[Althorion]

Yes, sort of. The change is made to _default_ configs, so if you changed something, it won’t touch it. And while I get that changes to that can be annoying, I also find them necessary to keep the application easy to use and productive and cannot think of any piece of software that never have changed their defaults.

The reason for Normandy to exist is to allow the developers to check if some change to that defaults is production ready yet. For example, you can start enabling by default hardware video acceleration for some people and compare the number of browser crashes they experience compared to the general public and use that knowledge to know when this feature is stable enough to be enabled for all.

[lifthrasiir]

It should be mentioned that Mozilla had once wrecked their reputation by allowing a corporate-supported study [1] (yeah, Mr. Robot one). It was a really bad PR disaster for Mozilla, and I think Mozilla has at least learned their lesson by not abusing the studies system in such way (as far as I know).

[1] https://drewdevault.com/2017/12/16/Firefox-is-on-a-slippery-...

[philipwhiuk]

So they'll put it directly in Normandy instead of wrecking Studies?

[lifthrasiir]

Not sure, but Mozilla had taken another PR risk by sponsored contents to the Packet integration [1]. So we need to keep our eyes to Mozilla.

On wrecking Normandy, you can actually see all enabled recipes [2] and nothing seems smoky. It even seems that the hotfix (id=721) was used to unbreak Office 365, supporting the positive uses of this system. But I strongly agree that there should be more approachable list of them.

[1] https://blog.mozilla.org/futurereleases/2018/01/24/update-on... (HN discussion: https://news.ycombinator.com/item?id=16229927)

[2] https://normandy.cdn.mozilla.net/api/v1/recipe/

[Phobophobia]

Between the several HN threads on this, this is just what I was missing. Thanks for clarifying it is the defaults which change. That is completely acceptable. It's like any other feature or aspect of FF that a developer can change.

[Althorion]

I don’t think restricting the changes to default settings is enough, you can still do quite a lot of malicious or just plain annoying things with that—for example, I didn’t change the default browser theme, but that doesn’t mean that I wouldn’t be pissed if it changed to an advertisement of any sort.

It gives the developers a great power—they can change applications behaviour outside typical venues for this. Most users expect an update to change things, but if my browser would start to behave erratically and I knew I haven’t updated it for a while, it would have send me on a wild goose chase for other things that I might have done that make my Firefox crash or whatever. It wouldn’t have occurred to me that some change to my settings was pushed without my knowledge.

We can only hope FF devs will use that power responsibly. It can be a nice feature or a complete nightmare. And I for one would very much welcome some kind of pushed notification about that (‘hey, there was a problem with this and that, so we changed that and this; here’s how you can revert the change if needed’).

[tssva]

In this case it is being used to push a new certificate which goes beyond the ability to change default preferences and therefore raises questions regarding the full capabilities available to Mozilla through Normandy.

[dralley]

Apparently the expiration date of the certificate ends up as a pref at some point. I don't remember what the name of the pref is, but someone posted it.

[chaz6]

Maybe everyone should set app.normandy.user_id to "anonymous".

[badsectoracula]

> compare the number of browser crashes they experience compared to the general public

I'm sure the users who experience said crashes without doing anything in their browsers are happy about this :-P