Also Servo 0.0.1 Browser Engine Released www.phoronix.com/news/Servo-0.0.1-Released
Finally more competition.
no one ever discloses, they just wait to get caught, then make a new extension and restart the cycle.
Mozilla to Require Data-Collection Disclosure in All New Firefox Extensions
Submitted 14 hours ago by themachinestops@lemmy.dbzer0.com to technology@lemmy.world
https://linuxiac.com/mozilla-to-require-data-collection-disclosure-in-all-new-firefox-extensions/
Comments
rumba@lemmy.zip 5 hours ago
This2ShallPass@lemmy.world 11 hours ago
It is possible that any developer could just say “none” even if the extension does collect data? If it has to be manually disclosed, this won’t stop malicious actors. Only trustworthy extension developers would disclose this.
helloyanis@furries.club 5 hours ago
@This2ShallPass @themachinestops As an extension developper on Mozilla's store, yes it's definitely possible. There's some automatic review process but what you state in your implicit data consent disclosure (that's how they call it) is up to the developer.
However, the extension can't access all websites unless you specifically allow it while installing. There's an "All websites" permission, so if it's that or if it includes some kind of sketchy site then it's a bad sign.
Finally, just like any web page, you can always inspect an extension and check the network requests to see if it's doing malicious stuff. If so, then you can report it.
But since mozilla accounts are free and only require a verified email, they could just create another one. It's an endless game of whack-a-mole!
bobo1900@startrek.website 11 hours ago
Since some extensions are “mozilla-approved”, I guess they test it regularly, it wouldn’t be hard to verify if one is really sending anything despite their disclosure.
Treczoks@lemmy.world 12 hours ago
The only issue with this otherwise great idea is that “the developer says, that…”. A browser API should have a way to only grant certain rights when this is technically disclosed, e.g. an extension can only access location data if this is (formally) declared, and must be able to cope without it if the user or any global policy disallows it.
Feyd@programming.dev 6 hours ago
Treczoks@lemmy.world 5 hours ago
So what does this new change do then? Is it just about disclosing the state to the user?
MalReynolds@piefed.social 10 hours ago
So, sandbox the extensions, a practical, sensible step on the path to browser as OS (contentious, but doesn’t that seem where things are going, and if we lose firefox…). I get it, it’s mr right now harm minimization, as opposed to mr right (linux or flatpak) general purpose computers in service of their users with usable security control.
TheGrandNagus@lemmy.world 10 hours ago
Nice addition!
MonkderVierte@lemmy.zip 9 hours ago
And firefox itself?
ripcord@lemmy.world 8 hours ago
Already has it
SloganLessons@lemmy.world 5 hours ago
… this wasn’t a thing already?
biotin7@sopuli.xyz 4 hours ago
I would also like to see a competition to Mozilla itself. One that’s fiercely loyal to it commitment to an Open internet.
pHr34kY@lemmy.world 13 hours ago
This is a great change. I wonder how long before the hate brigade comes along and complains.
spacelord@sh.itjust.works 13 hours ago
You’ve got a downvote, so it seems not long. 😄
ricdeh@lemmy.world 12 hours ago
insert rant about Mozilla CEO
6nk06@sh.itjust.works 12 hours ago
It’s not clear whether it’s a useless disclosure or enforced by the API.
TheGrandNagus@lemmy.world 10 hours ago
Some extensions have a verified/recommended by Mozilla seal of approval, so these extensions would be checked by a human to see that they comply.
Obviously they can’t check every update of every extension in existence, but even just the above is an improvement and certainly not useless.
I don’t think this could be enforced by the API without also seriously limiting what extensions can do, which people would go crazy about if they did.