adblocker so I've been fairly happy with it. I've tried a lot of different mobile browsers. I haven't really found any I liked. They all kinda suck in one way or another. I was really hoping something from F-Droid would be appealing to use but they were all disappointing. The state of mobile browsers in general is kind of abysmal.

And this is the point where even the most Mozilla-supporting users move away. For me, this is it, I’m going to Chromium.

Fuck this shit, in the past months we had CliqZ https://news.ycombinator.com/item?id=15421708, we had Mozilla adding new telemetry, we had Mozilla force-enable toolkit.telemetry.enabled, we had Mozilla say that, if you download Nightly, that is considered opt-in to tracking, we had Mozilla put Google Analytics into the Addons menu (because it’s loaded from addons.mozilla.org: https://github.com/mozilla/addons-frontend/issues/2785 ), and we had Mozilla say that, if we don’t trust Google, we shouldn’t use Firefox.

Fuck this.

The irony is that people pay, just not to the right place. Every unnecessarily-bloated download tears through data plans and costs people money to their ISP that never makes it to the provider.

I want plain-text ads that provide just as much revenue to web sites but without obnoxious experiences and fat downloads.

How are you supposed to do turn the defaults to a reasonable level of privacy without launching Firefox once though?

> Every unnecessarily-bloated download tears through data plans and costs people money to their ISP

Only in third internet world countries like the US... Elsewhere, we don't have limited data plans.

Preferences/Options -> Privacy and Security -> Allow Firefox to install and run studies

Great points, thanks for compiling these..

I was using firefox because I don't trust google. ;(

This is going to put me in weird company but I really don't see why metered billing is such a terrible thing. Most other utilities are pay-for-amount-used. And as a bonus, this creates an incentive for developers (via customer pressure) to not use insane amounts of data.

Regarding telemetry, take a look at the settings in about:config. There are several toolkit.telemetry.Ping settings which are set to true by default. In the spirit of charity I'm going to assume that those phone home pings - on startup, shutdown, update - are not enabled unless telemetry is enabled. But I have not checked...

I remember it was asking if I want participate in studies when I installed FF for the first time.

> It's right in the main browser settings, under the Privacy and Security section where one would expect settings like this to be

If you asked me "where would you go to change settings to prevent the browser from violating your privacy and infringing on your security?", then, yes, I would go to "Privacy and Security". If, however, you asked me "what would you expect to find under 'Privacy and Security'?", my answer would be that that's where I would go to protect myself from malicious websites, not from malicious browsers.

(I know that 'malicious' is quite, and almost certainly too, strong here, but the point is that I think, and am explicitly encouraged to think, of Mozilla as being on my side against the sites I visit, and I don't think it's natural to expect that I will start thinking of how I need to protect myself from Mozilla to use their products in the way that I, rather than they, intend.)

You could have asked me what I meant.

It is because data, unlike water or electricity, isn't a finite resource. Your electricity bill includes the generation in the power plant and the transmission over the power lines. When it comes to Internet access, you're paying for the transmission (bandwidth), but there isn't a "packet generation plant" that you should have to pay for.

Also, data caps mean people will use less data, meaning using less bandwidth, meaning ISPs will have less of an incentive to upgrade their already ancient infrastructure. It would be giving them more money to use less of what they provide.

Alternatively you can give waterfox[1] a try.

Features

    Disabled Encrypted Media Extensions (EME)
    Disabled Web Runtime (deprecated as of 2015)
    Removed Pocket
    Removed Telemetry
    Removed data collection
    Removed startup profiling
    Allow running of all 64-Bit NPAPI plugins
    Allow running of unsigned extensions
    Removal of Sponsored Tiles on New Tab Page
    Addition of Duplicate Tab option
    Locale selector in about:preferences > General

[1]: https://www.waterfoxproject.org/

There's an extension for that called privacy settings[1] it exposes all the settings in one easy place.

I also recommend waterfox instead of firefox.

[1]: https://addons.mozilla.org/en-US/firefox/addon/privacy-setti... [2]: https://www.waterfoxproject.org/

If what you say is true, please point me to where I can find the following privacy settings in the main preferences:

  network.websocket.enabled
  network.IDN_show_punycode
  dom.event.clipboardevents.enabled
  dom.storage.enabled
  dom.indexedDB.enabled
  dom.battery.enabled
  dom.enable_user_timing
  dom.enable_resource_timing
  dom.netinfo.enabled
  layout.css.visited_links_enabled
  browser.safebrowsing.phishing.enabled
  browser.safebrowsing.downloads.remote.enabled
  browser.safebrowsing.malware.enabled
  browser.send_pings
  beacon.enabled
  privacy.donottrackheader.enabled
  privacy.trackingprotection.enabled
  dom.enable_performance
  datareporting.healthreport.service.enabled
  datareporting.healthreport.uploadEnabled
  toolkit.telemetry.enabled
  toolkit.telemetry.unified
  media.peerconnection.enabled
  media.peerconnection.ice.default_address_only
  media.peerconnection.ice.no_host
  media.eme.enabled
  media.gmp-eme-adobe.enabled
  webgl.disabled
  geo.enabled
  camera.control.face_detection.enabled
  device.sensors.enabled
  security.tls.unrestricted_rc4_fallback
  security.tls.insecure_fallback_hosts.use_static_list
  security.ssl.require_safe_negotiation
  security.ssl.treat_unsafe_negotiation_as_broken

Errr... is "dom.enable_performance" really a privacy setting?

Doing someone online searching now, not seeing an explanation for it. There is one other HN post though, also mentioning it in a privacy context, but not further info either. :/

And he's saying that this occurence should have no effect on this decision, not in any rational mind.

How exactly? Whether they push out code to you by just changing the binary or by installing an extension makes no difference. In fact, pushing it out as an extension, means they actually have less control over your browser, because are bound to the restrictions that extensions have.

Every browser vendor has this control over you when you use their browser. Some have even more, because they don't even need to tell you about it when they're closed-source.