|
|
|
|
|
|
by wsha
4136 days ago
|
|
|
Actually, the point of this change is that there is no opt out. The main target of this change is to prevent grayware from silently sideloading bad add-ons onto users' systems. Up to this point, such grayware could hide behind the argument that some user action implied consent to the add-on installation. With this new change, that is no longer possible. It is almost as easy for such grayware to silently modify the Firefox binary directly, so from a security standpoint this change does not really contribute much. However, such modification to the Firefox binary (or a similar action) is much more obviously malware than side loading an extension is. So Mozilla is trying to gain leverage against bad actors who are trying to pose as legitimate actors. The problem with an opt-out is that grayware could silently activate the opt-out and claim that such an action was implied by the installation of the grayware. That said, Mozilla has also said that they will release an unbranded version of Firefox that does not include the add-on signing restriction but is otherwise identical. Hopefully, that "identical" promise holds true and users who do not want to deal with the signing restriction can use this unbranded version. |
|
|