Mozilla updates its Firefox Add-on Policy
Mozilla will make changes to Firefox Add-on policies in June 2019 that are designed to improve user safety and privacy when using extensions.
Starting in June 2019, extensions may no longer contain obfuscated code. Caitlin Neiman, Mozilla's Add-ons Community Manager notes that extensions may still use minified, concatenated or otherwise machine-generated code, but that the source code needs to be included and that obfuscation is not allowed anymore.
Mozilla will improve the blocking process as well to block extensions "more proactively" if they violate policies.
The organization changed the review process from "review first, publish second" to an automated review system. Granted, add-ons are still reviewed manually which sets the process apart from how Google handles Chrome extension reviews.
Mozilla announced a new Recommended Extensions program in April to promote excellent extensions for Firefox. These would be reviewed before they are published, and promoted in various places.
All extensions released for Firefox need are subject to the policies regardless of how they are distributed. Mozilla reviewers will use the policies as a guideline to determine whether an add-on is safe or in violation of the policies. Violating add-ons will be blocked by the organization.
Mozilla's new policies for add-ons address several add-ons related issues of the past; it requires that add-ons come with a description that clearly states what changes they make, that changes must be opt-in, must disclose if payment is required, must only request necessary permissions, and must disclose data collection, storage, and user data sharing policies.
The collection of personal information is prohibited without user consent, and the collection of personal information not required for the add-ons "basic functionality" is prohibited as well. Add-ons may not leak local or user-sensitive data to websites.
The new Firefox Add-ons Blocking Process
Mozilla may block add-on versions, entire add-ons, or even developer accounts if violations are detected. It applies "security over choice" when it comes to blocking which means that it "err on the side of security to protect the user".
The organization distinguishes between hard and soft blocks. Soft blocks disable add-ons by default but users may override the block to continue using it. Soft blocks may be used if an add-on contains non-critical policy violations, or causes "severe stability and performance issues in Firefox".
Hard blocks on the other hand disable Firefox add-ons and block users from enabling them in the browser. These are applied when add-ons are found to "intentionally violate policies", contain critical security vulnerabilities", "compromise user privacy", or "severely circumvent user consent or control".
Anyone may request a block on Bugzilla.
All extensions are subject to these new policies. Mozilla notes explicitly that developers should update extensions if these extensions contain obfuscated code as they might be blocked otherwise.
The updated policies address improve transparency (cookie disclosure, monetization, opt-in nature, description), and disallow obfuscation which should improve user safety and privacy when it comes to Firefox add-ons.
Add-on developers may need to update descriptions, extensions, and privacy policies
; it is unclear if they are notified by Mozilla about the upcoming policy changes. Add-on developers were notified about the changes.
Now You: what is your take on the announced changes?Advertisement