SourceMozilla yesterday detailed plans to require Firefox add-ons to be digitally signed, a move meant to bear down on rogue and malicious extensions, and one that resembled Google's decision years ago to secure Chrome's add-on ecosystem.
Some Firefox users called out Mozilla for disregarding its own long-and-often-expressed ethos of the need for an open Internet.
A Guy
Are they deliberately trying to lose market share by antagonising what's left of the user base?
At this rate I'll have to give up surfing the Internet entirely, since all of the main browsers seem to be junk nowadays.
Last edited by lehnerus2000; 15 Feb 2015 at 07:44. Reason: Additional
Some notes from Mozilla to require add-ons to be signed in the future - gHacks Tech News
So luckily there are "workarounds" for those who need itDeveloper and Nightly versions of Firefox are not affected by this, these versions will support unsigned extensions just like before.
Members of the Seamonkey and Pale Moon development team mentioned that they won't implement the feature.
Yes, because it is better to have anyone create a addon with malicious intent? Mozilla should have done this years ago.
"We're responsible for our add-ons ecosystem and we can't sit idle as our users suffer due to bad add-ons" Jorge Villalobos imho is completely right.
Add-ons have gotten out of hand, said Mozilla's Villalobos and the rules must be tightened. "Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites,"
100% agree with this decision, as I see it first hand every day in my research. I actually think internet explorer right now is safer than firefox.
There are still options like pale moon.
What are these malicious add-ons?
Who is installing add-ons that haven't been located via the FF add-ons site?
Is Mozilla hosting them on the FF add-ons site?
Why not have a malicious add-ons list (just like the malicious site list)?
People have been saying that for years.
If you don't run Ad, Flash & Script blockers, it's probably true.
I run Pale Moon on W7.
I regularly experience strange lockups lasting 5s to 10s.
Maybe it's a Windows issue.
I run Firefox on Linux Mint and it doesn't exhibit this phenomena.
I've said it before, all the main browsers need to be totally rebuilt.
Maybe MS' Spartan will be "our saviour".
I'm not holding my breath.
I remember Callender recently recommended an FF add-on not hosted on Mozilla. And that site has a FAQ that actually answers why it's not published there:
https://www.dephormation.org.uk/index.php?page=14Why aren't the Dephormation and Secret Agent add ons published on Addons.mozilla.org?
Several reasons.
I don't subcribe to the view that there can only be one marketplace for computer software. Regardless of the source of your software, you need to make a careful and critical case-by-case assessment of the software products you install on your computer, and the software developers who create them. AMO does not guarantee that hosted add ons are safe to use, or free from spyware. I don't need (or trust) a US company to host my software for me.
Secondly, I don't want to allow Mozilla to learn who has installed my software. It is none of their business! So my add ons are also configured to prevent the browser reporting their presence back to Mozilla. (Did you know, Firefox periodically reports a list of your installed add ons to AMO?).
Finally, I'm not seeking a mass audience for these add ons. They are not aimed at novice internet users.
I'm in good company; other add ons which you won't find on AMO include HTTPS Everywhere (from EFF) and the HTTPS Finder.
Ah, someone will come up with an add-on that will bypass the need for signed add-ons.
One must remember in my opinion that Open Source is just that. It's open to the good guys and the bad guys. So as always one must be careful. There lies the problem.
Security is not even on the menu of computer needs to most users.
Since the Developer Edition will continue to support unsigned addons, I decided to install it. I then restored my regular Firefox profile into it, and now the browser looks, feels and runs like my old Firefox. Does anyone else use Developer Edition? Any tips and/or warnings? Hopefully this will be an effective workaround if I need it.
Quote