Understanding the risks of installing self-hosted extensions

Firefox Firefox Created: 82% of users voted this helpful
No one has helped translate this article yet. If you already know how localizing for SUMO works, start translating now. If you want to learn how to translate articles for SUMO, please start here.

Extensions enable you to add features to Firefox for a personalized browsing experience.

Extensions that are distributed by the developers themselves, rather than by Mozilla on addons.mozilla.org (AMO), are referred to as “self-hosted.” While users should exercise caution when installing extensions from any source—AMO included—users should take special care determining the trustworthiness of a self-hosted extension. Although most extensions are created by developers with the honest intent of providing great new browser features, some bad actors may use extensions to compromise your personal browsing data.

Assess the trustworthiness of any website or source of a self-hosted extension

There’s inherent risk associated with installing any third party software. Extensions are no different. When evaluating the trustworthiness of a self-hosted extension, consider the following questions:

  • Were you prompted by a website to install the extension? This isn’t necessarily a red flag, because there may be a legitimate reason for a website to promote an extension, but this is an indication that you should proceed carefully.
  • Are you familiar with the website or source of the self-hosted extension? If you’re unfamiliar and can’t establish trust, avoid installing the extension. (Keep in mind some malicious sites may mimic the look and feel of known, trustworthy brands.)
  • What can you learn about the extension and its developer from a quick internet search? Try searching the extension and developer’s name. What do you find? Do any concerning issues arise?
  • Does the extension provide a privacy policy? It’s not necessary for every extension to provide a privacy policy, but if the extension asks for powerful permission requests, it should provide a clear policy explaining how your data is treated. Make certain you’re comfortable with the privileges and permissions you grant.
  • Are you sure you need the extension? This may seem obvious, but it bears reinforcing—if you don’t really need or want the extension, consider avoiding it. Carefully review its features and services. Does the extension offer you a clear benefit?

These are just a few tips to help you assess the trustworthiness of a self-hosted extension, but it is by no means a comprehensive guide. Please use your best judgement when considering any third party software.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More