Hacker News new | past | comments | ask | show | jobs | submit login

I agree that having a discussion on the actual threat model Mozilla is working with is the best way to approach this issue.

Mozilla is trying to defend against malware or adware with root access on the device.

Malware with root access can do what it wants, inluding just replacing the Firefox executable, keylogging, making screenshots, intercepting traffic, or patching Firefox in any number of ways.

Adware can legally do the same if users give consent. Most antivirus software in fact injects code and is capable of controlling processes, they also intercept traffic to monitor for threats.

If both malware and adware can do esentially what they want on the device, then we are left with how this change affects users.

Users can install a different browser, or patch Firefox, but it becomes prohibitive for regular users to control their own browsers if they choose to continue using Firefox, because they lack the expertise to make the necessary changes.

Disallowing local extensions at all costs in Firefox has minimal security benefits, while greatly harming user and software freedom.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: