Some Specific Questions About The Safety/Privacy Of The Extensions
I know this look a bit long but please bear with me, I believe I have some answer-worthy questions.
Hello everyone,
I searched the community to find some specific answers but I could not. I am sorry if I missed some content but I don't think so since I think my questions appear to be a bit more specific. These are:
1- Extensions ask for permissions and permissions may access your information according to their descriptions explained on: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions
That's ok but extensions are updated frequently, right? So, can extensions' permission settings be changed via an update? If yes, does firefox inform us that the extension has changed it's permission settings?
I would not like to have an extension having little permissions to be updated to some kind of data recorder without me knowing. (And yes people check these but that's my 2nd question)
2- Yes, (sometimes) people check the updates that are made to certain extensions, in case that's a 'recommended' extension, it is always checked by real people, that's great. But I could not find any information about what would be the aftermath of an extension which changed in a bad way. What happens then? Is it immediately blocked? Does it automatically stop working? Does the safe old version keep working and the new-bad-update never sees the light of the day? That would be great to know.
3- This one is about privacy. Since one of the most important aspects of Firefox is its privacy-friendly design, I wanted to ask if privacy aspects of the extensions are also checked by the community (or Firefox staff in case of 'recommended' extensions). I know, there are some cases that might make you ask: "Not everybody cares about privacy, also not every extension is about privacy, some even clearly state they are bad for privacy, why would something like this be routinely checked?" But there are some extensions that are solely made for privacy. What happens if something about apps privacy policy changes? Or some app that did not collect data beforehand starts to collect data and start to harm our privacy?
I hope these are some legit questions and with some answers they would leave an information-laden thread to the community.
Best Regards
Modified
All Replies (2)
Some of these are difficult to answer. You can also post your question on the forum maintained by people who run the Add-ons site:
https://discourse.mozilla.org/c/add-ons/addons-mozilla-org
diot_morrocco said
1- Extensions ask for permissions and permissions may access your information according to their descriptions explained on: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions That's ok but extensions are updated frequently, right? So, can extensions' permission settings be changed via an update? If yes, does firefox inform us that the extension has changed it's permission settings?
There are certain permissions that Firefox shows you in a drop-down at the left end of the address bar during installation. During an update, if one of those permissions is added, you will get a panel showing that new permission and asking whether to do the update or not.
There are some permissions, like modifying context menus, that do not trigger the panel either during the initial installation or an update, because they are not considered to be privacy threats.
2- Yes, (sometimes) people check the updates that are made to certain extensions, in case that's a 'recommended' extension, it is always checked by real people, that's great. But I could not find any information about what would be the aftermath of an extension which changed in a bad way. What happens then? Is it immediately blocked? Does it automatically stop working? Does the safe old version keep working and the new-bad-update never sees the light of the day? That would be great to know.
If the problem is caught during review, the new version is never put on the Add-ons site and users never receive it. If the problem is discovered later, the results may vary. Sometimes the Add-ons site is rolled back, but the extension is not blocked on user installations. In other cases, the extension is blocked. But there is no way to roll back user installations. It probably depends on whether the author is releasing a fixed version immediately or not.
3- This one is about privacy. Since one of the most important aspects of Firefox is its privacy-friendly design, I wanted to ask if privacy aspects of the extensions are also checked by the community (or Firefox staff in case of 'recommended' extensions). I know, there are some cases that might make you ask: "Not everybody cares about privacy, also not every extension is about privacy, some even clearly state they are bad for privacy, why would something like this be routinely checked?" But there are some extensions that are solely made for privacy. What happens if something about apps privacy policy changes? Or some app that did not collect data beforehand starts to collect data and start to harm our privacy?
I think the review focuses more on the code than the policy, but I am not an add-on reviewer. This is an older article about what reviewers are supposed to do: https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing -- I don't know whether that is the latest guidance.
jscher2000 said
Some of these are difficult to answer. You can also post your question on the forum maintained by people who run the Add-ons site: https://discourse.mozilla.org/c/add-ons/addons-mozilla-orgdiot_morrocco said
1- Extensions ask for permissions and permissions may access your information according to their descriptions explained on: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions That's ok but extensions are updated frequently, right? So, can extensions' permission settings be changed via an update? If yes, does firefox inform us that the extension has changed it's permission settings?There are certain permissions that Firefox shows you in a drop-down at the left end of the address bar during installation. During an update, if one of those permissions is added, you will get a panel showing that new permission and asking whether to do the update or not.
There are some permissions, like modifying context menus, that do not trigger the panel either during the initial installation or an update, because they are not considered to be privacy threats.
2- Yes, (sometimes) people check the updates that are made to certain extensions, in case that's a 'recommended' extension, it is always checked by real people, that's great. But I could not find any information about what would be the aftermath of an extension which changed in a bad way. What happens then? Is it immediately blocked? Does it automatically stop working? Does the safe old version keep working and the new-bad-update never sees the light of the day? That would be great to know.If the problem is caught during review, the new version is never put on the Add-ons site and users never receive it. If the problem is discovered later, the results may vary. Sometimes the Add-ons site is rolled back, but the extension is not blocked on user installations. In other cases, the extension is blocked. But there is no way to roll back user installations. It probably depends on whether the author is releasing a fixed version immediately or not.
3- This one is about privacy. Since one of the most important aspects of Firefox is its privacy-friendly design, I wanted to ask if privacy aspects of the extensions are also checked by the community (or Firefox staff in case of 'recommended' extensions). I know, there are some cases that might make you ask: "Not everybody cares about privacy, also not every extension is about privacy, some even clearly state they are bad for privacy, why would something like this be routinely checked?" But there are some extensions that are solely made for privacy. What happens if something about apps privacy policy changes? Or some app that did not collect data beforehand starts to collect data and start to harm our privacy?I think the review focuses more on the code than the policy, but I am not an add-on reviewer. This is an older article about what reviewers are supposed to do: https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing -- I don't know whether that is the latest guidance.
I am stoked to have a reply this fast and this informative. I will also post this to the add-ons site too. Thank you very much