Firefox Extensions REBOOTED

Computer Help and Discussions Software
81

There is no guarantee that any of the addons above this point in the thread remain compatible with modern day versions of Firefox due to the transition from the addon-sdk to WebExtensions.

Here are some modern extensions that I've been using.

Decentraleyes: https://decentraleyes.org/ (also available for Firefox ESR)

Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.

Multi-Account Containers: https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers/

Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

Neat URL:

https://addons.mozilla.org/en-US/firefox/addon/neat-url/

Removes "garbage" from URLS (mostly tracking flags and other non-essentials. Configurable)

Wikiwand: https://addons.mozilla.org/en-US/firefox/addon/wikiwand-wikipedia-modernized/

Redirects you from Wikipedia to Wikiwand, a modernized interface for reading Wiki articles. 

</p>


</p>
82

A little write up here about Firefox and how they pushed MrRobot behind the scenes without your permission.

https://www.dedoimedo.com/computers/firefox-mr-robot-freedom.html

83

Dedoimedo is just so subtle. :lol:

When I tracked down that addon, a little red box said "This add-on requires a newer version of Firefox . . ." Ha.

In some way, this stuff is akin to trespassing.

84
Quote 
<div class="ipsQuote_contents">
	<p>
		For example, in this case, I know I will not watch this TV show. I have no idea what it is, never seen or heard about it, but now, I am certain, BECAUSE MOZILLA, that I will not watch it. How's that for your study?
	</p>
</div>

Author's loss on this one, IMO. I happen to quite enjoy Mr. Robot.

85
58 minutes ago, Winapp2.ini said: 
<div class="ipsQuote_contents">
	<p>
		Author's loss on this one, IMO. I happen to quite enjoy Mr. Robot.
	</p>
</div>

Maybe so but Firefox had no right to sneak this in without asking user permission did they.

86
1 hour ago, hazelnut said: 
<div class="ipsQuote_contents">
	<p>
		Maybe so but Firefox had no right to sneak this in without asking user permission did they.
	</p>
</div>


They certainly chose a poor approach for it, using the SHIELD studies feature; but I think the article is rather hyperbolic to the point of coming off as both immature and uninformed.

I happened to have been actively following the Looking Glass fiasco as it unfolded via /r/firefox. Savvy users quite quickly made the link to Mr. Robot by looking through the code for the addon (found on GitHub), and soon discovered that the addon was totally inert unless you modified an about:config:preference to make it function. Upon doing so, it would flip some words up-side down and prompt you to follow a link to an incomplete information page (incomplete presumably because the study was sent out prematurely). It did not otherwise collect or transmit any data. 

As someone generally opposed to ads, I see and understand the resentment. However so far as I know, there was no profit motive here like the article suggests. Mozilla is a non-profit, and the bulk of their operating income comes from their search engine partnerships.

I do think some blame falls upon users for not being more attentive to the SHIELD preferences. Being opted-in to studies explicitly allows Mozilla to push, without warning, addons to your browser the modify your user experience. Whether or not one thinks those settings should be enabled by default is surely a topic for discussion, but somewhat besides the point given the reality that they seem to be. (they certainly are on by default for Nightly, but I do not know the default setting on a clean profile using only the Stable release channel, I imagine that it is "on" though.

Quote 
<div class="ipsQuote_contents">
	<p>
		I have a profile that dates back to pre-1.0 releases, and I always carefully check and screen every single program setup and installation.
	</p>
</div>

Clearly the author did not carefully check Firefox's about:preferences#privacy page (perhaps they overlooked the complete redesign of the preferences in Firefox 56 during their review of Firefox 57), or he would have seen that not only were those boxes ticked, but the studies one even helpfully links to about:studies which itself links to SHIELD study information

I think Mozilla had a poor response to user outrage initially, and they were essentially forced to make a second apology because of how lacking their initial response was. 

At the end of the day, while Mozilla acted here in bad faith of their users, I don't think they did so in an <em>intentionally malicious manner</em> and the real-world impact of what they did was to scare a bunch of people who thought they may have had malware (that they didn't). I don't think this makes Mozilla " Yet another shark in the pond, after its share of filthy dimes."

I am not a reader of this website, and do not know if this manner of writing is typical of their articles, but it comes off (to me) as rather petulant.

So at the risk of sounding like a Mozilla apologist, I don't think the author is informed enough about Mozilla as an entity (particularly what they do outside the scope of developing Firefox) to make some of the claims he does.

Was Mozilla wrong to use the SHIELD study system to push out promotional content? Probably. That's not what the system is there for. 

Did they have the "right to" push content without asking? You could argue that "yes because that's what being opted into studies means." or "no because studies seem to be on by default and shouldn't be." I don't think they should be on-by-default on the Release channel (if that's the case), but I think it's absolutely reasonable for them to be on by default in both Beta and Nightly given that the purpose of those channels is to test prereleases and new features of the browser.

Quote 
<div class="ipsQuote_contents">
	<p>
		In a world without real choice, the best you can do, short of a proper bloody revolution, is to b**** and moan and tell your story.
	</p>
</div>

It's not as if there aren't other browsers, but the author themselves after all that moaning even says they'll be sticking with Firefox because it's the least annoying.

So while I am both a fan of Mr. Robot and Mozilla & what they do, and I recognize the user-trust implications of what happened (at a time where they're struggling to regain market traction), I don't particularly care for this article itself.

87
Quote 
<div class="ipsQuote_contents">
	<p>
		<span style="background-color:#ffffff;color:#353c41;font-size:14px;"><span> </span>Savvy users quite quickly made the link to Mr. Robot by looking through the code for the addon (found on GitHub)</span>
	</p>
</div>

This is where I reach for a cup of patience ... I don't like the attitude of softwares that treat non savvy users (80% of users) as test fodder.

Yes people should watch what they install (Piriform/Avast a case in point) but come on, we are not all super users. Most folk just want to use Facebook and email and shouldn't keep having to look over there shoulder at the browser settings to see what has been added.

As regards GitHub, most people have no idea what that is.

88
1 minute ago, hazelnut said: 
<div class="ipsQuote_contents">
	<p>
		This is where I reach for a cup of patience ... I don't like the attitude of softwares that treat non savvy users (80% of users) as test fodder.
	</p>

	<p>
		Yes people should watch what they install (Piriform/Avast a case in point) but come on, we are not all super users. Most folk just want to use Facebook and email and shouldn't keep having to look over there shoulder at the browser settings to see what has been added.
	</p>

	<p>
		As regards GitHub, most people have no idea what that is. 
	</p>
</div>

I didn't mean to suggest that the average user should need to go through this. Merely recounting the relatively quick sleuthing of users who are particularly attentive to Firefox.

It is my understanding that the addon was pushed through the SHIELD system prematurely, and that while most of the information needed to understand it existed in some form or another, it was not a complete package in the way that it is currently shipped (notably, the information page is now populated with actual details of the addon, it was merely an empty article at the time of the addon push - which only lead to more confusion)

At the end of the day though, they pushed something that effectively didn't do anything at all to people without explanation, and given the (mostly deserved) blowback for their lack of transparency, I tend to doubt it'll happen again. If it does, perhaps I'll feel more warmly towards a literal middle finger at the bottom of an article.

89
11 hours ago, Winapp2.ini said: 
<div class="ipsQuote_contents">
	<p>
		


		but I think the article is rather hyperbolic to the point of coming off as both immature and uninformed.
	</p>
</div>

With how malware attacks systems nowadays I can see how the author would be pissed off and rant a little thus seeming as you've stated. Although I've read a few of his articles and liked them - if anything they're entertaining on this very dangerous icy day outside.

90

Retrospective thoughts by Mozilla on MrRobot.

https://blog.mozilla.org/firefox/retrospective-looking-glass/

91

Because of an expired certificate issue all Firefox extensions are disabled at the moment.

https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

92

More info on above bug here

https://techcrunch.com/2019/05/03/a-glitch-is-breaking-all-firefox-extensions

93

Update: Mozilla started to roll out a fix for Release, Beta, and Nightly versions of Firefox. The fix uses Mozilla Studies, and you need to make sure that this is enabled to get it. Mozilla notes that you may disable Studies again after the fix is applied and add-ons have been re-enabled. You need to make sure that "Allow Firefox to install and run studies" is checked on about:preferences#privacy. End

94

My nightly seems unaffected by this bug. I have the message saying the addons can't be verified but they all still work. Weird. Addon signing is probably not a requirement on the nightly build if I had to guess

edit: seems my xpinstall.signatures.required is set to False

95

Funny how it had no issue earlier today, and now it's messed up in Firefox ESR 60.6.1

96

Messed up on mobile firefox too, only certain add-ons though. Says they're unsigned and disables them.

97

It's being reported that the 'studies' hotfix is not available to all FF users. 

