Firefox Recommended Extensions program announced
Mozilla, maker of Firefox, plans to establish a Recommended Extensions program for the Firefox web browser this summer.
Extensions are a cornerstone of modern browsers such as Firefox. A lot has changed in the past two years in regards to extensions. Mozilla dropped the extensions system that Firefox used and switched to WebExtensions, a move heralded by some and disliked by others.
The effect was that a number of classic extensions were no longer compatible with Firefox; Mozilla removed these extensions from its add-on repository.
Mozilla changed the review process as well. The organization reviewed each add-on prior to publication on Mozilla AMO, the official add-ons store for Firefox, previously but changed the process to a "publish first review later" system.
Recommended Extensions program
The Recommended Extensions program features a list of curated extensions that meet Mozilla's "highest standards of security, utility, and user experience". A top list of extensions for Firefox that Mozilla plans to promote by increasing their visibility across Mozilla websites and products.
Extensions that are selected for the Recommended Extensions program need to meet certain requirements:
- Requires "commitment from developers". Extensions need to be in active development and developers need to be willed to make improvements.
- Extension needs to be safe; this is achieved by passing an initial security review and reviews for each update.
- Extensions need to be relevant, offer exceptional user experience, and be "really good" at what they do.
Recommended Extensions are promoted in various ways. These extensions receive a special badge, receive higher weighting in searches and filtering, are used to power the "personalized recommendations" section on Firefox's Get Add-ons page, and may be included in Firefox's contextual extension recommendation feature.
Closing words
One of the core distinguishing factors between regular extensions and extensions that recommended extensions is that the latter are reviewed each time they are updated and that they undergo a full security review initially.
The security review makes Recommended Extensions the only extensions on Mozilla AMO that receive manual reviews before they are made available (initially and when updated). It is unclear how much of a delay this will cause for extension updates though.
Another thing that is not clear is whether the new program will affect featured extensions on Mozilla AMO. Several of these will probably be included in the recommended extensions program.
Now You: Which extensions would you like to see in the program?
“Exceptional user experience†means what, exactly? “Experience” has been butchered by tech marketing in so many ways, it’s sausage, no way to tell what they’re selling you.
Not sure how this new program will differ from what’s already being done. They’re offering categories, which I already utilize and featured extensions which I haven’t clicked on in years after most turned out to be awful.
“Featured” is another innocent word tech has macerated meaningless; ever see a featured video that you’d click? Not me.
The only issue I have with AMO is it’s harder to search than the old system. Say you want a theme you saw a while ago and only correctly remember part of the name, you’ll usually get a lot of irrelevant suggestions. It’s possible the desired theme won’t show up until you happen to guess the entire name correctly. Would like that fixed.
Otherwise 2 months of FF 60 ESR has been excellent, so much smoother and so much less junkware than the release version.
>make the browser all your own
I sure as hell felt this way having this crap in it without my consent or even knowledge: https://www.ghacks.net/wp-content/uploads/2018/09/telemetry-coverage.png
Why do I have the feeling that they’ll prefer politically correct developer teams instead of actual software quality?
My gosh! Then, ignore the entire issue. Let Mozilla do what it’s going to do. The organization isn’t forcing any add-ons to be installed. Let it go . . . one post and all I hear from readers is “failfox” and “I left Mozilla,” etc. Great. Glad to get rid of you. No comments even necessary.
Seems good. Well implemented this will make it easier to choose from so many extensions.
I have low expectations from this. Catered to the lowest common denominator.
Most popular addons === Featured addons === Recommened addons. Nothing to see here.
The “background story” behind this entire move is that Mozilla, at the end of 2018, realized they will have to cut a large percentage of their employees in the near future, and streamline their business.
They then devised a plan to cut everything that isn’t really necessary for their operations.
The easiest way to solve the problem of insecure extensions is to have a list of 100-200 extensions used by 90% of the users, and make all the other 10,000+ extensions basically invisible to casual users. Originally they wanted to create a way for every extension to be verified, but they simply lack the manpower.
Everytime there’s a problem with one of those non-recommended extensions in the future, Mozilla will simply say “sorry, that one wasn’t recommended, it’s your fault”.
They are now optimizing this stuff, and at the same time, try to increase their revenue (which failed up to now).
If they were smart, they now would silently replace their code with the Blink engine, but they are stubbornly focused on Gecko.
With only 500 developers, they probably have 80% of them working on the engine alone.
Unfortunately that means everything that is most important for the actual users suffers from lack of attention, like the extension store and other usability.
They have hundreds of marketing people philosophizing about irrelevant stuff. How many of their blog posts are about stuff that has nothing to do with the browser? From the last 10 blog posts, only 2 concern the browser itself.
Recently I looked around in the Microsoft Edge Community and ironically I see more community spirit in this community than in the Firefox community.
When users are told that updates are enforced by Firefox because users are too dumb to understand what changing the default settings implies, something is seriously wrong fundamentally. It’s authoritarian.
Nowadays they confuse user choice and privacy with what they now call being “safe”, which is similar to how a parent tries to protect a small child from the supposedly dangerous world.
Two of the three requirements make a lot of sense in my opinion:
– “‘commitment from developers’. Extensions need to be in active development and developers need to be willed to make improvements.”
Quite often third-party projects are short-lived. Not only FFx extensions, but also numerous add-ons for other software.
– “Extension needs to be safe; this is achieved by passing an initial security review and reviews for each update.”
Self-explanatory, I would say, and very sensible.
The third one is too subjective. “Relevance”? “Exceptional user experience”?
@Gerard: “The third one is too subjective. “Relevanceâ€? “Exceptional user experienceâ€?”
I just chalked that up as standard marketing wank.
Yeah, the “new” firefox…nope, gave up on that after they changed the web extensions. I have Pale Moon Portable working off a flash drive and its great. the extensions i use are:
active stop button (puts it back)
classic toolbar buttons (really nice)
cleo 10.0
colorful tabs
disconnect
download helper
encrypted web
febe
paste email
remove it permanently
theme font and size changer
tiny menu
ublock origin
wheelclear
and they all work great and now all backed up with the febe and cleo extensions
but whatever works and does right for me …right! the portable browser working off a flash drive, sandboxed…never a problem so far and plenty fast. good luck to all.
I find that some of their featured extensions are crap. Perhaps their recommended extensions will be the same.
They’ve already recommended at least one extension that was malicious so I don’t put a whole lot of faith in their review system any more. By reviewed at each update do they mean manually or automated like the rubbish chrome system?
Quoting from the Mozilla blog post:
> Before an extension receives Recommended status, it undergoes a security review by staff reviewers. (Once on the list, each new version of a Recommended extension must also pass a full review.)
Emphasis on “staff reviewers”. So, yes, it’s going to be humans looking at the code. And not just volunteers that do a lot of the work on normal extensions (while being double-checked by Mozilla staff), for these it’s going to be explicitely staff members.
Some of the requirements for extensions to be selected as “Recommended” include a margin of subjectivity, IMO :
– Requires “commitment from developers” : please define “commitment”
– Extensions need to be relevant : please define relevancy.
As I see it this ‘Recommended Extensions’ approach is double-edged.
– Some valuable extensions may be mechanically put at the end of the list because others, “Recommended” are put under the spot-light (when the reasons can possibly be argued).
– But on the other hand needless to say that some extensions, even after having been reviewed and approved, remain questionable. There’s an interesting article which may wake up some of us, me included :
Launching the Mozilla Plugin Privacy Test Database
https://nullsweep.com/launching-the-mozilla-plugin-privacy-test-database/
Have a look at the ‘Results Summary’, which states besides positive conclusions :
“Eyeballing the data show an interesting plugin listed multiple times “Search Secure” which seems to have multiple plugin ID’s, but different “firefox user XXX” authors, with different URL’s in the POST data for each one. Seems suspicious!”
So indeed there are several extensions, even if a minority, which have no specificity not to mention legitimacy not to mention a certified label of honesty.
I’m not fond, generally speaking, of “featured”, “recommended’ departments, the implicit danger IMO is sectarianism, but the explicit advantage is of course that of house cleaning. This is relevant of our era where densities need at one time or another to be clarified on the ground that more means more bad as well as more good. The problematic as always is the clarification criteria.
Will the security reviews be more serious than for the malicious extensions they recommended previously ?
https://www.ghacks.net/2018/08/15/mozilla-recommended-privacy-extension-had-phone-home-feature/
Note that the sneaky Mozilla devs have put two different checkboxes at different places to disable contextual extension recommendations : one at the bottom of about:preferences#general and another one in the telemetry part of about:preferences#privacy. I wouldn’t be surprised if disabling only the second one didn’t disable recommendations.
An interesting post on the privacy of contextual extension recommendations :
https://old.reddit.com/r/firefox/comments/anxfz8/firefox_is_spyware_extension_recommendation/
A “bug” allowed Mozilla to spy on browsing and as usual the great Mozilla community defended this privacy breach, assuming that it was a legitimate feature. Funny.
too little too late, mozilla keeps trying to be relevant but everyone has left the room.
No, I’m still here.
No category for Adblock.
I left Failfox browser a week ago. Installed Brave, damn this is fast browsing.
All Brave is is Chrome with one of the worst adblockers ever. What good is an adblocker that doesn’t allow me to configure filter lists?
“Brave” is not fast. It’s Blink that is fast.
and Gecko is slow as snail
use WebAPI manager and disable heavy APIs for your “main browser for articles, not for web apps” version of firefox and use another firefox like dev. edition for web apps.
This makes both really snappy :)
And that’s why I disable Brave’s built-in adblocker and use Nano instead.
lol keep drinking the goolag kool aid
i always turn that recommended bullshit off
“Safe” is obviously important, but not always does rhyme with “privacy”. I recommend my extensions myself based on my needs, permissions and user experiences. I can only hope more control on privacy policies and external data sent.
> I can only hope more control on privacy policies and external data sent.
No extension uploaded to AMO is allowed to send data over the network, unless it requires this to fulfill its function or the user has explicitely opted in.
This protection is not perfect, the extension “Web Of Trust” for example did require data to be sent over the network in order to function and still abused that.
But I do not see how you could’ve prevented something like that from happening by being able to control the data being sent.
You would have also just been able to block data being sent completely, at which point the extension is dysfunctional and you might as well uninstall it.
In very rare cases, you might still find benefit in using an extension with internet access blocked that by Mozilla’s judgement cannot fulfill its function without internet access, but I very much doubt it would be worth your time to actually check that.
Besides, most extensions are open-source. You do have full control over those by patching them yourself, if you truly require it.
So, just more favoritism in the Mozilla corner. I’m not surprised.
Also, this isn’t exactly news — mozilla has always done this for extensions to allow any sort of donation feature to be present. And It seems to be applying the same arbitrary rules they would be doing in the past.
Also, are non-recommended extensions no longer going to be reviewed now? Publish first, review whenever? I guess that would imply an unspoken warning against non-recommended extensions then, strengthening the favoritism.