logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Firefox-is-on-a-slippery-slope.md (4314B)

    

  1. ---
  2. date: 2017-12-16
  3. layout: post
  4. title: Firefox is on a slippery slope
  5. tags: [firefox, philosophy]
  6. ---
  8. For a long time, it was just setting the default search provider to Google in
  9. exchange for a beefy stipend. Later, paid links in your new tab page were added.
  10. Then, a proprietary service, Pocket, was bundled into the browser - not as an
  11. addon, but a hardcoded feature. In the past few days, we've discovered an
  12. advertisement in the form of browser extension was sideloaded into user
  13. browsers. Whoever is leading these decisions at Mozilla needs to be stopped.
  15. Here's a breakdown of what happened a few days ago. Mozilla and NBC
  16. Universal did a "collaboration" (read: promotion) for the TV show Mr. Robot.
  17. It involved sideloading a sketchy browser extension which will <strong
  18. style="display: inline-block; transform: scaleY(-1)">invert</strong> text that
  19. matches a list of Mr. Robot-related keywords like "fsociety", "robot", "undo",
  20. and "fuck", and does a number of other things like adding an HTTP header to
  21. certain sites you visit.
  23. This extension was sideloaded into browsers via the "experiments" feature.
  24. Not only are these experiments enabled by default, but updates [have been
  25. known](https://redd.it/7i4puf) to re-enable it if you turn it off. The
  26. advertisement addon shows up [like
  27. this](http://www.bolcer.org/looking-glass2.png) on your addon page, and was
  28. added to Firefox stable. If I saw this before I knew what was going on, I would
  29. think my browser was compromised!  Apparently it was a mistake that this showed
  30. up on the addon page, though - it was supposed to be *silently* sideloaded into
  31. your browser!
  33. There's [a ticket](https://bugzilla.mozilla.org/show_bug.cgi?id=1423003) on
  34. Bugzilla (Firefox's bug tracker) for discussing this experiment, but it's locked
  35. down and no one outside of Mozilla can see it. There's [another
  36. ticket](https://bugzilla.mozilla.org/show_bug.cgi?id=1424977), filed by
  37. concerned users, which has since been disabled and had many comments removed,
  38. particularly the angry (but respectful) ones.
  40. Mozilla, this is **not okay**. This is wrong on so many levels. Frankly, whoever
  41. was in charge should be fired over this - which is not something I call for
  42. lightly.
  44. First of all, web browsers are a *tool*. I don't want my browser to fool around,
  45. I just want it to display websites faithfully. This is the prime directive of
  46. web browsers, and you broke that. When I compile vim with gcc, I don't want
  47. gcc to make vim sporadically add "fsociety" into every document I write. I want
  48. it to compile vim and go away.
  50. More importantly, these advertising anti-features gravely - perhaps terminally -
  51. violate user trust. This event tells us that "Firefox studies" into a backdoor
  52. for advertisements, and I will *never* trust it again. But it doesn't matter -
  53. you're going to re-enable it on the next update. You know what that means? I
  54. will never trust *Firefox* again. I switched to
  55. [qutebrowser](http://qutebrowser.org/) as my daily driver because this crap was
  56. starting to add up, but I still used Firefox from time to time and never
  57. resigned from it entirely or stopped recommending it to friends. Well, whatever
  58. goodwill was left is gone now, and I will only recommend other browsers
  59. henceforth.
  61. Mozilla, you fucked up *bad*, and you still haven't apologised. The study is
  62. still active and ongoing. There is no amount of money that you should have
  63. accepted for this. This is the last straw - and I took a lot of straws from you.
  64. Goodbye forever, Mozilla.
  66. **Update 2017-12-16 @ 22:33**
  68. It has been clarified that an about:config flag must be set for this addon's
  69. behavior to be visible. This improves the situation considerably, but I do not
  70. think it exenorates Mozilla and I stand firm behind most of my points. The study
  71. has also been rolled back by Mozilla, and Mozilla has issued
  72. [statements](https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254)
  73. to the
  74. [media](https://gizmodo.com/after-blowback-firefox-will-move-mr-robot-extension-t-1821354314)
  75. justifying the study (no apology has been issued).
  77. **Update 2017-12-18**
  79. Mozilla has issued an apology:
  81. https://blog.mozilla.org/firefox/update-looking-glass-add/
  83. **Responses**:
  85. [Mozilla, Firefox, Looking Glass, and you](https://blog.jeaye.com/2017/12/16/firefox/)
  86. via jeaye.com