Firefox 115 can silently remotely disable my extension on any site

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Adblock Gnome Adblocker gnome-shell-extension Adblocking

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • extension-manager

    A utility for browsing and installing GNOME Shell Extensions.

    • Extension Manager [0] allows for installing Gnome extensions through an libadwaita app.

    This replaces the Gnome Extensions app and the browser extension.

    [0]: https://github.com/mjakeman/extension-manager

  • easylist

    EasyList filter subscription (EasyList, EasyPrivacy, EasyList Cookie, Fanboy's Social/Annoyances/Notifications Blocking List)

    • There's also the easylist version available here: https://easylist.to/

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • policy-templates

    Policy Templates for Firefox

    • There is no such thing as a "known trusted extension" ever since they killed sideloading extensions and forced auto-updates. 10 years ago not force updating extensions was also a thing they moved behind a flag, and then just dropped.

    Also - if you want to blacklist certain extensions from certain sites, you abso-freaking-lutely can already... see: https://github.com/mozilla/policy-templates/blob/master/READ...

    you want the `restricted_domains` field.

    It gets worse - Mozilla is the fucking worst at checking submitted extensions. They tried to the play into the whole "app store" thing that Google/Apple were doing, but those are justifiable cost centers at those two companies in a way that just doesn't work for a player like Mozilla.

    Mozilla's store checks for extensions are fairly pathetic. You can submit a near empty shell with excessive permissions, get approved the first time, then auto-update to a new release (which will deploy to users immediately thanks to auto-updates). That new version has to pass a battery of useless automatic SAST checks, which will happily highlight all sorts of things it doesn't like (it flags words like "hello" because it contains a curse word) but which won't do shit to check if you're hoovering up credentials, browsing data, tracking users, etc.

    If you're unlucky, at some point in the next 24 months you'll trigger a real review from Mozilla and get caught.

    To be blunt - I have 15 years experience writing extensions. I don't like Google. If you think Mozilla is better you're wrong.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts