Announcement

Collapse
No announcement yet.

Mozilla Had A Rough Night With Add-Ons Getting Disabled Due To An Expired Certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    It is quite impressive that companies like Mozilla or Google are not capable of managing events ...
    Suddenly Googles deb-keys for Chrome and Earth expired - and it took them more than 24 hours for chrome and several more days for Google Earth.
    Now Mozilla got expired certificate ... maybe they should force those people in charge of such calendar-critical events working for that companies to use Lightning (Thunderbird Calendar Add-on developed by Mozilla - not liked to have more time to concentrate on Firefox - and now seeing `some' care again).
    Maybe Google should not try making moon-shots but stay on earth doing their boring work.
    Both companies should not waste time to change GUIs - there should be several ones to chose from anyway - but focus on functionality.
    Anyway, nice to see IT experts showing the perfect use of computers ... probably a booklet would currently do a better job for them!

    Comment


    • #12
      Funny, I was hoping to see a news article on this when I opened up Phoronix today. Glad I wasn't left disappointed.

      Stuff like this is why I don't commit to a single browser. I like Chrome and Firefox about equally (Firefox slightly more, since when the add-ons work, they're better for my needs) so whenever one of them makes a big mistake like this, it's not hard for me to adapt.

      Comment


      • #13
        Given how I don't consider it safe to make any HTTP requests on the modern web without extensions like uMatrix, Decentraleyes, and CanvasBlocker, this makes me very glad that I always run versions of Firefox that obey xpinstall.signatures.required=false.

        I didn't notice anything had changed until I read this article and went to my addons listing to find a list of (advisory but unenforced) "... could not be verified for use in Firefox. Proceed with caution." messages.

        Comment


        • #14
          Mozilla Add-ons Blog has an update on this issue and that might be a good place to search for the latest info.

          Some Linux distros like Mint package Firefox independently from Mozilla and I suppose the proper fix (updated certificate) will also percolate through the packager.

          Comment


          • #15
            I no longer have any respect for Mozilla.

            Not only do they use their signing authority for political reasons (removing Dissenter because they don't like the user generated content), but they can't even manage to keep the signatures up to date. Mozilla has made a transition from moral principle to moral prostitution, and from technical competence to technical illiteracy.

            Rest In Peace.

            Comment


            • #16
              I don't get it.
              Aren't these certificates needed only when you install the add-on?
              Do firefox phones home every time I open my browser and if they don't like something they disable it, like in this case?
              I thought that once you install firefox and and the needed add-ons, then you have everything on your computer and you are in control.
              No wonder that Firefox it's rapidly turning into Windows 10 with the forced upgrades,, disabling features remotely, etc...
              It was a good browser in the past.

              Comment


              • #17
                microcode they didn’t disable dissenter for political reasons, the devs made a change to it so that by default it sent every page you visit to its servers without telling the user, or asking for permission which is against AMO policy. They could have self-signed the addon and distributed it from their site, or reversed the change and put it back on AMO, but the devs were too stupid to know this and blamed it on politics.

                Comment


                • #18
                  Originally posted by Daktyl198 View Post
                  microcode they didn’t disable dissenter for political reasons, the devs made a change to it so that by default it sent every page you visit to its servers without telling the user, or asking for permission which is against AMO policy. They could have self-signed the addon and distributed it from their site, or reversed the change and put it back on AMO, but the devs were too stupid to know this and blamed it on politics.
                  I'm sure that's why it happened on the same day as the removal from the Chrome Web Store, which was not for that reason, and was not simply a refusal to push that version until they made the change clear to users. The way Dissenter works, it is obvious that Dissenter sees all your page URLs, you have to send them in order to get the comment counts, which is an important function of the extension.

                  And FYI, in case you actually believe what you said, here is the statement from Mozilla themselves on the matter:

                  “We have received abuse reports for this extension and have become aware that it is being used to ‘degrade, intimidate, incite violence against, or encourage prejudicial action against someone or a group based on age, gender, race, ethnicity, national origin, religion, sexual orientation, disability, religion, geographic location or other protected category.” As our Acceptable Use Policy […] does not permit such conduct, this extension is not suitable to be listed on addons.mozilla.org.”

                  So no, it's not because it (by its nature) sends your browsing history to Gab; it's because Mozilla considered it to be a conduit for objectionable content. Funnily enough, Mozilla themselves publish a piece of software which exposes users to all sorts of degradation, intimidation, incitement to violence, and encouragement of prejudicial action, and they give it the cute name "Firefox".

                  When they come for insignificant litttle Daktyl198 for a joke he made five years ago, or a mean thing he said during a bad breakup, guess what precious few will come to his defense; he certainly wouldn't come to theirs.
                  Last edited by microcode; 05-04-2019, 11:59 AM.

                  Comment


                  • #19
                    Yup, got a warning about HTTPS Everywhere being unsafe in the midnight.
                    Last edited by tildearrow; 05-04-2019, 05:24 PM.

                    Comment


                    • #20
                      Wasn't affected when I first read these news, but it hit me a few hours later.

                      Can't do the studies workaround because those data collection and studies options are disabled at build time in Debian.

                      Thought for myself that I could use GNOME Web aka. Epiphany to get working ad-blocking in the meantime which is essential for keeping sanity while browsing some sites, but was surprised to see ad-blocking not working in Epiphany either. Weird! What's going on with that?

                      Comment

                      Working...
                      X