Most active commenters
  • hitekker(3)

←back to thread

Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

(support.mozilla.org)
757 points shak77 | 14 comments | 15 Dec 17 13:47 UTC | HN request time: 0.896s | source | bottom
1. hitekker ◴[15 Dec 17 19:26 UTC] No.15934310[source]
1) Mozilla uses weird, spooky language in an add-on.

2) Users are justifiably concerned.

3) Mozilla explains that the add-on is actually anodyne; the developers responsible were having fun with an opt-in research service.

4) Some users try to justify their initial overreaction by painting Firefox as mysterious, dangerous entity, fabulating conspiracy theories about one of the most forthright and open OSS companies in the world.

Really, guys. If Mozilla was hellbent on invading your privacy, do you really think they would proudly entitle their tracker "Looking Glass". Or would they call it debugservice_1223?

replies(5): >>15934357 #>>15934746 #>>15935512 #>>15936001 #>>15936446 #
2. Karunamon ◴[15 Dec 17 19:32 UTC] No.15934357[source]
3.5) Most users insist that this isn't okay, that addon installations should be approved by the owner of the computer.

This isn't about what the addon itself does or does not do, it's the principle of force-pushing unwanted content without prior affirmative consent.

This would apply even if the addon was just a stub that didn't have any executable code in it. In this case, it's worse: an ad.

replies(2): >>15934443 #>>15934456 #
3. takeda ◴[15 Dec 17 19:44 UTC] No.15934443[source]
When you install Firefox it asks whether you want to take part in these studies. You can also change the setting at any time in preferences (about:preferences#privacy section).
4. hitekker ◴[15 Dec 17 19:46 UTC] No.15934456[source]
I would agree with you, if the add-on in question was not developed, shipped, and offered by the people who made the browser, of which the add-on sandbox is a part.

In my view, that sandbox is a trusted area between the browser and the user.

Mozilla has the privilege accorded to it as the developer of the browser, to modify the addon sandbox so long as they don't infringe on my interests, e.g., security, stability, privacy, speed.

For example, Chrome automatically disable extensions that ask for too many new permissions upon update. Chrome will also make it difficult to add extensions that are not listed on the chrome store.

If we remove the right for browser developers to install, uninstall and alter add-ons, then we're essentially forcing them to modify the browser instead, which is overkill for the add-on in question.

At the end of the day, if you can't trust the developers of your browser, then you should install another one and disable add-ons entirely.

3.5 falls into 4.

5. callahad ◴[15 Dec 17 20:21 UTC] No.15934746[source]
Thanks for the positive take, but I do think that folks are justified in their anger.

Even though the add-on itself was innocuous, the context around its scope, delivery, and presentation were not what they should have been.

replies(1): >>15935609 #
6. toyg ◴[15 Dec 17 21:50 UTC] No.15935512[source]
1) One day you wake up and somebody is watching TV in your living room.

2) you freak out. Who is this guy? I didn't invite anyone last night!

3) The guy turns around and it's just your mate Chad. He didn't mean any harm, just wanted to watch TV and hang out.

4) This is not on, Chad is a psycho.

Intentions don't really matter: they've just demonstrated a scary and invasive capability without any warning. Minimizing it doesn't help.

replies(2): >>15935864 #>>15935975 #
7. hitekker ◴[15 Dec 17 22:02 UTC] No.15935609[source]
Justified in their concerns, certainly. But not in their seething, frothing paranoia.

We have people comparing the installation of a near-stub browser add-on by the browser vendor, to full-on home invasions.

The language was a mistake and should have not been pushed out, or maybe even written to begin with. Mozilla ought to remember how skittish their userbase can be.

8. erk__ ◴[15 Dec 17 22:39 UTC] No.15935864[source]
This would work better if chad lived in the same house and you shared the living room.
9. franga2000 ◴[15 Dec 17 22:59 UTC] No.15935975[source]
This "scary and invasive capability" has been included in almost every larger piece of software for years and is widely accepted to be a mostly good thing - it's called automatic updates. Considering updates allow pushing native, even admin-level code, this capability of pushing little bits of JS becomes benign in comparison. Therefore, the only thing that's left to worry about are their intentions. And I, for one, would rather trust the goodness of Mozilla's intentions than Google's or Microsoft's.
replies(3): >>15936488 #>>15936495 #>>15937001 #
10. scott_karana ◴[15 Dec 17 23:02 UTC] No.15936001[source]
> 3) The developers responsible were having fun with an opt-in research service.

Having fun at whose expense, though? Widely deployed platforms used for extremely sensitive, personal materials shouldn't be subjected to "for fun experiments". That's the height of unprofessionalism.

What if the add-on had a bug, or an unintended side effect? Come on.

11. bigbugbag ◴[16 Dec 17 00:13 UTC] No.15936446[source]
> do you really think they would proudly entitle their tracker "Looking Glass"

They actually called it telemetry, but IIRC in the early firefox version it was a proprietary extension (I don't remember the name) which spurred the gnu iceweasel into existence to provide the browser without the proprietary spying extension.

12. bigbugbag ◴[16 Dec 17 00:22 UTC] No.15936488{3}[source]
Automatic updates are a thing, but not necessarily good as this is the first thing disabled on windows since palladium for security, privacy and usability reasons.

Actually talking of good/bad dichotomy is inappropriate here, automatic updates are a tool that can be useful and comes with benefits and downsides. Firefox automatic updates is among the first things I disable when I install firefox because it caused me more issues than it solved.

Starting firefox to discover it has auto-updated itself and had broken half the extensions you rely on to make the browser usable is not nice, specially when there are no option to undo the update other than removing and reinstalling.

But when the autoupdate installed a new firefox that simply broke audio in the browser and now forces you to install something you've been actively avoiding or that is not available in this specific distro is something else.

I have a working update hygiene I'd rather deal with updates myself, thanks.

13. toyg ◴[16 Dec 17 00:24 UTC] No.15936495{3}[source]
From great power comes great responsibility. We try hard to ignore that these things can be done, and we are reminded so brutally, it's always a shock. Maybe I've given the keys to my house to Chad years ago, for emergency purposes; that didn't mean he could come in anytime and start cracking Mr Robot jokes.

> I, for one, would rather trust the goodness of Mozilla's intentions than Google's or Microsoft's.

Me too, but when a company bases his reputation on a certain platform ("we will not spy on you, your privacy is important") and then stuff like this happens (and it's not the first time, not even this year), it shakes one's belief in their trustworthiness.

14. SpliffnCola ◴[16 Dec 17 02:14 UTC] No.15937001{3}[source]
"Automatic update" implies updating of an _already_ installed add-on/program.

This was not an automatic update, it was an installation.