[braiamp]

The reason for that is like you expect, someone abused that, and we do not have nice things anymore. That's the same reason why apt-get doesn't allow you to remove essential packages on Debian, without modifying a configuration file.

[solarkraft]

The biggest browser by far, Chrome, can somehow afford allowing people to install unsigned extensions, so Firefox ought to be able to as well.

[lrvick]

Lack of signing on extensions makes it really easy for pentesters and blackhats to trick people into installing malicious versions of password manager plugins.

[sameerds]

A close friend who is a professional has been losing customers because he was too careful and wanted only the most reliable thing for every customer. Customers drifted away, and business dwindled. Our guess is that word-of-mouth publicity stopped because "he takes too much time to get anything done". Things have started improving ever since he pulled back his quality slightly, thinking that if say a "small N" out of 100 customers are dissatisfied, at least the remaining will retain business.

Is that what is ailing Firefox? I mean is Firefox losing because it tries to be safest and the best for every user, while Chrome just carries on with basic safety and nothing more?

[EDIT: Clarified the question.]

[eviks]

Given the fact that Firefox was ailing long before mandatory signing, this seems like a clear no?

Besides, this isn't "safest and best for every user", just like the quality vs speed tradeoff in your friend's story is not something he can decide entirely on his own for his customers (though there are other complications in real life)

[ttoinou]

Good point, maybe it comes from who's paying for the browser, hence how companies behind browsers are incentivized. Google gets money from advertiser and Mozilla from Google and users donations

[megous]

I can not run my own extension in Firefox by modifying a config file. It's not possible. Not even if I don't let dishonest actors anywhere near my Firefox install.

I can murder some trees and poison the environment for all of us, to do pointless mutli-hour re-builds of Firefox for each release and point release to have it accept my add-ons, though.

I've also never seen a reason, why I can't at least place my CA into Firefox /usr/lib/firefox folder or /etc/firefox and have it be respected. Or just place local extensions there and have firefox not require signatures for them, because there's no way these can be installed accidentally from web by clicking some link.

And if someone can trick me into modifying /usr/lib, they can just trick me into replacing Firefox completly with their malwared build, so signing will not save me anyway.

[pabs3]

The Debian build of Firefox does load extensions from /usr/share/mozilla/extensions, so that it will load the extensions in the Debian webext-* packages. You can even add a symlink there pointing at a dir in your /home so you can load extensions you are developing.

[megous]

That's because it's an ESR build. Normal build does that, too. The extensions still have to be signed. It's not a Debian thing.

One ESR build, you can disable signature checks though in about:config. Not sure how this fits into the standard Mozilla orthodoxy. Remember that core tenet of the orthodoxy is that users can't be trusted to protect themselves...

So maybe Mozilla cares less about safety of users that want to use their ESR (extended support) build. There are way fewer of these users than that of main Firefox build, so their safety is maybe not that important on the grand scale of 2.5% marketshare that Firefox still holds.

[pabs3]

The extensions in /usr definitely do not need to be signed, I've loaded unsigned ones before and the webext-* packages do not contain signatures.

[megous]

Looks like the cause that this does not work for me is extensions.autoDisableScopes defaulting to 11

Well, great. This is at least something :)

[pabs3]

What I said applies to both of Debian's firefox and firefox-esr packages, so it definitely isn't just an ESR thing.

[reubenmorais]

> And if someone can trick me into modifying /usr/lib, they can just trick me into replacing Firefox completly with their malwared build, so signing will not save me anyway.

As you said yourself, that's a much bigger hassle and cost. In other words, it's an effective deterrent. Writing to a user owned file is a very low bar for allowing privileged code execution in the browser.

A long time ago browsers used to be infested with all kinds of toolbars and extensions automatically installed by third party software, I for one am glad to not have to worry about that in my computer and on networks I manage or frequent.

[SunlitCat]

It's an effective deterrent to keep power user away from your software as well! So if that's what Mozilla wants, they have their mission accomplished!

[reubenmorais]

A power user only needs to RTFD: https://wiki.mozilla.org/Add-ons/Extension_Signing#FAQ

[SunlitCat]

Yeah...no.

Only preview versions and developer versions can run unsigned addons. Both coming with their own set of reasons why you shouldn't use them as your daily browser.

[megous]

And ESR, but that may not be normally distributed in Linux distros. It's not in Arch Linux.

There's no hassle free solution. Only way to run your own code on normal branded Firefox release is to rely on third party signed extensions (eg. Violentmonkey), but that's not really hassle free either if you have 10s of userscripts and multiple browser profiles, and you have to trust some third-party to not go rogue. I got pretty terrible malware from mozilla add-on store in the past.

[megous]

/usr/lib are not user owned files

[eadmund]

Honestly, that trade-off is not worth it, particularly with browsers. People who do ignorant things are ignorant (note that I did not say stupid: they may be quite intelligent in other areas of life). Tools should do what their owners direct them to do, even if it is a mistake.

With apt, there is a bit of method to the madness: if one imagines that apt’s job is to do the thing the user requested and then deliver a correct system, then clearly essential packages can’t be removed.

But there is not a reason to prevent the user of the software from using the software in the way he wishes on his own machine.

[lrvick]

Advanced users can modify the source code to disable things that get in their way. Anyone not capable of that is not capable of knowing when it is safe to turn off safety defaults.

Chromebooks at least get this one thing right. You can disable firmware signing, but only if you are comfortable taking the laptop apart to remove a magic write protection screw. That is something a scammer cannot easily convince a grandma to do.

[toast0]

I think chromebooks have moved away from screws to special key combinations for the most part. The screw is a good idea, but having to take apart the whole thing to get to the screw is a bit much.

[eadmund]

> Advanced users can modify the source code to disable things that get in their way. Anyone not capable of that is not capable of knowing when it is safe to turn off safety defaults.

Modifying a morass of C++ source code is not nearly the same thing as writing an extension in Javascript.

Mozilla is just fundamentally in the wrong here.

[bravetraveler]

DNF has a similar mechanism, I appreciate it when poorly-written third party package manifests try to remove/deprecate more than they should