Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser

Many people seem to be shocked because Mozilla installed an add-on automatically. In my opinion, it doesn't really matter since the code is coming from Mozilla - they're building the whole browser, so they could introduce functionality anywhere. If someone distrusts their add-ons, why trust their browser at all?

The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.

Speaking for myself here, but I'm not concerned that Mozilla might push malware into Firefox installations. I'm concerned about the lack of judgement in pushing an extension with a vague, scary-sounding name and description simply for a cross-marketing tie-in, and I'm worried that it could have damaged the trust ordinary users have in Firefox.

> I'm not concerned that Mozilla might push malware into Firefox installations

Nobody is concerned about that, in my opinion. I'm concerned someone will push malware through Mozilla into Firefox installations. Pushing addon installs should not be possible at all.

They can also push new browser releases though. They are also auto-installed by default.

The exception is that an addon can do slightly less damage than a compromised browser itself.

I deeply hate this update methodology. Some hippster fresh from university decides that the gui, approach, functionality i use daily is no longer needed and pushes his rewrite into a release. One click later im stuck with this, because all the bundled crap is hijacking the "security" for a ride.

If any software developer would truely respect users, he would offer updates as seperate packages, where users can opt out of non-security ones- and those updates humanity votes with there feet against, vannish into the bin of useless software.

Imagine the complexity of maintaining the software when every patch must anticipate a fragmented mess of different pieces of patches being installed on target systems. Imagine the explosion of testcases required.

At that point, it’s probably better to just stop feature development and do nothing but security patches, which of course will lead to stagnation and which will also lead to fragmentation as many more incompatible releases of the same software will be out in use.

This will make it even harder for developers to adapt new technologies. Imagine how bad the already messy caniuse.com would look when every single browser version would be supported forever and could be individually configured feature by feature.

Especially as people somewhat versed in technology (I think it’s safe to call HN audience that), I think there is advantage in going with the flow and adapting to new releases and UI paradigms.

Otherwise we'd still be running on DOS and us developers would still have to support it.

Relevant XKCD: https://xkcd.com/1172/