So they are hand-picking extensions now? Is this trend going to continue (i.e. they continue to add more but still with a manual process) or they're aiming to be on par with the old Firefox (supports most of extensions automatically)?
AFAICT the intent is to eventually support the full WebExtensions API, i.e. every extension that runs on Firefox 57 or later. From an older blog post discussing this:
"We’re happy to confirm that GeckoView is currently building support for extensions through the WebExtensions API. This feature will be available in Firefox Preview, and we are looking forward to offering a great experience for both mobile users and developers. Bringing GeckoView and Firefox Preview up to par with the APIs that were supported previously in Firefox for Android won’t happen overnight. For the remainder of 2019 and leading into 2020, we are focusing on building support for a selection of content from our Recommended Extensions program that work well on mobile and cover a variety of utilities and features."
My guess would be that they'll try to make it curated-only unless users complain too much. Or maybe allow other extensions behind serious warning screens.
If that ends up being the case, depending on their review process, it kinda sucks for any potential new extensions created after the ecosystem lockdown, that won't get a chance to attain enough popularity to be relevant - unless Mozilla agrees to do a review for any project that asks, which doesn't seem likely.
The basic assumption is that users are dumb when it comes to security, and if there is a way to install malware, they will be tricked into installing malware (even with no vulnerabilities in the host software itself). Especially since there is such a thing as warning screen fatigue, which makes people not pay attention and just click through due to the sheer amount of benign(ish) warning screens they regularly deal with (https://en.wikipedia.org/wiki/Alarm_fatigue).
Making them explicitly type out "YES I AM AWARE THIS EXTENSION COULD EASILY CONTAIN MALICIOUS CODE AND I TRUST THE SOURCE: " + the domain name, in all caps before proceeding could be enough to catch most cases (unless too much legit software gets forced behind such warnings, where it would lead to that fatigue problem again).
Desktop Chrome doesn't let you have an outside extension
without showing a warning on every single startup (even if it's an extension you are currently developing), but that could be because on a desktop OS, other applications could add such extension into Chrome without a user action. On mobile, where apps are isolated from one another, that problem doesn't exist, so maybe such strict restrictions shouldn't be necessary.
I know we often say "the user is dumb, therefore software should patronize them", but that really only goes so far.
On hindsight it looks like a balancing act where single features are evaluated for their danger, etc.
Then, at some point, there's no software left that allows users to achieve their goals, because "you wouldn't want to do that", "stupid people could accidentally use it", "your use case is too fringe to justify catering to it anymore", etc.
We're pretty much at this point now regarding browsers on Android, where there's only Chrome and it's skins (that let you do nothing) and Firefox.
I can't believe the sensible thing to do would be to cut uncurated, non-store extensions from Firefox as well.
It would be a huge loss for the whole ecosystem just to make a few Firefox installs (from an already small install base) a tiny bit less compromisable.
>I know we often say "the user is dumb, therefore software should patronize them", but that really only goes so far.
It's not just a saying, it's supported by real-world situations that actually happened, and that you can be pretty sure will happen again. That's the context for the decisions that platform owners have to make.
E.g. not too long ago, Dark Reader users received this notice https://darkreader.org/blog/attention/ about malware clones of the real extension that apparently thousands of people had installed (from the stores). It is events like this that influence these decisions.
>Then, at some point, there's no software left that allows users to achieve their goals, because "you wouldn't want to do that", "stupid people could accidentally use it", "your use case is too fringe to justify catering to it anymore", etc.
That's basically the Apple mindset. It's a well known fact (e.g. his biography) that Steve Jobs didn't even want any third party apps (other than super limited web-"apps") on iOS initially, and had to be convinced otherwise.
Well, their goals are clearly different. From the FAQ linked above, it is clear they want to have some control over "the experience", which is mentioned a lot.
If too many users install a crappy, buggy extension that slows everything down, they know they will get a reputation for being a buggy and slow browser, regardless of whether it's their fault or not. It also creates incentives for extension authors to follow best practices where possible.
For people who really care about choices for themselves, it's an open source project, it's not that hard to make an unrestricted fork under a different name that automatically tracks the upstream (as long as Android sideloading stays intact, plus it could also be published in Play Store as long as you don't use any of their trademarks). As far as I know there is nothing unique in the official branch that you would miss out on (when compared to e.g. missing out on Netflix or voiding warranty with custom ROMs - there are no such tradeoffs with simply using a fork of a browser).
It only creates a much higher barrier to adoption for unapproved extensions (because you now have to convince users to install another browser), so many developers simply won't bother, but that's not an issue if I understand your argument correctly.
