undefined | Better HN

0 pointstzs11y ago0 comments

From the Mozilla add-ons blog, which is linked to in the article:

    Extensions that change the homepage and search
    settings without user consent have become very
    common, just like extensions that inject
    advertisements into Web pages or even inject
    malicious scripts into social media sites. To combat
    this, we created a set of add-on guidelines all
    add-on makers must follow, and we have been
    enforcing them via blocklisting (remote disabling of
    misbehaving extensions). However, extensions that
    violate these guidelines are distributed almost
    exclusively outside of AMO and tracking them all
    down has become increasingly impractical.
    Furthermore, malicious developers have devised ways
    to make their extensions harder to discover and
    harder to blocklist, making our jobs more difficult.

    We’re responsible for our add-ons ecosystem and we
    can’t sit idle as our users suffer due to bad
    add-ons. An easy solution would be to force all
    developers to distribute their extensions through
    AMO, like what Google does for Chrome extensions.
    However, we believe that forcing all installs
    through our distribution channel is an unnecessary
    constraint. To keep this balance, we have come up
    with extension signing, which will give us better
    oversight on the add-ons ecosystem while not forcing
    AMO to be the only add-on distribution channel.

0 comments

peri11y ago

Thanks, was in a hurry to catch my train.

j / k navigate · click thread line to collapse

0 pointstzs11y ago0 comments

From the Mozilla add-ons blog, which is linked to in the article:

    Extensions that change the homepage and search
    settings without user consent have become very
    common, just like extensions that inject
    advertisements into Web pages or even inject
    malicious scripts into social media sites. To combat
    this, we created a set of add-on guidelines all
    add-on makers must follow, and we have been
    enforcing them via blocklisting (remote disabling of
    misbehaving extensions). However, extensions that
    violate these guidelines are distributed almost
    exclusively outside of AMO and tracking them all
    down has become increasingly impractical.
    Furthermore, malicious developers have devised ways
    to make their extensions harder to discover and
    harder to blocklist, making our jobs more difficult.

    We’re responsible for our add-ons ecosystem and we
    can’t sit idle as our users suffer due to bad
    add-ons. An easy solution would be to force all
    developers to distribute their extensions through
    AMO, like what Google does for Chrome extensions.
    However, we believe that forcing all installs
    through our distribution channel is an unnecessary
    constraint. To keep this balance, we have come up
    with extension signing, which will give us better
    oversight on the add-ons ecosystem while not forcing
    AMO to be the only add-on distribution channel.