Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UX, privacy, security: consider defaulting to disallow unsigned extensions #695

Closed
grahamperrin opened this issue Jul 12, 2018 · 4 comments

Comments

@grahamperrin
Copy link

With Stylish 3.1.3 as an example, a comparison …

Firefox 61.0.1 user experience

  1. about:config?filter=xpinstall.signatures.required
  2. observe the yellow alert, Here be dragons!
  3. accept the risk
  4. make xpinstall.signatures.required false
  5. aim to install the extension
  6. observe the yellow alert, the generic caution about unverified add-ons
  7. Add
  8. at about:addons, observe a single yellow alert, with a generic link – More information – that works
  9. eventually, receive a heartbeat message about unavailability of Stylish, with a link – Learn more – that works.

Visually

2018-07-12 06 34 41

2018-07-12 04 55 57 add-ons manager - mozilla firefox

Stylish - Custom themes for any website could not be verified for use in Firefox. Proceed with caution. More Information

– with (in my case) more information https://support.mozilla.org/1/firefox/61.0/FreeBSD/en-US/unsigned-addons redirecting to https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?as=u&utm_source=inproduct.

Learning more:

2018-07-12 04 57 57 blocked add-ons - mozilla firefox

(3.1.3 is not yet blocked, but that's a separate issue – off-topic from Waterfox.)


@grahamperrin
Copy link
Author

The comparison …

Waterfox 56.2.1 user experience

  1. aim to install the extension
  2. observe the yellow alert, the generic caution about unverified add-ons
  3. Add
  4. at about:addons the uppermost yellow alert includes a link that does not work
  5. the line below the first yellow alert is another link that does not work
  6. the yellow alert for Stylish includes a link that does work
  7. no heartbeat – no hint that a prior version (3.1.1) is blocked.

2018-07-12 05 11 31 add-ons manager - waterfox

Common UX

A welcome to Stylish, for example:

2018-07-12 05 41 14

Related

Meta, tracking: #538

@grahamperrin
Copy link
Author

Thoughts

With Waterfox 56.2.1 it's too easy to install unsigned, possibly malicious add-ons.

True: there's a yellow alert at installation time, but those dialogues (and related reference materials) are sometimes verbose and/or difficult for an end user to understand.

Assume that the user will pay little or no attention. PEBKAM, but this should not detract from the wish for Waterfox to take a more cautious approach.

Critically: learning to ignore non-working alerts – #695 (comment) steps 4 and 5, for example – increases the likelihood of end users paying insufficient attention to genuine alerts.

Suggestion

  1. xpinstall.signatures.required true by default
  2. for users who require unsigned add-ons, document what's required.

https://github.com/MrAlex94/Waterfox/blob/01e6727879b2aa363daa2bdd9878ca7df5039d96/modules/libpref/init/all.js#L4957

– is that it?

@MrAlex94
Copy link
Collaborator

Sorry, but this is one of the features as even disabling wasn't working for a while on Firefox before they completely disabled it. A lot of older add-ons won't be signed and there's quite a few users use this. If you so wish, disable it for yourself :-)

@grahamperrin
Copy link
Author

Thanks, understood. It'll help me to draft something for an FAQ.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants