←back to thread

Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

(support.mozilla.org)
757 points shak77 | 2 comments | 15 Dec 17 13:47 UTC | HN request time: 0.416s | source
1. garganzol ◴[15 Dec 17 15:11 UTC] No.15932327[source]
Mozilla Firefox installer is signed by a code-signing certificate. But at the very end it means nearly nothing: if the developer cannot be trusted, no amounts of certificates, green bars, smart screens, stores and walled gardens can fix that.

That's a very important point to grasp, as I hear a lot of voices nowadays claiming that the modern security model (read walled gardens of all kinds) is the universal panacea.

Just the opposite, it brings a false sense of security making you more vulnerable. It also tends to inhibit a healthy and free market competition when a lot of potentially good software suppliers are gated off from the walled gardens from the start.

replies(1): >>15932440 #
2. fixermark ◴[15 Dec 17 15:28 UTC] No.15932440[source]
In general though, what is the alternative to trusting the source and distributor of a piece of content? As you've noted, if you can't trust the developer, the walled garden is irrelelvant... But if you can't trust the data source, isn't basically everything about the medium irrelevant?

In contrast, if you do trust the data source, why is a walled garden model of security worse than alternatives?