←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 6 comments | 04 May 19 01:31 UTC | HN request time: 0s | source | bottom
Show context
rmbryan ◴[04 May 19 10:27 UTC] No.19825581[source]
Update: We have rolled out a partial fix for this issue. We generated a new intermediate certificate with the same name/key but an updated validity window and pushed it out to users via Normandy (this should be most users). Users who have Normandy on should see their add-ons start working over the next few hours. We are continuing to work on packaging up the new certificate for users who have Normandy disabled.
replies(20): >>19825596 #>>19825603 #>>19825612 #>>19825623 #>>19825631 #>>19825665 #>>19825705 #>>19825721 #>>19825744 #>>19825813 #>>19825905 #>>19825998 #>>19826421 #>>19826769 #>>19826772 #>>19826878 #>>19827050 #>>19829585 #>>19831941 #>>19840386 #
brador ◴[04 May 19 10:31 UTC] No.19825596[source]
What is Normandy?
replies(2): >>19825604 #>>19825613 #
megous ◴[04 May 19 10:33 UTC] No.19825604[source]
https://wiki.mozilla.org/Firefox/Normandy/PreferenceRollout
replies(1): >>19825619 #
chinathrow ◴[04 May 19 10:36 UTC] No.19825619[source]
So is that a backdoor into my prefs? How can I check if Normandy is active on my installation?
replies(2): >>19825625 #>>19825696 #
verdandi ◴[04 May 19 10:38 UTC] No.19825625[source]
Type about:config in the address bar and search for 'app.normandy.enabled' flag.
replies(3): >>19825647 #>>19825659 #>>19826386 #
inferiorhuman ◴[04 May 19 10:48 UTC] No.19825659[source]
Well that's interesting. I see Normandy enabled, but if I go to the "Privacy and Security" section of the preferences page I see all the data collection and use stuff disabled. There's no obvious way to disable the Normandy back door.

Oh well, at least we don't have another season of Mr Robot spam to look forward to.

replies(3): >>19825777 #>>19825846 #>>19826202 #
1. AsyncAwait ◴[04 May 19 11:41 UTC] No.19825846[source]
> There's no obvious way to disable the Normandy back door.

???

It's a publicly documented feature with a publicly documented way to disable it.

replies(1): >>19825860 #
2. brynjolf ◴[04 May 19 11:46 UTC] No.19825860[source]
With an obscure name and no correlation to all the other spying and backdoor ING Mozilla are doing. Is this really the best option tog etaprivacy focused browser? I think this is all very worrying.
replies(3): >>19826424 #>>19826457 #>>19827328 #
3. awful_waffle ◴[04 May 19 13:51 UTC] No.19826424[source]
Can you elaborate on what 'other spying' Mozilla does? Do you mean their telemetry?
replies(1): >>19827611 #
4. fjsolwmv ◴[04 May 19 13:55 UTC] No.19826457[source]
It's named after a world famous beachhead of an invasion. The name isn't that obscure for a feature that invades the userbase with a takeover.
5. AsyncAwait ◴[04 May 19 16:13 UTC] No.19827328[source]
I am not sure what 'spying' Mozilla is doing, but I agree this should be better named and better highlighted.
6. brynjolf ◴[04 May 19 16:50 UTC] No.19827611{3}[source]
Spying was the wrong word. But yes, the telemetry. The google analytics that are hidden on the extensions page, that only listen to the Do not track, but not the turn off telemetry checkbox. Sadly it just doesn't seem to stop.