|
|
|
|
|
|
by aswan
2521 days ago
|
|
|
The issue isn't about having a sufficiently scary warning. It is that the browser has to store the fact that the user has agreed to this warning somewhere (ie, presumably in the user's profile). That means any other software running on the computer with regular user permissions can make the same modification to the profile and then install an unsigned extension without the user's consent. Typically, when Mozilla finds out about software installing extensions without user consent, the extension is added to the blocklist, but if the extension is unsigned it can just claim that it is ublock origin or adblock plus or some popular extension, leaving no practical way to block it. This is described in greater detail at
https://blog.mozilla.org/addons/2015/04/15/the-case-for-exte... (in full disclosure, I am a Mozilla employee) |
|
|