This seems to be somewhat badly written copy on Mozilla's part. To clear up what this change actually means for an end user:<p>- You can still manually install extensions. From now on, all installations will need explicit user confirmation.<p>- No extensions can be installed silently. This is what sideloading did, all extensions in a special folder were installed in all Firefox instances on the computer without the user's consent.<p>This is most definitely a Good Thing, as it means for example no malicious extensions can be silently installed by malware etc. Communicating this change could've been done better, though.
What this is:<p>• Preventing malware and enterprises from silently installing unremovable extensions through a special mechanism<p>What this is not:<p>• Preventing users from installing extensions without using the Internet (they can just load an xpi file like always)<p>• Preventing power users from installing unsigned extensions (already not possible in standard Firefox except non-persistently for development, but Mozilla provide unbranded builds which let you use extensions)<p>Why this is being done:<p>• Preventing adware adding itself to your browser without your consent and making itself difficult to remove<p>Not why this is being done:<p>• Mozilla hates users / the open Internet / freedom (their foremost concern is protecting users from malware nonconsensually installing extensions, they have always provided versions of Firefox allowing you to do whatever you want if you want that, and indeed standard Firefox does let you load unsigned extensions temporarily)
All is fine, but:<p>> <i>If you self-distribute your extension via sideloading, please update your install flows and direct your users to download your extension through a web property that you own, or through addons.mozilla.org (AMO).</i><p>And what if I don't want to use a "web property" to distribute an extension? What if I want to give my users a honest-to-God file, whether via e-mail or IM message or USB drive?<p>> <i>Please note that all extensions must meet the requirements outlined in our Add-on Policies and Developer Agreement.</i><p>Or what? I can't make an extension and give it to friends unless it meets your policy? That's pushing it a bit.
> If you self-distribute your extension via sideloading, please update your install flows and direct your users to download your extension through a web property that you own, or through addons.mozilla.org (AMO).<p>Everything is fine. This is blocking automatic extension installation. You can still install extensions manually.
Mozilla intends to remove all methods for installing private extensions in the release version of Firefox. The extension source code must be disclosed to Mozilla during signing, and it must adhere to their add-on policies [1].<p>Mozilla is blocklisting benign extensions distributed outside of Firefox Add-ons which do not follow these guidelines [2].<p>They are working on disabling a method which allows users with root access to configure Firefox to load unsigned extensions [3], citing concerns over adware with root access. The feature is being disabled even on Linux, where such adware was never really a problem, despite making several other use cases impossible.<p>Requiring extensions to be signed by default is a great initiative by Mozilla, but we must be given ways to install private extensions in the release version of Firefox without disclosing the source code to Mozilla, or worrying that an extension for personal use may be blocklisted.<p>Forbidding local extensions in the release version of Firefox, without a way to override the option, guarded by administrative access and appropriate warnings, is heavy-handed and has a questionable threat model.<p>Signing can be turned off in Firefox Developer Edition (based on Firefox Beta) and unbranded builds (no automatic updates), but those browsers are not meant for end users. We must be given ways to install private extensions in the best version of Firefox, and that is the release version of the browser.<p>Not even Google is this heavy-handed, they allow installing local extensions in Chrome after users enable an option, although a warning is shown on browser restarts about the presence of external extensions, which can be dismissed.<p>[1] <a href="https://extensionworkshop.com/documentation/publish/add-on-policies/" rel="nofollow">https://extensionworkshop.com/documentation/publish/add-on-p...</a><p>[2] <a href="https://github.com/jeremiahlee/page-translator/issues/26" rel="nofollow">https://github.com/jeremiahlee/page-translator/issues/26</a><p>[3] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1514451" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1514451</a>
I got concerned for a moment that this will end up forcing all extensions to be available only from Add On store, (similar to Chrome). Thankfully it’s not that. Note that even extensions distributed outside their store need an automatic signing. It takes a few seconds and is done through the web-ext cli tool. This is good!
How will this affect extensions packaged in Linux distributions, e.g. Debian's webext-* packages. I for one want to be able to do stuff like `sudo apt install firefox webext-ublock-origin` and have all the users on the system have this extension installed and enabled.
I was amused by this doublespeak:<p>"To give users more control over their extensions, support for sideloaded extensions will be discontinued."
The question in my mind is how this change is gonna affect the enterprise installations.<p>I'm aware of some installations which rely on both auto configuration and some proprietary extensions to the enterprises themselves which needs to be non-removable and always active.<p>Disabling installation of sideloaded extensions may make these installations harder, if not impossible.
I think the main point here is that sideloaded add-ons cannot be removed through the add-on manager. Malicious software can still install add-ons silently and without explicit consent, but now the user can view and remove those much more easily.
Bad, bad Mozilla! For me, personally, it's what makes this model so fallible and not developer / community friendly. What if, tomorrow, some country blacklists the Firefox website, and one still needs to load some privacy extensions? This is exactly the sort of usecase Firefox should allow, if it's pro privacy.
There is a rule about ensuring the original title is the same as the submission title but in this case the original title is quite badly written.<p>Is there some way to submit this post or edit the title to maintain compliance with the submission rule and also make it less misleading?
What would be a reasonable way to let Mozilla know that I strongly disagree with this decision (and, really, the majority of calls they have made surrounding extension security lately)? Who was responsible for making this decision on their end? I am very close to the point where I can no longer recommend Firefox to anyone (after sticking with them through some of the darkest years in terms of product quality), because they are becoming a worse enemy of the open internet than Google but harder to hold accountable for it.
If an extension can't be installed silently (e.g. by a -rd party app installer once you forget to uncheck a checkbox) that's great (except for enterprise users perhaps as they need to automate such tasks). If I can't just install an extension/app manually from a file on my hard drive - I don't need such a browser/platform.
Say I wanted to provide a multi-seat computer where all users have a certain default addon experience using Firefox, like installing uBlock Origin. This seems to make provisioning such a setup impossible? Or I would have to generate Firefox profiles dynamically, on-the-fly?
It seems Chrome already does that since June 2018: <a href="https://blog.chromium.org/2018/06/improving-extension-transparency-for.html" rel="nofollow">https://blog.chromium.org/2018/06/improving-extension-transp...</a>
The communication around this is completely atrocious.<p>Given the obvious threats that a single signing authority presents (as proven by Apple recently) Mozilla should be decentralising the signing here to a few hundred redundant parties worldwide.
To me this seems shortsighted to say the least, sounds like you now need Mozilla to validate and approve your extension for use?<p>Please correct me if I'm reading it wrong.<p>Saying "To give users more control over their extensions, support for sideloaded extensions will be discontinued." Also seems disingenuous at best...
So, from now on malware will come with a minimal Firefox binary included where this functionality is patched out, and the malware will use that binary for installing extensions into the Firefox profile on your machine.<p>What will Mozilla do next then? Close the source so malware authors can't compile their own Firefox, for security reasons? Only allow installation on DRMed systems?