You can still tinker when building firefox from source.
I agree it's not as convenient as the default builds being open to such modding, but that's the point - the default builds should be safer because 99% of users don't tinker.
Well, fixing security bugs obviously is necessary. But that doesn't mean that features should be thrown out of the window in the name of security.
And I was mostly referring to mozilla's tendency to nanny its users.
For example the argument for extension signing is that users can't decide for themselves what to install. And that even side-loading from the operating system would be too dangerous because some users could get tricked (in my book that's a people problem, not a software problem).
And again, the argument for whitelisted, locked-down APIs for extensions is security, that giving extensions the same powers as native applications (which don't have to be signed) is unacceptable. Again, reducing features in the name of security.
Fixing privilege escalation attacks and nannying users so they don't apply foot-guns are two quite separate approaches to security in my opinion. Especially since the latter is onerous on powerusers while the former is not.
The restrictions weren't necessary in the past, the situation was clearly good enough for millions to start using browsers. Why is it necessary now?
> The restrictions weren't necessary in the past, the situation was clearly good enough for millions to start using browsers. Why is it necessary now?
Much of the impetus for this change is to make sandboxing possible. You need to be a multiprocess browser to be a sandboxed browser. Multiprocess Firefox is incompatible with many of the things that addons are doing right now. So, this statement is equivalent to "we didn't need sandboxing before; why do we need it now?" Is that what you're arguing?
Just because we existed without them before doesn't mean the restrictions weren't needed.
We always needed Sandboxing and multi-process Firefox, even though we were able to get by without it for years. Likewise, side-loaded add-ons that can steal your information are a legit security threat, even if you think you're such a smart user that you could somehow avoid ever being burned by it.
> So it's ok to make life harder for 1% so the 99% have it easier?
Generally speaking - yes.
Making a browser safer for 99% of people might be worth making the experience of 1% a little less flexible.
Unless you can find a solution that makes 100% of people happy, we will always have such tradeoffs. And so far, no browser has found such a solution for addons.
It doesn't solve the problem of letting people tinker to discover the need for a new API in the first place.