undefined | Better HN

0 pointsarp2421y ago0 comments

That's you're pedantically language-lawyering my post while not engaging with the far greater falsehood that the previous poster was perpetuating is not a good look.

And the reality is Mozilla can always block any extension they want. They can just change the Firefox source code. It doesn't matter what functionality does or doesn't exist now or what the policy they do or don't have – everything can always be changed. That's true for almost anything.

So what they "could do" is a complete distraction in the first place because the "could do" anything. What they ARE doing matters.

0 comments

yjftsjthsd-h1y ago

No, pointing out that your claims are conceptually false is a fine look.

It's not about things Mozilla could theoretically do to block you, it's that they require you to proactively get their permission to run an extension (in a prod version of the browser on an ongoing basis, which I think is reasonable table stakes). Here's their official docs for self-distribution, i.e. not using the AMO at all: https://extensionworkshop.com/documentation/publish/submitti... Notice that step 1 starts with giving Mozilla your extension to approve of, step 4 goes so far as to say that if your extension doesn't pass their checks then

> The message informs you of what failed. You cannot continue. Address these issues and return to step 1.

then step 7 is make sure Mozilla reviewers can read your source code, step 9 is wait for them to get back to you, and step 13 is download the XPI that Mozilla has approved to be allowed to run in their browser.

So yes, you absolutely need Mozilla's approval to publish an extension, even if you self-publish the XPI after they've blessed it. If they do not perform the action of signing it, they don't need to change any source code, it won't install. It may be true that in this case they have given that approval, but that doesn't invalidate the general point, and this is a fundamental restriction, not "language-lawyering".

jwitthuhn1y ago

I have to disagree that I'm perpetuating any falsehood here. Mozilla literally needs to approve an addon for it to behave normally. That you are satisfied with the process they have for approving doesn't change that.

To me it seems absurd for a company that claims to be so pro-privacy to not allow any genuinely private extensions to exist. Anyone who wants to make a 'real' addon has to share their code with mozilla.

arp242OP1y ago

I actually mostly had the top poster in mind, not you, sorry for the confusion.

What you're saying is technically true, but also not relevant, as explained. They can have the best system in place today, and just change Firefox tomorrow. So it doesn't really matter how the system works now. This is true for anything from Mozilla to XFree86 to Redis to left-pad.

De-facto reality is that right now anyone can create an account and just create a signing key and distribute their extensions $anywhere. Approval is little more than rubber stamp. Mozilla not going around granting "approval" or anything like that.

And they certainly didn't revoke the very weak "approval" here; people can distribute and install it. It's just not listed on the Russian add-on store. So that makes it doubly irrelevant.

j / k navigate · click thread line to collapse