And it's only for desktop users, it won't work with FF Android.


(It worked fine on my laptop and I have extensions back on that, but my phone still has no FF add-ons).

If you have left 'studies' turned on (the default) then you should already have got the hotfix automatically in the background.

Here is the official FF blog about the problem which is being kept updated. 

It tells you how to enable 'studies' to get the hotfix, it should be enabled by default (which is why they used this channel to release the fix) but you may have turned it off.

https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

There is also an issue with Firefox clones which don't have 'studies' so can't get the hotfix that way. 

I found this which applies the main hotfix (there are actually 2) directly without needing 'studies' so should work with FF clones:

https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

Other work arounds are being suggested on various websites. 

Mozilla have warned against using these as they could/will clash with the official fix when it is released.

98
Quote 
<div class="ipsQuote_contents">
	<p>
		Because of an expired certificate issue all Firefox extensions are disabled at the moment.
	</p>
</div>
Quote 
<div class="ipsQuote_contents">
	<p>
		Says they're unsigned and disables them.
	</p>
</div>

i was already wondering why for example the addon ublock is disabled since 1 or 2 days on my firefox esr 52.9...

99

https://support.mozilla.org/de/kb/Add-on-Signierung-in-Firefox?as=u&utm_source=inproduct#w_was-kainnen-sie-tun-wenn-firefox-ein-add-on-deaktiviert

in german

Quote 
<div class="ipsQuote_contents">
	<p>
		 
	</p>

	<h2>
		Für erfahrene Nutzer: Welche Möglichkeiten haben Sie, wenn Sie ein unsigniertes Add-on benutzen möchten?
	</h2>

	<p>
		In den Firefox-Versionen <a href="https://www.mozilla.org/firefox/organizations/" rel="external nofollow">ESR (Extended Support Release)</a>, <a href="https://www.mozilla.org/firefox/developer/" rel="external nofollow">Developer Edition</a> und <a href="https://nightly.mozilla.org/" rel="external nofollow">Nightly</a> können Sie die Einstellung zum Erzwingen der Erweiterungs-Signierung überschreiben. Dazu ändern Sie im <a href="https://support.mozilla.org/de/kb/konfigurationseditor-fur-firefox" rel="external nofollow">Konfigurationseditor für Firefox</a> (der Seite <em>about:config</em>) die Einstellung "<strong><span>xpinstall.signatures.required</span></strong> "auf "<strong>false"</strong>. Es gibt auch spezielle Versionen von Firefox, die diese Überschreibung zulassen.
	</p>

	<p>
		 
	</p>
</div>

in english

Quote 
<div class="ipsQuote_contents">
	<p>
		 
	</p>

	<p>
		What are my options if I want to install unsigned extensions in Firefox?
	</p>

	<ul><li>
			The <a href="https://nightly.mozilla.org/" rel="external nofollow">Nightly</a> and <a href="https://www.mozilla.org/firefox/developer/" rel="external nofollow">Developer Edition</a> versions of Firefox have a preference to disable signature enforcement. There are also be special <a href="https://wiki.mozilla.org/Add-ons/Extension_Signing#Unbranded_Builds" rel="external nofollow">unbranded versions of Release and Beta</a> that have this preference, so that add-on developers can work on their add-ons without having to sign every build. To disable signature checks, you will need to set the <code>xpinstall.signatures.required</code> preference to "false".

			<ul><li>
					type <code>about:config</code> into the URL bar in Firefox
				</li>
				<li>
					in the Search box type <code>xpinstall.signatures.required</code>
				</li>
				<li>
					double-click the preference, or right-click and selected "Toggle", to set it to <code>false</code>.
				</li>
			</ul></li>
	</ul><p>
		 
	</p>
</div>

as in winapp2.inis post :-)

100

Yesterday I did what winapp2 eluded to a few posts up and set to false: 

xpinstall.signatures.required

I then re-installed uBlock Origin (also yesterday) which immediately re-enabled it, and allowed it to remain enabled with me doing nothing else, so I left it at that.

Then today when I looked in the Firefox 'Add-ons Manager' Firefox ESR Portable 60.6.1 has automatically on its own installed: 

hotfix-update-xpi-intermediate

One thing I don't like at all about this mess is that "hotfix-update-xpi-intermediate" got installed with absolutely no notification whatsoever, and I wonder if some people might think it's malware.

---------

This ordeal is making me think of going back to using SRWare Iron Portable as my main browser!