The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.
Sorry, but I'm uninstalling firefox. They have broken the basic trust I have in them as a user to not push arbitrary code to my machine against my interests.
Do you have any evidence of this?
Assuming their normal processes for SHIELD studies were followed, a _lot_ of different people have to review the plugin before it gets approved: https://wiki.mozilla.org/Firefox/Shield/Shield_Studies#Who_A...
Edit: Also, the contributors list on the plugin's GitHub repo lists exclusively Mozilla employees: https://github.com/gregglind/addon-wr/graphs/contributors
I worked at Mozilla for about four years (2011-2015), on MDN. It's built as a wiki, with wiki features open to everyone. The code is all open source and on GitHub. Its issues and tasks and roadmap are tracked in a public bug tracker. We operated in a public IRC channel. We didn't have to do that. We could have just built something targeted to only be used by the technical writing staff at Mozilla, and never bothered to open it up or make the code available or make it transparent about who wrote articles and when. In fact, it's much more work to do all the things we did (and not just in terms of implementing features, but also in terms of dealing with spammers and trolls and other malicious people who wouldn't have had access in a less open system), but we did it anyway because Mozilla is a radically open and transparent organization. But... in four years, not many people from outside Mozilla ever joined in and got involved with actually contributing (either code or articles or edits to articles or housekeeping or suggesting/arguing for ideas of how to improve MDN).
And I've been doing open source for much longer than that, and I see exactly the same pattern: a handful of folks do all that work, and go to the trouble of being open and transparent and providing ways for people to see what's going on and get involved... but people don't.
And then those same people willingly install the software and use it every single day, and complain that they were never consulted, or never got a chance to review, or never got to provide input. You had chances to look at the source code, to see what was being checked in, to read the referenced Bugzilla bugs on commits, to leave comments on them, to submit alternative ideas. You didn't. You did install Firefox, though (assuming your claim is correct that this was installed on your computer). By installing the software while not participating in the process, you absolutely gave your "review" of it, and your "review" was "just make a browser for me for free and don't bug me about how".
Now, if you want to be involved, go start watching Bugzilla and the Mozilla project wiki pages, and CC yourself on stuff and join mailing lists. Because it's Mozilla. You can do that. If you don't want to do that, or you don't think it's worth your time to do that, then don't do it. But don't then come charging onto HN to complain that nobody consulted you. People practically got on their hands and knees and begged you to join in the process of making Firefox and other open source software, and you decided not to.
However, when you decided that the source code I could review would be installed on my computer without my consent, then I do object. It's my computer. It runs things that I choose to run on it, not things your marketing/sales department thinks my computer should run.
Additionally I find your rant about "open source is for all of us to contribute and if you don't shut the fuck up" wholly ridiculous.
If you now decide you don't want to run that software anymore, that's perfectly fine and is your choice to make. But arguing that you didn't have an opportunity to know what was going on or review code before it landed on your computer, when you installed Firefox by your own choice, when you decided not to take advantage of the radically transparent and open way it's built, is just not going to fly. You had a million and one opportunities to "review" the code you were going to download and run. You just chose to do other things instead. You seem to regret that, but you also seem not to have learned any lesson from it.
This is not hard. Don't automatically install stuff on your users' computers. You're defending something every other software company has found themselves in trouble for previously. I really don't understand why. The fact that Firefox is open source in no way excuses it.
I didn't install and run anything on your computer. I don't work for Mozilla.
And you installed a piece of open-source software whose source code you could have audited at any time, but you chose not to. You delegated the auditing to someone else, and now you're upset at what they chose to do with the power you gave them. You're free to complain that you don't like what they did, and not to trust them in the future, but you don't get to say that you had no chance to give input or to see what would run. You had plenty of opportunities for that and did not do it.
If yes, then why would it be necessary for me to audit anything?
If no, then PLEASE elaborate on why?
This isn't the first time a piece of software, open source or not, has released a new version that did something users didn't expect or were angry about. The sole difference is that, in the case of open source software, you have the chance to review what it will do by looking at its source code prior to running it. The fact that you didn't review it doesn't mean it was impossible to (that would be the case with a proprietary browser like Chrome).
By... paying attention to the source.