What Mozilla needs to do now (after cert add-on disabling disaster) - gHacks Tech News

ADVERTISEMENT

What Mozilla needs to do now (after cert add-on disabling disaster)

Firefox users worldwide experienced something in the past couple of days that should never have happened; users with installed add-ons noticed that all of their installed browser extensions were disabled suddenly in the browser.

Firefox notified users that add-ons could not be verified and were disabled as a consequence. Mozilla introduced a security concepts called add-on signing in Firefox 48. The system required the signing of browser extensions so that they could be installed in Firefox.

Extensions without certificate or working certificate can't be installed in Firefox; while there are some options to bypass the requirement, loading add-ons temporarily or disabling the signing requirement in development versions of Firefox, it is enforced on the stable channel.

What Mozilla needs to do

firefox add-ons disabled

The very first thing is obvious: the issue needs to be fixed for all users involved. Mozilla distributes a patch via the Shield service to Firefox Stable, Dev and Nightly. The organization revealed that Firefox ESR and Android versions need separate fixes.

Mozilla should be very transparent about the issue and explain why it happened, and how the organization plans to avoid similar issues in the future. In particular, users would probably like to know how such a critical issue could happen in first place.

Going forward, Mozilla needs to change the system to make sure that something like this never happens again. Obviously, if you are working with certificates, you need to make sure that they renew in time.

Better, in my opinion, is an updated system that never blocks or disables extensions installed by the user unless they are blacklisted by Mozilla. In other words: a certificate issue, especially one where the error is caused on Mozilla's side of things, should never lead to users losing access to their extensions.

Mozilla could implement a system that bypasses certificate checks on the user's request if certificates cannot be verified for whatever reason. A prompt stating that "extension could not be certified, do you want to continue running it" would give the user control over the situation and avoid another PR disaster.

While that would mean giving users back some control over the extensions that they run on their devices, it would ensure that users could keep on using installed browser extensions even if certificates cannot be checked.

Now you: How should Mozilla react in your opinion?

Summary
What Mozilla needs to do now (after cert add-on disabling disaster)
Article Name
What Mozilla needs to do now (after cert add-on disabling disaster)
Description
Here is what I think Mozilla should change in Firefox and how add-on signatures and verification checks work to avoid another add-on disabling disaster.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Radical Dreamer said on May 5, 2019 at 8:50 am
    Reply

    I’ve been using Firefox ever since 2002. I’ve refused switched to any other browser, yet it’s the first time I’m truly disappointed with Firefox.

    1. Iron Heart said on May 5, 2019 at 11:06 am
      Reply

      My first time disappointment with them was the Cliqz experiment / shield study:

      https://www.zdnet.com/article/firefox-tests-cliqz-engine-which-slurps-user-browsing-data/

    2. Jeff said on May 5, 2019 at 1:52 pm
      Reply

      Just wanted to say Thank You for posting this because I have felt the same way sine 2002 also. Many many times I have told anyone who would listen that Firefox is it nothing else and also have gone as far as to say that I would not use the internet without it. So right now I am in dis be leaf as to how this happened and why this happened. Unlike many of you the truth is that at 55 years old and working as a union pipe fitter all my life we do not use the internet at work like most so even though I have learned how to get around fairly well without getting took over by scrips and bad juju it is because of sites like this that I can go to and learn the facts and how to get bye al the while being safe and care free because I have spent untold hours figuring shit out and yes crashing my computer so many times over the years that it is not even funny but this fuckup by Mozilla is something that I can not accept period and just like writing this right now which I have never done before and do not know why I am doing it now except that I am very upset about this. Alright this said if someone from this site which has been a huge help to me for many years will tell a corn fed Texan like me how to make a donation to this website I will be happy to make one I do use PayPal so will someone just tell me how to do it and I give you my word it will be done whiten the next few hours of this posting.

      1. ULBoom said on May 5, 2019 at 2:26 pm
        Reply

        There’s a donation box just above the Comments heading. :)

      2. Clairvaux said on May 5, 2019 at 3:38 pm
        Reply

        @ Jeff

        Yeah. Just suppose your pipes kept springing leaks, and you’d tell your boss, or your boss’s clients : not to bother, I will issue a fix in the next 24 hours, thanks for your patience and I’m monitoring this closely ?

        I don’t think it would fly for long.

      3. Donationator said on May 5, 2019 at 5:23 pm
        Reply

        There are two buttons at the end of each post, check them out.

      4. John Fenderson said on May 6, 2019 at 5:36 pm
        Reply

        @Jeff: “Many many times I have told anyone who would listen that Firefox is it nothing else and also have gone as far as to say that I would not use the internet without it.”

        Yes, me too, from the very earliest of FF days. Those days are long gone for me — I no longer recommend Firefox (because I don’t really use it) specifically. Now, it is just one of a short list options I’ll give if people ask.

    3. Peterc said on May 14, 2019 at 10:38 pm
      Reply

      @Radical Dreamer:

      My first serious disappointment with Firefox was when it adopted the less-customizable Australis interface, in version 29. That’s when I began using Pale Moon as my registered, default/primary browser. (Before, I’d been using 32-bit Firefox and 64-bit Pale Moon on a more or less equal basis. Firefox supported a few 32-bit plug-ins I occasionally needed; Pale Moon was faster and considerably more stable.) There have been other disappointments since then, but it was Firefox 57 that delivered the coup de grâce, by dropping support for powerful legacy extensions and confining extension developers to the limited functionality offered by the WebExtensions framework.

      Since then, I’ve used current Firefox only as an emergency fallback browser, and I invariably find the experience frustrating, now that Firefox no longer supports my favorite extensions (Tab Mix Plus, Session Manager, Download Status Bar, DownThemAll, etc.). For the kind of browsing *I* do, on my old, underpowered laptops, the new Firefox simply offers no significant real-world advantages that outweigh the functionality it has jettisoned. Almost everything I do in post-56 Firefox requires more clicks and more time that it does in Pale Moon or Waterfox, and than it did in pre-57 Firefox. But that’s just my personal, subjective experience, and I’m aware that it doesn’t necessarily apply to everyone, especially to users with 4+ physical CPU cores and 16+ GB of RAM.

    4. Stan said on May 25, 2019 at 9:21 pm
      Reply

      I am stuck with 52ESR, as about everything here is XP, save one. They hit every one, even with compatibility checks previously disabled. Crock, that’s what this all is. I still have F 12.0 saved on my desktop, might just revert to that.
      I had to find and download patches myself, as updates from Mozilla have been killed for years. They can bork my box, but not unbork it?

      My Ubuntu box is still borked, haven’t figured that out yet.

  2. Yuliya said on May 5, 2019 at 8:54 am
    Reply

    And these are two screenshots from a browser which respects user privacy and user choice:
    https://www.ghacks.net/wp-content/uploads/2018/09/telemetry-coverage.png
    https://www.ghacks.net/wp-content/uploads/2019/05/firefox-add-ons-disabled.png
    It’s hilarious at this point.

    1. ppp said on May 5, 2019 at 11:32 am
      Reply

      the developer team dont try to fix serious bugs example use ram ,only add new telemetry address everwhere in new releases.

    2. ULBoom said on May 5, 2019 at 2:27 pm
      Reply

      Using FF again?

      1. Yuliya said on May 5, 2019 at 3:47 pm
        Reply

        Me? No, I switched away about a year ago after the forced updates and telemetry nonsense. Those are Martin’s screenshots, both.

    3. crambie said on May 5, 2019 at 2:44 pm
      Reply

      Yuliya, That first one was funny and sums up the new Mozilla perfectly. By the sounds of it they’re rightly going to lose a ton of users over this. Even on the fan boy firefox sub-reddit many are saying that they’ve had enough and what they’re moving to. Some sideways to Waterfox others to Brave and Vivaldi.

  3. ShintoPlasm said on May 5, 2019 at 8:58 am
    Reply

    Mozilla in response to your suggestions: “Sorry Martin, security privacy user protection Chrome parity something something proactive blocking automated review something something lolz.”

  4. Steve said on May 5, 2019 at 9:04 am
    Reply

    This happened for the same reason more things like these will happen. Users have been losing control and companies are doing whatever they want almost unregulated. They think users cannot do anything right so they make the choices for you. And it may be true to a certain point giving technology is growing more complex every day. However, manual override, even if it requires admin rights, or a lot of steps, should be there always to fix in minutes clusterf*cks like the one Mozilla pulled off.

    Now, imagine for a second if everything is running on the cloud. Not only you have lost all control, but you will lost your job, money (think of people doing day trading,) and even your company (ask the people hosting their company sites at A2 after they got hit by ransomware.) This has to be addressed too.

    1. R. C. said on May 5, 2019 at 5:09 pm
      Reply

      That aside, I had/have the dev version up and running in 2/3 minutes, once I researched it.

      > This happened for the same reason more things like __this__ will happen.
      > However, manual override, even if it requires admin rights, or a lot of steps, should always be there to fix in minutes clusterf*cks like the one Mozilla pulled off.
      (punctuation much?)

  5. Robert Ab said on May 5, 2019 at 9:07 am
    Reply

    Mozilla should start treating WebExtensions more seriously. We are 1,5 years after FF57 introduction and some APIs are not ready yet, like session management API (Bug 1427928): https://bugzilla.mozilla.org/show_bug.cgi?id=1427928
    https://www.reddit.com/r/firefox/comments/7m8nvx/can_session_manager_tab_session_manager_coexist/drslt43/

    The list of missing/not fully implemented APIs is much longer (Bug 1462813, Bug 1215064, Bug 1467057, Bug 1320585).

    1. Iron Heart said on May 5, 2019 at 10:18 am
      Reply

      @Robert Ab

      Assuming you need those APIs for add-ons such as Session Manager and Tab Mix Plus:

      They will never arrive. Your best bet is to ask for those add-ons to be ported to Waterfox 68, which is still going to support legacy add-ons, documentation is already up:

      https://github.com/MrAlex94/Waterfox/wiki

      1. TelV said on May 5, 2019 at 3:16 pm
        Reply

        @Iron Heart,

        Why wait for WF68? The extensions you mentioned can be downloaded and installed now on 56.2.9 using the CAA archive.

        Tab Mix Plus: http://imgbox.com/2yfGhbEF
        Session Manager: http://imgbox.com/KzJ6QTRt

  6. Boomerang Kid said on May 5, 2019 at 9:26 am
    Reply

    Unfortunately (for them) nothing they can do will undo the effects of this disaster. This was never about certificates, but about ENFORCING SIGNATURES in the first place. If you could actually control what extensions your browser runs, this would have never been an issue. But Mozilla isn’t going to admit they did wrong by taking away the user’s control. And so, they will have to deal with losing even more market share.

    1. flash said on May 5, 2019 at 10:49 am
      Reply

      Agreed.

      To be honest, in the past I haven’t been all that concerned about the extension signing requirements. You can rather easily do that on your own with AMO and while the automated system limits what an extension can contain in some respects – size-wise for example – that was a negligible limitation I felt.

      Now though, Mozilla has screwed up on their end and made a mockery of the added security extension signing which it is supposed to provide. Users are only willing to go with extra security as long as they are not unduly annoyed or limited.

      I had already been disappointed with the lack of development on the Fennec browser in the past, but this blunder finally gave me the incentive to look further afield. Since the differences between browsers are growing smaller and Firefox for Android doesn’t have extensions as the unique selling point any more, there are far fewer more reasons to stay with it.

      While I’m still using the PC/Windows Firefox as my main browser for the moment, on Android I’ve already started testing the Yandex and Kiwi browsing apps. One thing is clear already: even with extensions, Kiwi feels faster and snappier than Firefox.

      1. 12bytes said on May 5, 2019 at 2:38 pm
        Reply

        > … on Android I’ve already started testing the Yandex and Kiwi …

        have a peek at Privacy Browser on F-Droid
        https://f-droid.org/en/packages/com.stoutner.privacybrowser.standard

    2. Anonymous said on May 5, 2019 at 11:59 am
      Reply

      Yes, forgetting to renew the certificates was just terrible incompetence from Mozilla, but the users not being able to override Mozilla’s decision to block extensions with their signature system is worse, it’s power abuse to build their own walled garden. And the security excuse for that has always been a joke for multiple reasons. What they should do is simply give us back the right to override. But they’re too arrogant to do recognize they were wrong and do it.

      At that time the problem is not even yet fixed with a new release, they forced people to enable their “Studies” channel to get it fixed sooner. This lets them remotely modify browser’s code at their will, so not something very good in principle, but worse, they actually used this before to send spyware and adware to the users. So the solution to Mozilla crapping on us should be to accept more Mozilla crap ?

    3. John Fenderson said on May 6, 2019 at 5:38 pm
      Reply

      @Boomerang Kid: ” If you could actually control what extensions your browser runs, this would have never been an issue.”

      This is the real tragedy. It should always be possible for the user to completely disable this checking if they wish.

  7. kanade96 said on May 5, 2019 at 9:31 am
    Reply

    I really hope that the recent disaster would be a wake up call for the Mozilla to allow users to be in more control of the use and installation of extensions. I just don’t want them to touch or modify anything related to extensions, they’re breaking more things than providing a ‘better’ service.

    1. Tamris said on May 5, 2019 at 1:48 pm
      Reply

      Yeah I don’t think so, last 2 disasters taught them nothing, don’t think anything will change now.

    2. crambie said on May 5, 2019 at 2:46 pm
      Reply

      They’ve screwed up time after time in different way. They trot out the old lessons will be learnt line yet have shown they simply don’t learn.

