For Telemetry, they explicitly ask you when you first launch the browser and give you control over two different levels of opt-in at Preferences > Advanced > Data Choices.

As for signed extensions, they got fed up with crapware companies exploiting their installers' privileged access to the host system to circumvent user permission prompting by patching Firefox's configuration. Yes, I dislike the solution they chose and always stay on Developer Edition, which will keep the check optional, but I can certainly see where they're coming from. (The only real way to make it prohibitive for crapware is to hard-code the check so the crapware would have to include binary patches for major Firefox releases, at which point it would be too virus-like for malware scanner companies to ignore.)

1. The telemetry is optional. Period.
2. There are good reasons to not allow just anyone to sign add-ons. XUL based add-ons can easily gain access to lower level system resources. It's an outright miracle we haven't seen more nastiness in the past few years. Particularly after the introduction of js ctypes made it ever more easy to call into low level native code.

ssokolow To me Mozilla looks like COM, CORP and wannabe-apple these days. I do not want package management from someone like this, especially granted apt-get install libsomething-dev works for me in C/C++ and maintainers of my distros proven level-headed by 10+ years of positive experience. They never considered removing overrides from package manager to "secure" me, etc. And even google's chromium 100% ok with any crx I give it, dammit. It looks like npm/pip/cargo/... are solely meant to solve fucking windows problems and prefer to do it windows/apple ways. I'm not okay with it.

So when it comes to Mozilla stuff I could have biased views and so on. But Mozilla IMHO have to blame itself for this. It wasn't me who put sigs but forgot to put option to install my own keys or get rid of their "protection" racket. Then telemetry is optional, ads could be disabled. But darn, its got worse than Chromium in terms of annoyance and lack of customization and technically being well behind of chromium techs as well. Their "browser.html"? I wish 'em luck to persuade e.g. web devs to launch this bizarre thing to check page rendering. Are they prepared to rename to Mozilla Software ASA? (yeah, I'm trolling, but after looking on browser.html "tech preview" I'm really tempted to ask this).

Yeah, but overall Mozilla got way too annoying. Lol, MS recently been caught on calling telemetry XD services in MS VS runtime. Funny coincidence.

Those who would give up essential liberty to obtain little temporary safety, deserve neither liberty, nor safety. Apple told similar things. It ended in total lockdown of ecosystem and even inability to use e.g. GPLed programs. And then apple decides what is good and what is bad. So you can't e.g. download torrents using iphone. Coz apple decided it is "bad". Oh, one can't even install real Firefox in iOS since apple decided it is prohibited to install any SW capable of executing other code. So Gecko is "illegal" on iOS. And "firefox" for IOS is a mere skin to system-level webkit. Same crap in my browser? No way, I'm not going to buy this. Even less welcome in compiler toolchain & homegrown "package manager".

Not sure what one has to do with the other. Mozilla isn't Microsoft.

You aren't losing "liberty".

1. The changes only concern type 2 add-ons. Nothing else.
2. Little temporary safety? Not being able to easily nuke your entire system by running unsigned, untested, malevolent C/C++ code is "little temporary safety" for you?
3. You can still install Firefox Developer Edition or Firefox Nightly. Particularly the developer edition is made to run unsigned code. For enterprise setups there is Firefox Unbranded.


Mozilla isn't Apple.

Last time I checked, GPLed software runs fine on Mac OS X.
It's hardly their fault that they can't allow GPLed software in their store.

It's general consensus that commercial app stores including any additional EULA are incompatible with the GPL. Thus says the FSF.


They didn't do shit. The FSF did.

Welcome to the 21st century. Where we take security seriously! Stop being a whiny child, FFS! No one in the system engineering world is going to take you seriously with that attitude.

Yea. Because not being able to exploit remote vulnerabilities is totally the same as a DRM filled, locked down app store and a sandboxed security model that prevents you from creating a different browsing engine...

For being the guy who, by his own admission, prefers "simple designs", you sure protest loudly about not being able to run the freaking kitchen sink within your browser.

Doubly ironic, considering that just yesterday you complained about npm being too trusting.

You just lost me. What kind of "restrictions" does the compiler toolchain lay on you, pray tell?