←back to thread

Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

(support.mozilla.org)
757 points shak77 | 1 comments | 15 Dec 17 13:47 UTC | HN request time: 0s | source
Show context
blauditore ◴[15 Dec 17 16:23 UTC] No.15932880[source]
Many people seem to be shocked because Mozilla installed an add-on automatically. In my opinion, it doesn't really matter since the code is coming from Mozilla - they're building the whole browser, so they could introduce functionality anywhere. If someone distrusts their add-ons, why trust their browser at all?

The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.

replies(16): >>15932942 #>>15932953 #>>15932998 #>>15932999 #>>15933001 #>>15933342 #>>15933599 #>>15933649 #>>15933656 #>>15933806 #>>15933901 #>>15934475 #>>15934693 #>>15935133 #>>15935703 #>>15941934 #
kryptiskt ◴[15 Dec 17 17:58 UTC] No.15933656[source]
The major problem is that they installed an add-on without properly communicating what it was. A somewhat smaller problem but still a big problem is that was an utterly frivolous add-on that shouldn't have been pushed to people who didn't explicitly want it. But the biggest problem is that Mozilla seems to have trouble understanding why any of those two would be a problem, I want my browser vendor to be serious and not play silly games that can so easily backfire.

Yeah, add-ons from Mozilla merits the same trust as the browser. But this cuts both ways, this stuff undermines my and probably more people's trust in the browser.

replies(7): >>15933923 #>>15934093 #>>15934185 #>>15934482 #>>15934861 #>>15934910 #>>15935508 #
UmmNope ◴[15 Dec 17 18:54 UTC] No.15934093[source]
The major problem was building a feature into the product that allowed for pushing add-ons without users knowledge much less active consent in the first place, there is no benign use for this kind of functionality.
replies(3): >>15934146 #>>15934171 #>>15934553 #
1. TooFastIndeed ◴[15 Dec 17 19:58 UTC] No.15934553[source]
Automatically updating an already enabled add-on is hardly the same thing as silently pushing a new one.

Security updates were and still are configurable to be installed after prompting, also when they are installed automatically I am notified that this has happened. There is also an implicit trust in the vendor that only security-related functionality should be changed in a security update.