Hacker News new | past | comments | ask | show | jobs | submit login

I do agree with you to a point. I do think they have a difficult task trying to balance protecting people from their own ignorance and catering to power users who know exactly what they are doing and desire more freedom.

An option that just occurred to me is to be able to start Firefox with a special flag that would give access to some extra options to allow actions that reduce security - such as sideloading for example.

To help prevent innocent users being coerced into starting Firefox with that flag it could be something like "Firefox.exe -pleasehackme".

Power users would know what the flag is for but even the most naive user might hesitate to start Firefox using a command inviting themselves to be hacked :-)

Probably a stupid idea, but just putting it out there.




I don't think there is any way to enable unsigned extensions on vanilla Firefox, and I don't think they will ever allow it.

Their justification is that if there were some command line option to allow it, then users could be tricked into doing that.

But, couldn't the user not also be tricked into simply downloading the developer edition? Couldn't the user be tricked into deleting their home directory?

Personally, I find these justifications dubious. There is a kernel of truth that in some edge cases it can offer some protection. But it feels far more like something Google or Apple would do, and Mozilla is either cargo culting them, or has been pressured into doing this.


That's the point that mozilla name their signing-disabled firefox as 'unbranded'.

So hackers can't just download the signing-disabled firefox and replace your firefox with it.

The hacker can probably still compile one by their own, but at least it will makes them pain in the ass.


> The hacker can probably still compile one by their own, but at least it will makes them pain in the ass.

I've compiled a branded build of Firefox myself, and it is as simple as setting a single flag at compile time. Almost trivial. The only protection that branding has is legal, not technical. If I tried redistributing the branded build then Mozilla might sue me. Do you think they will be able to sue malware authors when they do it?

There is absolutely nothing stopping a hacker from replacing or patching Firefox.exe with a branded version that will run their hostile extension. Even if they do not have write access to Firefox.exe, they can download it somewhere else and change where the shortcut points to. It would be almost impossible to tell the difference.

This is not a serious security measure.

But I think you are missing the bigger point here. If they can write to files on your computer, then it is far too late. They can encrypt and ransomware your documents, they can install a keylogger, and they may be able to extract all of your passwords and cookies from Chrome and Firefox.

It would be like if someone stole your car, but at least they don't have the keys to the glove compartment.

It is not a justification for Mozilla is doing.


Not sure if that is what they do, but on many platforms, there is also code signing. E.g., even if you could trick someone to download your patched/hacked version of Firefox, I believe they'd get a warning on Windows that the software is unsigned.


That is a fine idea. We can make Firefox as safe as they want at startup. Just keep it as a default option -- something power users can turn off and do not make this a hardcoded choice "because those users turning it off may not know what are they doing". Inform, not restrict. My 2c.


They seem to agree, approximately: https://news.ycombinator.com/item?id=21418786


So now the malware edits the firefox shortcut to start it with that argument and then installs its malicious addons. That doesn't help at all.


Yeah, exactly. Malware could also just delete vanilla firefox and replace it with the developer edition. Just overlay ads over the browser window itself. Or anything else really.

Trying to protect against hostile code already running on the same computer as the browser is futile. At best, it should warn the user if suspicious modifications were made.

And it comes at such a high cost for such a narrow measure of protection.


That's a pretty weak argument. If you already have malware on your computer with enough privilege to change shortcuts then it's game over already.

This is about preventing the naïve from being tricked into manually installing malicious add-ons by a third party.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: