Most active commenters
  • acqq(3)

←back to thread

Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

(support.mozilla.org)
757 points shak77 | 11 comments | 15 Dec 17 13:47 UTC | HN request time: 0.001s | source | bottom
Show context
AdmiralAsshat ◴[15 Dec 17 14:27 UTC] No.15932004[source]
https://support.mozilla.org/en-US/kb/lookingglass

The Mr. Robot series centers around the theme of online privacy and security. One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy.

...which you've done by installing a fishy-looking addon without our permission and making us less likely to trust you?

Well-done, Mozilla.

replies(3): >>15932105 #>>15932234 #>>15932789 #
theossuary ◴[15 Dec 17 14:41 UTC] No.15932105[source]
If you clicked on the link about shield studies you'd see it says they're opt in, did you not getting prompted about it?
replies(9): >>15932122 #>>15932143 #>>15932169 #>>15932180 #>>15932182 #>>15932185 #>>15932332 #>>15932363 #>>15932810 #
yborg ◴[15 Dec 17 14:46 UTC] No.15932143[source]
Apparently it's getting loaded anyway for some people that say they had "Studies" disabled and/or "Studies" itself became re-enabled.

The whole idea of slipping paid advertorial content into what are billed as "research" kind of gives the lie to this whole thing and is why I never turn these on in any product. Which is also why it's now "opt-out" by default, and why it will eventually not be an option at all. It's all for our own good, you see.

replies(2): >>15932194 #>>15932210 #
1. Ajedi32 ◴[15 Dec 17 14:52 UTC] No.15932194[source]
You don't just need "Studies" enabled, you also need to explicitly opt-in to each specific study on an individual basis:

> Participation in an individual study is opt-in

Source: https://wiki.mozilla.org/Firefox/Shield/Shield_Studies

If that didn't happen in this case, then I suspect it's probably a bug.

replies(4): >>15932236 #>>15932322 #>>15932829 #>>15932901 #
2. dpwm ◴[15 Dec 17 14:57 UTC] No.15932236[source]
I can confirm this most certainly did not happen in my case and, from other comments, there seem to be a number of us who did not opt in to this "study."
replies(1): >>15932395 #
3. acqq ◴[15 Dec 17 15:10 UTC] No.15932322[source]
> you also need to explicitly opt-in

Wrong, as far as I see: Looking in my about:config, I see

    app.shield.optoutstudies.enabled=true
    browser.onboarding.shieldstudy.enabled=true
enabled by default. The settings that I've changed from the default are shown in bold. These aren't bold. Those are the defaults. Everybody can check.

That means that the user must actively take steps to disable them, if he knows that they exist and where he can disable them.

Every time the user creates a new profile, and most probably also when he "refreshes" an old one, he has by default the studies allowed.

It's even worse in other aspects: through the UI the "Allow Firefox to install and run studies" can be unchecked but it doesn't change the value of "experiments.enabled" to false in about:config.

Apparently the "experiments" allow Mozilla to install the "experimental" extensions to any user, without him knowing. And these extensions are invisible in the GUI! Even if the user goes to the about:config and sets extensions.ui.experiment.hidden to false, it will be automatically set to true again.

replies(3): >>15932656 #>>15932744 #>>15933164 #
4. sli ◴[15 Dec 17 15:22 UTC] No.15932395[source]
Same here. I didn't even known about Studies until reading this thread.
5. Feniks ◴[15 Dec 17 15:56 UTC] No.15932656[source]
I speak from experience that a lot of FF users don't even know what about:config is or how to edit it.

It all seems sneaky and deliberately obtuse.

6. lozenge ◴[15 Dec 17 16:07 UTC] No.15932744[source]
It looks like experiments are previews of potential new features, like letting you pop a video out of a page https://testpilot.firefox.com/experiments/min-vid?utm_source...

Whereas studies collect usage data.

replies(1): >>15932816 #
7. acqq ◴[15 Dec 17 16:16 UTC] No.15932816{3}[source]
Why should the "previews of potential new features" in the form of the extensions be hidden from the user, and even if the user "unhides" them be automatically hidden again?
8. uep ◴[15 Dec 17 16:17 UTC] No.15932829[source]
Well, this is very troubling; it's installed in my browser. Not only did I not get prompted, I never volunteered for being in any studies. I'm running Firefox on Linux, but I installed it from Mozilla, and not the package manager.
9. ashark ◴[15 Dec 17 16:26 UTC] No.15932901[source]
I just installed FF on my mom's new desktop yesterday, noticed this crap while installing ublock origin. Definitely didn't opt in to anything. Made me wonder whether I'd accidentally downloaded some malware from a look-alike site, instead of official Firefox.
10. Ajedi32 ◴[15 Dec 17 17:01 UTC] No.15933164[source]
Are you sure that's what those config options do? I tried looking them up, but they don't seem to be listed in Mozilla's config documentation: http://kb.mozillazine.org/About:config_entries

According to the Wiki page I linked in my previous comment, global settings shouldn't even matter in this case; since each SHIELD study must be opted into on an individual basis. (Or at least, that's how it's _supposed_ to work.)

Edit: Looks like the wiki was updated to state that some studies can be opt-out rather than opt-in. This also seems in-line with the documentation for SHIELD, which has a section on opt-out studies: https://normandy.readthedocs.io/en/latest/user/actions/opt-o...

replies(1): >>15933730 #
11. acqq ◴[15 Dec 17 18:08 UTC] No.15933730{3}[source]
Your link in edit part is the answer to your question before the edit:

https://normandy.readthedocs.io/en/latest/user/actions/opt-o...

"opt-out-study: Install a Study Add-on Without Prompting

The opt-out-study action installs an add-on, typically one that implements a feature experiment by changing Firefox and measuring how it affects the user."

They are obviously the topic of:

app.shield.optoutstudies.enabled=true

That I mentioned.

I see a lot of commenters trying to excuse them. The problem is, people allowed the "studies" because Mozilla claimed that they are "measuring" whatever "to make Firefox better." They never told anybody that they are selling the "studies" functionality which silently installs ("opt-out" not opt in!) to the advertisers.

I don't know how anybody can defend such an approach.