> Well, their goals are clearly different. From the FAQ linked above, it is clear they want to have some control over "the experience", which is mentioned a lot.
Even without the linked FAQ it appears to be pretty straightforward that Mozilla values control given that they're about to change an open, decentral system to a tightly controlled curated app store.
It's just that this wasn't always the case. See, for example, point 5 of their manifesto where Mozilla states: "Individuals must have the ability to shape the Internet and their own experiences on the Internet." or in point 6 where they emphasize: "decentralized participation worldwide"
> If too many users install a crappy, buggy extension ... they will get a reputation for being a buggy and slow browser ...
I have two concerns with this argument: The first is practical:
Is that a big problem? Are there numbers about large amounts of sideloaded extensions causing the reputation of firefox for android to drop? AFAIK sideloading is neither very common nor particularly rich of scandals. And even your earlier example was concerned with malicious extensions in Mozillas own extension store.
The old "Firefox for Android" enjoys a 4,4 star Play Store rating, compared to Previews also excellent 4,2 Star rating.
The second one is ethical:
Mozilla does not try to be the most successful browser at any cost. They provide valuable capacities to the Android ecosystem and drastically increase software freedom on the platform. If their goal were popularity, they would be much more successful by adopting Chrome under the hood and spending all their money on marketing.
Even your later argument features the condition "as long as Android sideloading stays intact" which itself already shows how dependent on a few central features the platforms freedom already is.
> it's not that hard to make an unrestricted fork under a different name
I don't see how trusting users to recompile an unrestricted firefox fork goes well together with not trusting users to sideload a browser extension.
> As far as I know there is nothing unique in the official branch that you would miss out on.
Right now it's soft paywall blockers that are left out. (They just change referrers and cookies for specific sites.) But potentially it's all extensions, since Mozilla the corporation can be pressured into legal compliance.
In the future this might very well interfere with peoples ability to avoid censorship.
At the time at which centralizing a system is suggested it's almost never problematic, because problems only get apparent after centralization went into effect.
>Are there numbers about large amounts of sideloaded extensions causing the reputation of firefox for android to drop?
I'm not aware of any, but that could be because alternative browsers are not that popular on mobile in general.
The reputation of Android itself has definitely suffered due to sub-par apps (battery draining, slowdowns etc.) and downright malware (sometimes promoted via Google's own ad network).
>And even your earlier example was concerned with malicious extensions in Mozillas own extension store.
It seems they disabled sideloading on their desktop browser some time ago, so that was the only way it could've happened anyway.
I don't know whether they currently do any review for extensions in the store (even automated one), or just manually ban bad actors.
(There is an additional reason to disable sideloading on desktop that I mentioned in a previous comment - other destkop apps installing shit without user action/approval, which cannot happen on mobile due to app isolation).
>I don't see how trusting users to recompile an unrestricted firefox fork goes well together with not trusting users to sideload a browser extension.
- Their name wouldn't be on it. To publish in Play Store, a fork would have to scrub all Firefox branding from the app (see Iceweasel), and would then assume all responsibility.
- Let's be honest, in practice, such a fork would be mostly used by highly technical users who are more likely to know what they're doing. Non-technical users would be far less likely to install it than some random 3rd party extension they come across. The Firefox name is fairly well known outside of tech circles. The name of some random fork would not be.
>In the future this might very well interfere with peoples ability to avoid censorship.
I agree that there is a risk that their official binary distribution could gain exclusive abilities in the future which are not part of the open source version (at which point Firefox would technically no longer be open source, e.g. Chrome vs. Chromium). Care should be taken that that doesn't happen.
Anyway, at the moment I'm far less concerned about extensions that they specifically want to ban/censor, and far more about 3rd party developers potentially losing the ability to innovate, if the review process is only practically available to popular established players (who got popular while the ecosystem was still open) - because then how would a new project even get to that phase? That may or may not be an issue though, we'll see how it turns out.
So I misunderstood (only skimmed through) those 2 links about desktop Firefox sideloading, they use a different meaning of that term than what it commonly means on Android.
They only blocked 3rd party apps from installing extensions by themselves (which is good). User-installed extensions from outside of the Mozilla store are still allowed on desktop Firefox.
The new version does seem to be a play at creating a walled garden Firefox platform on Android.
I'm curious whether the ability to add arbitrary extensions is just ifdef'd out of the play store version, or whether this feature is just fundamentally unimplemented. I don't intend to switch to a different browser from current FF on Android that does not support the extensions I use.
