[Blog post] Add-on Policy and Process Updates

(Caitlin Neiman) #1

(Cross-posted from the Add-ons Blog)

As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policy to help us respond faster to reports of malicious extensions. The following is a summary of the changes, which will go into effect on June 10, 2019.

  • We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included. If your extension is using obfuscated code, it is essential to submit a new version by June 10th that removes it to avoid having it rejected or blocked.

We will also be clarifying our blocking process. Add-on or extension blocking (sometimes referred to as “blocklisting”), is a method for disabling extensions or other third-party software that has already been installed by Firefox users.

  • We will be blocking extensions more proactively if they are found to be in violation of our policies. We will be casting a wider net, and will err on the side of user security when determining whether or not to block.

  • We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control.

You can preview the policy and blocking process documents and ensure your extensions abide by them to avoid any disruption. If you have questions about these updated policies or would like to provide feedback, please post them here.

3 Likes
(Leo McArdle) split this topic #2

4 posts were merged into an existing topic: Certificate issue causing add-ons to be disabled or fail to install

(Leo McArdle) closed #6

The certificate issue causing add-ons to be disabled being experienced by many users is unrelated to this policy change. Discussion about that issue should be discussed in the relevant topics.

(Leo McArdle) opened #7

This topic was automatically opened after 2 days.

#8

This post was flagged by the community and is temporarily hidden.

1 Like
(Richard A Hill) #9

This post was flagged by the community and is temporarily hidden.

(Richard A Hill) #11

And Yup: Dissenter now loads and functions as well . ‘happy face’

(Richard A Hill) #12

Update: May 15th
Once again, anonymous people are exercising their beliefs in censorship AND they are redacting comments made in subsequent posts so that they are not even seen in “ignored” content. Not to mention that they claim it takes a week to monitor a post.
— Don’t you just love anonymous censors?
— Aren’t they the most illogical and useless people?

To the anonymous “community members”: Please stop censoring my posts. If you don’t agree then counter point: If you don’t like them, don’t read them: You have no right to deny others an alternate view to what you think and wish for us.
And … once I again I request that my post be read, not interpreted. I am writing in clear language so unless English is not a reader’s first language, there is no reason for any “interpretations”.

—And now - back to the point at hand and the Tech:
I have been interference free for almost a week now … All my extensions continue to work, even those “blocked” by ‘nervous nancy’s’.
I have 25 files left at Read Only status and I do not see any performance or functional negatives. The edits I made to FF support files are holding, I get a YES/NO window whenever something is pushed to my browser that I do not want and I no longer have pop-ups or ads I don’t want. Add Blocker is removing ads on pages, and I am no longer taken to bogus sites as FF tries to “help me” when I typo a page - I just correct the typo. In other words, My desktop is again mine and not ‘curated’.

We will see if any further Nanny’ism’s occur before the end of June when I will publish my “book” of changes on as many locations as I can.
Mozilla developers who believe in Nanny-ism, please go work for Google or M$. They love that kind of abuse.

Choice … it’s not jut a fair idea, it’s the only ethical decision
A feature without an OFF switch is a defect.

And here, once again, is my original post WITHOUT redactions:

May 9th 2019 - Re-posting after deletion.
If you hide opinions you don’t like - you’re no better than Barr.
It seems that ten members of “the community” do not like an opinion that they disagree with. They favor censorship over open debate and dialogue.
I am re-posting my comments that ten people were so offended by, that someone disagrees with them, that someone has the audacity to challenge this policy, so that others can read and think for themselves. I will continue to re-post and add updates as I progress to undoing the lack of choice being forced upon myself and others: yes there are others who agree with me and have posted elsewhere, and claim to have posted here … but their posts here are gone.
Censor much ?

Please note that if one reads my posts, as requested, instead of interpreting them, one will find no attacks against persons, only ideas and actions. But, if anyone is so offended by being referenced as a 'nervous nancy" then that one has more problems than I can address and may I suggest a new therapist.
I, myself, am more offended by the fact that I must spend so much of my time preventing others from meddling on my desktop and re-posing due to censorship, than I am about any tone of any post.

Now, back to the tech: Original post first:


This entire policy REEKS of societalism and chauvinism. The ONLY reason to do ANY kind of block is if the extension is affecting OTHERS. I do not need, require, or request your so called “protection”. I deliberately run an older version of FireFox to AVOID just this kine of meddling, this arrogant assumption that you know what I need and that I would prefer you r"protection" to my choices.

If it is not a threat to other users, leave us the hell alone!. Send messages, send opinions, send recommendations, but keep your hands OFF my desktop.
I stopped using Gagme Chrome and Internet Exploder and stayed at FF 51.0.1 for just this reason: Interference!
I tried using 52.0.9 and 52.0.9esr on a test system- they are not suitable due to the start of “protectionism”) and remain at 51.0.1 deliberately because it was the latest version where i could block all attempts to interfere with my configurations.
I AM RUNNING 51.0.1 DELIBERATELY AND WITH GOOD REASONS!
But now, not content with meddling with your current users, you are reaching back to unsupported (Mozilla’s words) older versions when that is exactly WHY I am using it.

I did a test on another system, i installed 51.0.1 and deliberately added in extensions (which I always download so I can re-add them if you “People” block them) which you do block.
–Setting a read-only status on all Mozilla files prevents your meddling. But, I cannot download files or .pdf docs while this is in effect.
– So if this chauvinistic protectionism is the way of the future, and for ghod’s sake please do NOT do this: MYOB and all that good verbIage, we who chose to run an “unsupported” version do so to NOT have to put up with unwanted changes, then I am going to have to test out what files to mark read only to prevent your changing configs without permission and post them for others to choose.
The only other option, not available to low income users is to use two systems: one to actually work on and another one for reading and downloading docs, and programs.

I will be publishing the config changes and browser mods that I have to write, whatever I find that works to keep you OFF my system, and whatever i find that will obviate, block or counter this idiotic protectionism:
—If it does not affect any other user - Post an opinion, post a recommendation and hands off. Better yet - “Unsupported” means NO UPDATES … of ANY KIND.
People can then choose to allow your protectionism which dictates their usage, or refuse it.
—ANY change or feature that does not have an off switch is a DEFECT!

Finally - please read what I WROTE, NOT what you THINK I wrote, or THINK I meant. This is written clearly and expresses exactly what I found, think, and plan. Any other interpretation is your error not mine.

The above was written the morning of May 8th 2019

Update as of 4pm: May 8th 2019
I made significant changes in my about:config, I am down to half of the Mozilla files in read only mode and am slowly removing RO from others as I restart FF each time to test.
I have made some edits to system files to add a user permission to block some changes, tested this on a v60 system with blocked extensions and new uploads “required” and updates popped up my weasel message box requesting a YES to continue when any changes were attempted to be forced.
ALL extensions are add-able including a few that no one in their right mind would add (the ones that WOULD affect other people if I left them installed) which I tested with and then uninstalled immediately - so this looks good.
I can download files and view/download .pdf’s, audio and video, and all my installed extensions including ones that were blocked remain active and usable.

I will awt the next attempt to interfere with my 51.0.1 installation and if I am still good, or if I figure out further edits that are needed, those will also go into the “book”.
I will be posting that “book” of all changes edits and configs needed to stop interference, at least for the v51-56 builds, after June12 so I will know, or have figured out, how to keep foreign hands off my browser.

We are using old versions to stay out of reach; why can’t you just respect that ?

This is not to say that some people do want this level of protection, and that some people want to be caged and forced to “eat their vegetables” - but we should have a CHOICE to opt out of these, IMHO, intrusive idiocies

A feature without an OFF switch is a Defect.

Update May 9th 2019
As stated, my previous posts have been hidden by some members of “the community” - apparently the only opinions these people respect are the ones that they agree with.

Please note that despite comments messaged to me by some members of “the community” if my posts are read and not interpreted, I have deprecated no one, just ideas, I have not found fault with anyone, only their actions. And if being called a ‘nervous nancy’ offends anyone that much, they need a new therapist.

Ten people, anonymous, decide what we can read, what we can see, what they find “unacceptable”. I find it unacceptable that our desktops are being interfered with, but these ten members evidently believe in censorship, not open dialogue.

I am now down to less than 10% of the Mozilla files still in Read Only state: I have tested against known blocked apps and they now install and work. I installed v49 om another system and gotten permission warnings on all “updates” which I then refused … and FireFox v49 continued to work and my router shows no malicious traffic, no unplanned traffic at all from my Browser.
Working on 51.0.1 which is my FF version of choice and my actual system in use, and after my latest round of config edits, I have no issues with unwanted changes, I get warnings and I answer no - and they are not installed. As a side effect No pop-up windows “pop” without a permission choice … something I’ve wanted for years. I did not realize that the coded fork I created would affect pop-ups too.
Neat.
I will continue to test and modify files until the end of June, and if none of my chosen extensions (the dangerous ones were uninstalled as soon as I verified Installation and function) have been blocked, if there are no more changes made without my permission, if my desktop is not interfered with, then I will consider the fix for meddling at the v51 - v55 versions complete and will then publish the currently 30+ pages of changes to be made, including configs and alterations in installed files, as well as how to back these changes off so that those who change their minds and choose to go along with whatever is done remotely can do so. It is the choice of every user to decide how their software runs on their own systems.

Choice … it’s not jut a fair idea, it’s the only ethical decision
A feature without an OFF switch is a defect.

Richard Hill