Hacker News new | past | comments | ask | show | jobs | submit login

Please do not label local extensions as inherently unsafe, it's extremely disingenuous to label software that has not been rubber-stamped by Mozilla as unsafe.

You keep bringing up CORS, but that is a security directive that can be disabled in Firefox. Even an essential security measure such as CORS is allowed to be disabled using extensions approved by Mozilla, opening users up to universal XSS by any site they visit.

In any case I don't think CORS is relevant in a discussion about Mozilla taking away user freedoms under the pretext of a threat model that falls apart once subjected to close scrutiny.




Maybe I'm missing something. As far as I know Firefox only allows you to disable a subset of CORS checks.

I just fundamentally don't agree that taking away extension functionality means taking away user freedoms. Even if Firefox developers are completely wrong about security, I have no moral right to make their project execute my code. My user freedom is to develop and run a modified version of the Firefox code, which Mozilla does allow by making Firefox free software.


And this I think is the crux of how FF has changed its no longer "here's a browser for you to have" it's "here's our browser, you can only use it like this".

This is how you get "we added an addon that you can't remove" and "we re-added icons to the toolbar that you removed" and now "we won't let you simply install any addon".

And presumably next year "only addons from the Mozilla walled-garden"? That seems to be the direction it's going.

Mozilla allow users to do stuff, you say. They used to be about enabling users. Only allowing things a user has a moral right to demand of you doesn't sound like FOSS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: