Why Do They Think It Is OK Response
If you follow Asa's weblog over at Mozilla you may have noticed the latest post why do they think this is OK (no longer available).
It addresses the well known problem of unauthorized plugin and extension installations in Firefox.
Asa is asking companies to ask the user whether a new plugin or extension should be installed in the browser and not just do it without user permission.
And while that is a very sound thing do request, it should raise the question why companies are allowed to install plugins and extensions without user authorization in the first place.
Why is there no security module in place in the browser for this kind of installations? A simple check to see if there are new extensions or plugins since the last use of the web browser, and a prompt that asks the user what to do with those extensions or plugins (install or remove come to mind).
It is all nice and fair to appeal to companies to play by the rules and give users a choice, but my gripe with the situation is that companies have shown in the past that they prefer to bypass the user occasionally.
And Mozilla should have reacted on that a long time ago by blocking those installations natively, giving the user the choice to install or block the extensions and plugins.
Instead of saying that this practice is not okay Mozilla should step in after years of monitoring the situation passively and start protecting their users from this behavior. Then it is no longer a question of ethics because the issue is back in the hand of the people that are affected: The Firefox users.
So please Mozilla it is really simple: Ask first! (before allowing new extensions or plugins that magically appear after starting Firefox)
Update: A lot has changed since 2010 and the most important change from a user perspective is the removal of support for pretty much any plugin in Firefox (except for Flash).