Last week over on the Mozilla blog, the Foundation announced a major change that’s coming to a future release of Firefox. In the name of security, they’re going to start requiring that all add-ons be digitally signed. Extensions that are submitted to the AMO (the official add-on repo) will be signed automatically after review.
This isn’t something that’s going to take place immediately. Mozilla doesn’t even plan on introducing a warning about signed extensions until Firefox 39 is released (we’re on 35 right now). Once the warnings start, it’ll be another couple versions before the new policy takes effect.
Mozilla’s blog post has generated a lot of discussion; it might not yet qualify as a full-blown controversy, but a lot of Firefox fans are pretty worked up about it. It sounds, after all, like Mozilla is setting up a walled garden. Is that really the case, though?
In his post, Jorge Villalobos specifically states that “An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions.” He doesn’t stop there, however. He goes on to say that “we believe that forcing all installs through our distribution channel is an unnecessary constraint.”
Mozilla’s Director of Product Management, Chad Weiner, also wrote me saying that “We also think the process is pretty lightweight and we want to do what we can to make sure the add-on ecosystem continues to flourish. This plan optimizes user satisfaction and security without locking down development unnecessarily.”
That doesn’t sound like the sentiment of a group that wants to build a walled garden.
Mozilla fully intends to allow developers to continue distributing their add-ons outside AMO. They’re still trying to sort out exactly how that’s going to work, but the basic plan doesn’t seem that complicated. Anyone can get their own certificate. Anyone can use that certificate to sign a Firefox add-on — Mozilla’s even got a handy developer doc that will show you how to do it.
Where things get a bit murky is later in the post, when Villalobos runs down various add-on distribution scenarios:
Extension files that aren’t hosted on AMO will have to be submitted to AMO for signing. Developers will need to create accounts and a listing for their extension, which will not be public. These files will go through an automated review process and sent back signed if all checks pass. If an add-on doesn’t pass the automated tests, the developer will have the option to request the add-on to be manually checked by our review team.
If Brad wants to serve up a Liliputing add-on from his own site, then, he has no choice but to run it past Mozilla’s extension reviewers. If it passes, he’s allowed to serve it up himself, but ultimately it’s Mozilla that will decide if he’s allowed to.
There will be workarounds, though, for those who want to install unsigned extensions: you can run the nightly or developer builds of Firefox, or you can “special, un-branded builds of Release and Beta.” The new policy shouldn’t, then, create much of an inconvenience for more advanced Firefox users — but it’s still a frustration that they’ve not had to deal with in the past.
So is Mozilla building a walled garden? There’s a case to be made for both sides right now. Hopefully Mozilla can sort things out and find a way to balance control and security without sacrificing any of the openness its die-hard fans have come to expect.
It’s a walled garden as long as they prevent users from being able to opt out. It’s a walled garden if you have to submit addons to them with Mozilla’s restrictive AMO policies that don’t allow many good addons to work.
It’s a fundamental violation of the core principles of Mozilla. You can make excuses all you want. The point is that they are taking away user choice under guise of security. That has always been wrong.
Frankly it’s to the point that I see Mozilla and Google as equally awful. But at least Google has a lot of useful products, while Mozilla has Firefox–and only that due to Google being unwilling to implement the things that would get me to switch, like a multi-row tab bar or text zoom that works without flashign the screen.
I love the commenters here who are quick to hate on Mozilla, yet praise Google and Chrome and act like they aren’t doing the same thing, especially on their OSes and Play Store. Such delicious hypocrisy. Go on, tell me how I’m wrong because you can toggle a developer flag, just like you can install a developer version of Firefox. Pick at those nits and dance, you amusing fools.
I am beginning to hate Mozilla and Google equally. No hypocrisy here, friend.
Soon they will both be walled gardens anyway. If you have computer skills, common sense and the desire to use them: switch to “nightly” or a different browser entirely (pale moon, sea monkey, vivaldi ao).
And then say goodbye to any DRM online video, like Netflix. And, once Flash is gone, everywhere.
Which is why we pirate. Besides you can always keep a browser around for Netflix. I have 2 browsers on my phone and three on my laptop. But I use Pale Moon as my main browser.
Let me decide if the risk is worth it.
Users will special needs will be able to use the dev version of Firefox and install any extension, including ones you’ve modified yourself, from what I’ve read.
Except the dev version is inherently unstable.
I understand why they’re doing this. Poorly designed/out of date extensions create security risks and performance problems. When this happens, users don’t usually blame the extensions; they blame Firefox. Still, the amount of Add-ons/Extensions Firefox has is one of its biggest strengths. I wonder how much this will affect the number and quality of them.
“After the transition period, it will not be possible to install unsigned
extensions in Release or Beta versions of Firefox. There won’t be any
preferences or command line options to disable this.” I think this is a bad choice. I think there should be a box to uncheck that will allow installation of unsigned extensions if the user understands the risks. I’m going to be upset if some of my add-ons quick working because the developer didn’t take the time to get them signed.
When I can’t override the locks anymore I won’t be installing FF. Period, end of story. Because no, I don’t plan on building, packaging and maintaining special developer version FF rpms for internal deployment. And equally inflexible on the requirement to pass every minor internal version through Moz Corp. To hell with em. I’m the system admin, it is -my- network, -my- responsibility for the consequences. It is this attitude that our computers are just tethered endpoints under the control of one of a very select list of corporations. Make the default safe for idiots? No problem. Make it unusable for non-idiots and they are out.
Just use the unbranded build like I will do.
Then say good-bye to DRM support for things like Netflix and likely every other comercial video vender once Flash starts dying. Unbranded means unofficial and unofficial means no closed source DRM support.
No Mozilla didn’t take the time to get them reviewed. They already have a backlog.
I wonder how PaleMoon will handle this. I mean, they’ll have to adopt it too since its based on Mozilla code (but without the stupid UI – and also, P.M. maintains customization). Time to go to the forums to find out. They’ve already had to do some forking with some add-ons like Ad Block Latitude.
No, they don’t. Pale Moon hasn’t been in step with Firefox since Firefox 24 or so. All it has to do is not check for addon signatures.
Now it may have to adapt to multi-process Firefox, since addons will break without it.
I think they should just have a part in the advanced settings to allow for unknown/unsigned sources (like on android). But as long as there are alternatives it’s not really a walled garden and fine in my opinion (after all, many people don’t pay attention to what they install so adding slight security measures which can easily be circumvented by more advanced users is fine). It’s more like having a one-foot-high shrubbery hedge. You can climb over it if you want, but it’s more designed to keep out the small vermin.
I used to swear by firefox, but lately I seem to be turning to Chrome more and more.
Probably because I’m on portables more than my desktop.
The point of no return for me was when I bought a Chromebook, even though it is lightly used in comparision to my other devices.
Yep, it looks like a Walled Garden to me.
I used Firefox in the past for many years, and I’m grateful for that but let’s hope everything works out for them.
I use Chrome now. 🙂
PS: You realise that Chrome does this exact same thing by requiring all extensions to be in the web store, right?
Not only that, the increasingly common “Chrome only” websites are much more of a threat to the Internet than anything else.
Except even they provided a workaround.
The point is, if both browsers are going to do it, why not stick with the one that is more convenient?