(Cross-posting to addons-user-experience and dev-security-policy) Today I learned for the first time about the proposal to introduce mandatory centralized add-on signing for Firefox [1].
Many have shared concerns about this in the comments to that blog post and the ensuing thread on addon-user-experience [2], most of which I share. One concern which I don't feel has been sufficiently emphasized, is the way in which this proposal would make our users vulnerable to censorship. Mozilla giving itself a mechanism of centralized control, and building that into software distributed to hundreds of millions of users worldwide with no opt-out, opens up a significant potential for abuse. Specifically, it opens the door to the possibility of entities with legal leverage over Mozilla (such as the U.S. government) using that leverage to prevent Mozilla from signing add-ons they don't like (for example, add-ons that they deem to be "circumvention tools" according to their latest flavour of oppressive copyright legislation). In the absence of a user-friendly opt-out mechanism, users who are not savvy enough to know to use an unbranded build to get around this, would be effectively censored from using such add-ons. I find this very worrisome, and I believe that for this reason it's very important to keep a user-friendly mechanism to override the signing enforcement. Having such a mechanism ensures that users stay in control, and that Firefox respects their explicit choice to run a particular add-on. I realize that that there are security considerations with having such an override - for example, that if the override is a simple pref, then any add-on can flip it. I believe that technical solutions to such problems can be found (for example, introducing a new category of prefs which can only be set by explicit user action). I would like to urge us to tackle such technical problems, and not settle for a solution that leaves users without choice and exposes them to the possibility of censorship. Regards, Botond [1] https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience [2] https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/slaKs943n4c _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
