- cross-posted to:
- firefox@lemmy.ml
- cross-posted to:
- firefox@lemmy.ml
Also Servo 0.0.1 Browser Engine Released https://www.phoronix.com/news/Servo-0.0.1-Released
Finally more competition.
You must log in or register to comment.
no one ever discloses, they just wait to get caught, then make a new extension and restart the cycle.
… this wasn’t a thing already? Better late than never I guess
I would also like to see a competition to Mozilla itself. One that’s fiercely loyal to it commitment to an Open internet.
Nice addition!
It is possible that any developer could just say “none” even if the extension does collect data? If it has to be manually disclosed, this won’t stop malicious actors. Only trustworthy extension developers would disclose this.
@This2ShallPass @themachinestops As an extension developper on Mozilla’s store, yes it’s definitely possible. There’s some automatic review process but what you state in your implicit data consent disclosure (that’s how they call it) is up to the developer.
However, the extension can’t access all websites unless you specifically allow it while installing. There’s an “All websites” permission, so if it’s that or if it includes some kind of sketchy site then it’s a bad sign.
Finally, just like any web page, you can always inspect an extension and check the network requests to see if it’s doing malicious stuff. If so, then you can report it.
But since mozilla accounts are free and only require a verified email, they could just create another one. It’s an endless game of whack-a-mole!
Since some extensions are “mozilla-approved”, I guess they test it regularly, it wouldn’t be hard to verify if one is really sending anything despite their disclosure.
This is a great change. I wonder how long before the hate brigade comes along to complain.
Yup, sounds great to me. I could see a world in which it becomes a bad thing because they try to enforce it by pulling a Google and blocking users from installing extensions that aren’t through their official add-on store, but as it is, it’s hard to see any reasonable criticism.
They can’t unlike google they don’t have any leverage to enforce it. They only have a small market share.
You’ve got a downvote, so it seems not long. 😄
insert rant about Mozilla CEO
It’s not clear whether it’s a useless disclosure or enforced by the API.
Some extensions have a verified/recommended by Mozilla seal of approval, so these extensions would be checked by a human to see that they comply.
Obviously they can’t check every update of every extension in existence, but even just the above is an improvement and certainly not useless.
I don’t think this could be enforced by the API without also seriously limiting what extensions can do, which people would go crazy about if they did.
The only issue with this otherwise great idea is that “the developer says, that…”. A browser API should have a way to only grant certain rights when this is technically disclosed, e.g. an extension can only access location data if this is (formally) declared, and must be able to cope without it if the user or any global policy disallows it.
Already exists. And you’re basically spreading misinformation.
So what does this new change do then? Is it just about disclosing the state to the user?
So, sandbox the extensions, a practical, sensible step on the path to browser as OS (contentious, but doesn’t that seem where things are going, and if we lose firefox…). I get it, it’s mr right now harm minimization, as opposed to mr right (linux or flatpak) general purpose computers in service of their users with usable security control.
And firefox itself?
Already has it
