David,
> Precisely why they have it. Used properly, it's a good thing.
Thats the problem, the "properly" I mean. The "certificate not reachable,
disable everything" (with "not reachable" ment in the broadest sense) is not
my definition of "properly".
>
https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/
Yup. And I would be very amused (not!) if I suddenly see a plugin I've
been using for some time (read: the damage, if any, has already been done)
disappear from my browser. Especially when that plugin does some kind of
filtering or protection (privacy, viri, you name it).
> Extensions are a security risk.
True. So, remove them. Make FF a monolithic beast which can only do what
Mozilla allows it to do - and by it make it loose any reason why anyone
would want to install it. :-)
But than again, FF itself has become a security risk. Its insistance to
"call home" for all kinds of stuff as well as its feature creep (including
stuff which only benefits advertisers) means it has to be bridled and tamed
after installation and before allowing it to connect to the 'web.
> Only those where you decide the risk is worth the benefit should be
> installed.
Exactly. Its /the users/ choice. They seem to be forgetting that.
The fact that the plugins are simply disabled instead of throwing security
dialogs + explanations /and giving us a choice/ makes that painfully clear.
> Most web browser users don't even think about it, so it's up to mozilla to
> decide reasonable defaults for them.
Yep. But not giving the user a (clear, and easy to apply) choice is , in
my book, not anywhere near to "reasonable". Than again, I'm sure that a
bunch of lawyers will be able with a 100-page "brief" explaining how its
just that. :-( :-)
Regards,
Rudy Wieser
P.s.
Do you know how I can get, in FF 52.x, disable
"
location.services.mozilla.com" and "
tiles.services.mozilla.com" access
every time I start the browser ? Without malforming every mentioning in
about:config I mean. I've tried about anything, but it stil keeps doing
it.
And as a bonus: do you know how I can set preferences /automatically/ when I
create a new profile ? Having to unplug the ethernet cable(1) before and
than manually do stuff (even if its just a user.js") after creating one
isn't really user friendly.
(1) First thing FF does after creating a profile and before you've had a
chance to change the default configuration is /ofcourse/ to phone home - to
multiple domains.