(Cross-posting to addons-user-experience and dev-security-policy)
Today I learned for the first time about the proposal to introduce
mandatory centralized add-on signing for Firefox [1].
Many have shared concerns about this in the comments to that blog post
and the ensuing thread on addon-user-experience [2], most of which I
share.
One concern which I don't feel has been sufficiently emphasized, is
the way in which this proposal would make our users vulnerable to
censorship.
Mozilla giving itself a mechanism of centralized control, and building
that into software distributed to hundreds of millions of users
worldwide with no opt-out, opens up a significant potential for abuse.
Specifically, it opens the door to the possibility of entities with
legal leverage over Mozilla (such as the U.S. government) using that
leverage to prevent Mozilla from signing add-ons they don't like (for
example, add-ons that they deem to be "circumvention tools" according
to their latest flavour of oppressive copyright legislation). In the
absence of a user-friendly opt-out mechanism, users who are not savvy
enough to know to use an unbranded build to get around this, would be
effectively censored from using such add-ons.
I find this very worrisome, and I believe that for this reason it's
very important to keep a user-friendly mechanism to override the
signing enforcement. Having such a mechanism ensures that users stay
in control, and that Firefox respects their explicit choice to run a
particular add-on.
I realize that that there are security considerations with having such
an override - for example, that if the override is a simple pref, then
any add-on can flip it. I believe that technical solutions to such
problems can be found (for example, introducing a new category of
prefs which can only be set by explicit user action). I would like to
urge us to tackle such technical problems, and not settle for a
solution that leaves users without choice and exposes them to the
possibility of censorship.
Regards,
Botond
[1]
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
[2]
https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/slaKs943n4c