←back to thread

Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

(support.mozilla.org)
757 points shak77 | 4 comments | 15 Dec 17 13:47 UTC | HN request time: 0s | source
Show context
blauditore ◴[15 Dec 17 16:23 UTC] No.15932880[source]
Many people seem to be shocked because Mozilla installed an add-on automatically. In my opinion, it doesn't really matter since the code is coming from Mozilla - they're building the whole browser, so they could introduce functionality anywhere. If someone distrusts their add-ons, why trust their browser at all?

The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.

replies(16): >>15932942 #>>15932953 #>>15932998 #>>15932999 #>>15933001 #>>15933342 #>>15933599 #>>15933649 #>>15933656 #>>15933806 #>>15933901 #>>15934475 #>>15934693 #>>15935133 #>>15935703 #>>15941934 #
skymt ◴[15 Dec 17 16:32 UTC] No.15932953[source]
Speaking for myself here, but I'm not concerned that Mozilla might push malware into Firefox installations. I'm concerned about the lack of judgement in pushing an extension with a vague, scary-sounding name and description simply for a cross-marketing tie-in, and I'm worried that it could have damaged the trust ordinary users have in Firefox.
replies(5): >>15933006 #>>15933291 #>>15934516 #>>15934671 #>>15935418 #
pmlnr ◴[15 Dec 17 16:37 UTC] No.15933006[source]
> I'm not concerned that Mozilla might push malware into Firefox installations

Nobody is concerned about that, in my opinion. I'm concerned someone will push malware through Mozilla into Firefox installations. Pushing addon installs should not be possible at all.

replies(4): >>15933118 #>>15933239 #>>15933501 #>>15936753 #
kibibu ◴[15 Dec 17 16:52 UTC] No.15933118[source]
I'm concerned about Mozilla pushing software written by the Mr Robot marketing department.
replies(3): >>15933277 #>>15933394 #>>15937337 #
y_u_no_rust ◴[15 Dec 17 17:16 UTC] No.15933277[source]
Is the plugin opensource, where can we vet it? I can't find it on github or anything like I can with the other plugins I use
replies(1): >>15933336 #
callahad ◴[15 Dec 17 17:22 UTC] No.15933336[source]
The source lives at https://github.com/gregglind/addon-wr/
replies(1): >>15933355 #
Ajedi32 ◴[15 Dec 17 17:25 UTC] No.15933355[source]
Looking over [the contributors list][1], looks like the plugin was written entirely by Mozilla employees. So, no "Mr Robot marketing department", as some commenters here have been speculating.

[1]: https://github.com/gregglind/addon-wr/graphs/contributors

replies(3): >>15933504 #>>15935757 #>>15936168 #
acqq ◴[15 Dec 17 17:42 UTC] No.15933504[source]
It's technicality. The description is still:

"Looking Glass is a collaboration between Mozilla and the makers of Mr. Robot to provide a shared world experience."

It doesn't matter who technically coded it. "Mr Robot marketing department" was obviously deciding about its existence, behavior and content -- if that description is true.

But looking at the source of the extension, I find the following URLs inside:

https://www.red-wheelbarrow.com/forkids/

https://red-wheelbarrow-stage.apps.nbcuni.com/forkids/activi...

So it seems it is some marketing, the question is which company now, and do they change?

replies(1): >>15934230 #
rhys91 ◴[15 Dec 17 19:13 UTC] No.15934230[source]
I'm not sure why this is downvoted. I work in advertising as a conceptual creative. My entire career is about creating ideas like this for brands.

An art director and copywriter sat in a room together over two days and came up with lots of different ideas to generate PR for Mr. Robot. They presented the ideas to a creative director, who went through the work and picked the one he felt was most suitable. They presented it to the client, who supported the idea.

There would have been some line of communication from the creative agency, whoever owns Mr Robot, a media/PR agency and Mozilla. The idea was bought by the client, had the agency liaise with media/PR, got in touch with Mozilla with an undisclosed donation and the add-on was coded.

replies(1): >>15934336 #
acqq ◴[15 Dec 17 19:29 UTC] No.15934336[source]
The biggest problem, for me, is that these extensions obviously get less scrutiny in Mozilla organization. The "core" is made with a lot of "eyes" taking care that not something "wrong" for the user enters the code base.

Then some marketing people both in and outside of Mozilla push something that is probably not passing the same strict reviews.

It points to the organizational problem in Mozilla.

Re: "not sure": don't worry, some people do this not for the content but for the author, some lack reading comprehension and some just press the wrong button. Just vote yourself, and if you reply, say that you agree, don't mention the word you mentioned.

replies(1): >>15934795 #
jonathankoren ◴[15 Dec 17 20:28 UTC] No.15934795{3}[source]
Why would assume that it doesn’t pass through the same review process? None of your assumptions are obvious to me.
replies(1): >>15934909 #
1. acqq ◴[15 Dec 17 20:42 UTC] No.15934909{4}[source]
Why would you assume that it does? Have you ever seen how big products like core Firefox binaries are written, reviewed and tested? I took part in that, and this doesn't look at all as part of that process. I see it's even not in the same repository where the "serious stuff" is. It's not the part of that process.

This looks like "let's give litte Perry and these marketing departments something to play, whatever, it's just an extension, who cares." So little Perry writes a description of the extension "MY REALITY IS JUST DIFFERENT FROM YOURS", the extension gets silently pushed to all the US users(!) (Firefox has support for that) who freak out, and the first response from somebody involved with that was "it was not supposed to be seen." You see, it was planned to keep the extension also "invisible" to the users -- Firefox has support that too! The extension was obviously not formally reviewed or formally tested, if the "invisibility" was the goal. Of course, it being "invisible" wouldn't be better. It's a misuse of the whole mechanism, compared to what Mozilla explained to the users. The mechanism was supposed to allow making "studies" from the behavior of the users who agree to take part in them. Instead, it was an attempt to a "viral ad" that was delivered to the whole Firefox using US population. There are multiple wrong decisions in this story.

Now I hope Mozilla does get the idea that the users do care.

replies(1): >>15939820 #
2. ackalker ◴[16 Dec 17 15:04 UTC] No.15939820[source]
> [...] the extension gets silently pushed to all the US users(!)

Non-US user here, my Firefox got it, too.

replies(1): >>15939984 #
3. acqq ◴[16 Dec 17 15:42 UTC] No.15939984[source]
It's not what you are but what your settings are, please go here and check what your browser reports under ACCEPT_LANGUAGE. If it is "en-US" you are considered a "US user" enough:

https://www.whatismybrowser.com/detect/what-http-headers-is-...

BTW: the extension we all talk about here has exactly this site that is used for checking the headers hardcoded inside, obviously in order for the developers to test their newly coded functionality with which they add an additional header entry in the request to some specific sites, specifically, the "main target" is a brand (I've given the link earlier on in this thread). It's obviously an advertisement for the US as that "main target" site is only meaningful to the US public. But it's obviously not the whole story.

If your language is not en-US it's worse than what I've understood.

replies(1): >>15940216 #
4. ackalker ◴[16 Dec 17 16:33 UTC] No.15940216{3}[source]
In my case the setting lists two languages, but "en-US" does appear to have a higher 'quality' factor, so there.