Creak If you use the Alpha/Beta, you'd know.
Basically, you can still install addons from anywhere, but they have to be signed by Mozilla as "secure". This means that, whether or not you plan on distributing your addon through addons.mozilla.org, you have to upload it there and get it fully (not preliminarily) reviewed by Mozilla. You can see how this could go wrong...

I find it absolutely disgusting for a company said to be dedicated to an "open internet".

> did they fix the leaking memory and leaking javascript crap that causes the thing to grind to an absolute halt after running for a couple of days?

Yes, it is fixed by removing broken add-on!!
Adblock is usually one of then... there are other (and better) alternatives!

>you can only install addons from https://addons.mozilla.org/nl/firefox/ in Firefox, not from anywhere else and thus they have to be approved by Mozilla.

good!! this way broken add-on will slowly be fixed (after the mozilla review) or replaced. The review also allow one to install mallware or dangerous add-on. Mozilla have the knowledge to review the add-on, most people don't... so this is to protect users.

Have you ever check any line of code for your add-on? how do you know they don't have a keylogger?

Complaining about this is just like complaining about https sites... yes, http is much simpler, faster and allows one to debug things... but https is light-year more secure and after the initial setup, most people don't even see the difference.

They got fed up with crapware companies circumventing their "Please confirm you want this addon" dialogs with things like always-on-top, auto-positioned windows in the shape of a "now, click here" arrow styled to look like it was part of Firefox.

You can still enable unsigned addons in the Nightly and Aurora (Developer Edition) release channels or in 3rd-party builds if you're a Firefox user and, if you're a developer, you can still use things like Greasemonkey which give quite a bit of power these days but don't have the ability to manipulate the non-content portions of the browser's UI willy-nilly or access local data outside the browser's sandbox.

(eg. Did you know that Firefox was the first (and, at the moment, only) browser to implement the HTML5 feature for allowing websites to append their own entries to the context menu? Combine that with Greasemonkey's support for enhanced cross-site permissions and you can do pretty well for yourself without a full-blown addon. Add some fallbacks for things like the context menu support and you can have a cross-browser addon.)

I run Aurora (with the developer edition theme turned off) exclusively and I can vouch for its stability.

Protecting users by default is great. Making it difficult to make mistakes is great. Putting Mozilla in sole and complete control of what sort of addons you can have is not, nor is it open.

You are still allowed to browse non-https sites.

1. Those sites can still do that though. Like I said, you can still install addons from other sites, just as long as they've been "signed/verified" by Mozilla first.

2. Okay, so developers have to use the developer edition, makes sense... but what about users that want an older, unmaintained addon that still works? Or the countless other examples of addons that won't get signed for whatever reason but are completely legit.

2b. Greasemonkey is definitely not a replacement for a straight up addon. The Mozilla addon SDK provides wayyyy more control than Greasemonkey could. Not to mention, having an addon, to use another addon is kinda... meh.

3. I did not know that, actually. But see 2b.

4. I used to use Nightly as my daily browser. I can vouch for it's stability as well, as well as it's speed and ability to be customized. I love the browser, but the decision makers at Mozilla are fucking up a lot recently, and I just can't support that anymore.

1. The idea is that Mozilla will refuse to sign the crapware addons.
2. While not ideal, users like that can use a 3rd-party build similar to how users who don't want Australis can use Pale Moon.
2b. True, but it's a useful compromise.

The fundamental issue is that:
1. Mozilla tried a blacklist and they couldn't keep up
2. Mozilla tried requiring users to verify the legitimacy of addons bundled into application installer and the bad actors switched to wetware exploits.
3. Traditional desktop operating systems have no means for protecting Firefox from modifications by other applications.
4. Any user preference could also be reset by another application.

Mozilla was in a situation with no easy outs and, after weighing the downsides of each option, this is what they chose.

Did you know that Chrome not only requires addons to come from the Chrome app store, they charge a one-time $5 fee for a developer account? (As I remember, it's so they have your real identity on file via your credit card info.)