Why I Do Not Review The Firefox Add-On Dubser - gHacks Tech News

Why I Do Not Review The Firefox Add-On Dubser

I review Firefox add-ons regularly and i like the thrill of diving into the depths of the Firefox add-on gallery to find new add-ons that I have not reviewed yet. Especially so if the add-on description sounds promising and if the add-on is relatively new.

Recently I have discovered an add-on called Dubser which is listed on the Mozilla website.

Dubser sounds like an interesting add-on:

Dubser makes your daily browsing easier. With our unified interface, you have instant access to popular web services like dictionaries, search engines, social network services and more. It offers you a completely new way of accessing these web services in your browser without disturbing pop-up windows and unwanted browser tabs, just as if you had a browser in browser. It helps you to

improve your browsing efficiency
speed up your searching process
perform many tasks more easily in your browser
collect your frequently used web-based services in one place

The download of the add-on however links to the developer site that hosts the add-on exclusively.

What does it mean? Mozilla explains it on their website when you click on the button leading to the external website: "This add-on is hosted on the developer's own website and has not been reviewed by Mozilla. Be careful when installing third-party software that might harm your computer".

firefox add-on

Add-ons that are not hosted on Mozilla.com are not reviewed by Mozilla. Heck, not even all add-ons that are hosted on the Mozilla site are reviewed, but that is only temporary for new add-ons. Hosting it on the Mozilla website means that developers are willingly submitting their add-ons for review.

With externally hosted add-ons it is different and I shy away from downloading and installing those add-ons because of the risks involved. While it is not likely that Dubser or any other externally hosted add-on is indeed malicious, it is not an easy thing to check, at least not for me and other users who are not Firefox developers or experts.

So, instead of installing Dubser I have made the decision to ignore it for now. I will revisit the page at Mozilla from time to time to see if the add-on is hosted and reviewed on the official website. If it is I will install it and write a review about my experience with it.

Hosting add-ons on the official website adds a seal of security and trust to those add-ons and developers should consider to at least co-host their add-ons on the official Mozilla website.

Update: The Add-on has been removed from Mozilla.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Mr. Obvious said on January 5, 2011 at 5:28 am
      Reply

      So, you’re saying that you actually trust Mozilla.

      1. Thomas said on January 5, 2011 at 9:37 am
        Reply

        This is the wrong side of view. It is like open source encryption software for me. Why is the programmer not willing to let take others an inside view.

        I know, add-ons are not closed source, just an example above.

        As far as I can see is the addon “Faceboock Blocker” also not listed at Mozilla. I have it installed anyway.

      2. Martin said on January 5, 2011 at 10:38 am
        Reply

        To an extend yes based on past performance. I still shy away from some add-ons though, especially those that require you to enter login information.

    2. Rick said on January 5, 2011 at 5:39 am
      Reply

      FROM PRIVACY STMT:

      Business transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the business assets that is transferred. Moreover, if Dubser, or substantially all of its assets, were acquired, user information would be one of the assets that is transferred.

      With your consent: Except as noted above, we will contact you when your personal information is shared with third parties or used for a purpose incompatible with the purpose(s) for which it was originally collected.

      COMMENT:

      Even though they say they won’t rent or sell your infom including basically everything you do on the net, they say business transfers is a “normal course” of business and they will do. Information can be sold or rented then so long as it is not incompatible with their normal course of business

      FROM PRIVACY STMT:

      Dubser may amend this Privacy Policy from time to time, at its sole discretion. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes to the Privacy Policy, we will notify you by posting an announcement on the Dubser website so you are always aware of what information we collect

      COMMENT

      So even though they have this big chunk of info on you, they make you go to them for changes?

      FROM PRIVACY STMT:

      If you decide to visit Dubser website or use Dubser’s services, any possible dispute over privacy is subject to this Privacy Policy, End-User License Agreement and our Terms of Use, including limitations on damages, arbitration of disputes, and application of Hungarian law.

      COMMENT

      So even by going to the site to read this policy, you have agreed to these terms. Have a problem with them? Go to Hungary for recourse. Oh yeah….where do many of the warez and porn servers run from again…

      With a piracy whoops privacy policy like this, I wouldn’t be testing it either.

    3. Girish Mony said on January 5, 2011 at 7:30 am
      Reply

      Hi Martin,

      You and I are in the same boat. I too think twice to use the add on if it is not hosted in Mozilla. I ignored some add ons due to this!!!

    4. Paul(us) said on January 5, 2011 at 1:12 pm
      Reply

      I personally think your wise to be (ferry) prudent with this kind of websites.
      Even more when there require a log in.

    5. Maik said on January 5, 2011 at 1:23 pm
      Reply

      Good decision and interesting comment from Rick. Thanks guys.

    6. dk70 said on January 5, 2011 at 2:23 pm
      Reply

      Mozilla add-on site is a joke when it comes to security. Here is another example https://addons.mozilla.org/en-US/firefox/addon/269530/ What exactly does that do, affiliate-ID I expect following the “sharing is caring” theme – which works as long as X gets a percentage ;) You can look at source code and see extension use php files hosted on their own domain.

      If extension is hosted here or there is no sign of trust.

      Click “View all version” at the bottom and see how many times he have updated. 12 times in 4 days. To stay under the radar or what?

      Pretty obvious that extension involving business/money should be required to have extended privacy policy etc. This has nothing. What was mentioned about having to log in, give out email address are good parameters to judge from already – so why don’t they?

      I have no idea if extension is safe but there are like several alarm clocks ringing. I think Mozilla should deal with it. Not enough to say it has not yet been reviewed. Is listed on their site so they have responsibility.

    7. dk70 said on January 5, 2011 at 2:32 pm
      Reply

      If you ask the paranoids anything that gather click-stats is pure evil etc. Of course Google is evil no. 1. I am not thinking of those people or services/privacy policies, not even those which open door to accumulating and selling info. I almost don’t care about that. This is more about your business/purchases/money being the direct target for extensions features. Should be dealt with in a different manor.

    8. Nandi said on January 11, 2011 at 4:55 pm
      Reply

      Have you ever installed software without its source being reviewed by Mozilla? If you do so, I don’t understand what your problem is. Commercial software usually doesn’t provide its source code to a third party to review it. Despite this fact, they are certainly not evils, even if they are living in Hungary. Maybe Dubser’s developers spent a lot of time and money to develope their software. As I see, they have completely new approach to help the users, maybe there are some new technologies involved in their extension. Should they trust Mozilla developers or community? Not only users wants to protect sensitive information. The source code is one of the most sensitive information for an IT company.

      1. Girish Mony said on January 12, 2011 at 3:29 am
        Reply

        @Nandi

        He did not say Dubser Firefox add on is some kind of dangerous thing. He just told that if the add on is not submitted to Mozilla then there are more chances the add on has some potential problem. Also read the privacy policy stated by Rick

    9. george said on January 17, 2011 at 4:28 pm
      Reply

      so how do you leave a review for an add-on ?

    Leave a Reply