  8. Boomerang Kid said on May 5, 2019 at 9:32 am
    Reply

    Unfortunately (for them) nothing they can do will undo the effects of this disaster. This was never about certificates, but about ENFORCING SIGNATURES in the first place. If you could actually control what extensions your browser runs, this would have never been an issue. But Mozilla isn’t going to admit they did wrong by taking away the user’s control. And so, they will have to deal with losing even more market share.

    1. 12bytes said on May 5, 2019 at 2:45 pm
      Reply

      > And so, they will have to deal with losing even more market share.

      good. the only reason i stick with FF at this point is because there is no other that is as customizable/extendable with regard to privacy that i’m aware of – at the corporate level, i have really come to dislike Mozilla, their goofy decisions and their partnerships with privacy-hating companies

      1. Anonymous said on May 5, 2019 at 3:02 pm
        Reply

        “the only reason i stick with FF at this point is because there is no other that is as customizable/extendable with regard to privacy that i’m aware of”

        Waterfox

      2. 12bytes.org said on May 5, 2019 at 3:14 pm
        Reply

        the problem with FF forks is that they’re often outdated and fail to keep up with security patches – Waterfox, for example, is at v56 – plus they’re often buggy (or should i say ‘more buggy’ than FF official)

        i was a proponent of Waterfox at one time until Pants (runs the ghacks-user.js project) straightened me out

      3. Anonymous said on May 5, 2019 at 3:53 pm
        Reply

        “the problem with FF forks is that they’re often outdated”

        I’ve had only once a problem with a single site because Waterfox was “outdated”, which was promptly fixed by the site. And WF v68 is going to be released, which will then evolve based on FF ESR. Most of the not-up-to-date is just anti-features anyways. Some newer webextensions were not yet compatible but again that will be fixed with v68. The big bad point is that v68 will finally drop classic extensions unless they’re recoded.

        “and fail to keep up with security patches”

        I’m skeptical about that. The typical delay is two weeks in WF. It seems to me that this problem is exxagerated by Mozilla in order to discourage forks.

      4. 12bytes.org said on May 5, 2019 at 5:04 pm
        Reply

        > I’ve had only once a problem with a single site because Waterfox was “outdated” …

        i’ve experienced a few problems, some very annoying though i don;t recall what they were

        > I’m skeptical about that. The typical delay is two weeks in WF. It seems to me that this problem is exxagerated by Mozilla in order to discourage forks.

        i can totally understand why you’d think that – Mozilla is a wealthy outfit indeed and i assure you i am not a pimp for Mozilla or FF (i just think it’s currently the best candidate for privacy customization) – however the non/delayed patching of those issues still exists in the FF forks and that’s a fact – you pointed out the problem yourself when you said “And WF v68 is going to be released” – sure, but what risks were users subjected to between v56 and v68? that’s a long time and huge gap without patches

        as for the garbage that Moz ships with FF (system add-ons, studies, search engines, etc.), all that can easily be removed/disabled, so in the end there is very little if anything that Waterfox can offer and the risks just aren’t worth it IMO

      5. Anonymous said on May 5, 2019 at 11:26 pm
        Reply

        “but what risks were users subjected to between v56 and v68? that’s a long time and huge gap without patches”

        Firefox security patches are systematically applied to WF v56, on average about two weeks after being applied to Firefox, no huge gap !

      6. Trebuchet said on May 5, 2019 at 3:56 pm
        Reply

        Coming at ya from Vivaldi. I have the stupid “fix” installed and can see it in extensions —doesn’t work. (I have and deploy ESR.) Approx 36 hrs in and no fix for ESR. So I’m looking into solutions besides Vivaldi for tomorrow morning (Monday). Was considering Waterfox but what did Pants say about Waterfox?

      7. 12bytes.org said on May 5, 2019 at 4:52 pm
        Reply

        his big issue was security patches not being applied as fast as they should – my issue was that and the bugs (Waterfox)

  9. Anonymous said on May 5, 2019 at 9:41 am
    Reply

    It’s an awful, awful disaster that never should have happened. Everyone knew this would happen and everyone warned them. It really is amazing. I’ll switch to Vivaldi if they can’t produce a reasonable response.

  10. ha said on May 5, 2019 at 10:01 am
    Reply

    Switching to vivaldi… bye firefox.

  11. GavinB said on May 5, 2019 at 10:03 am
    Reply

    Mozilla should reach out to people like Martin who provide their support at times when it is needed the most.
    They should sponsor his work.

    1. Anonymous said on May 5, 2019 at 12:03 pm
      Reply

      Mozilla should sponsor Waterfox too for removing their crap, like signature enforcement.

  12. CurrentUser said on May 5, 2019 at 10:04 am
    Reply

    it is all a joke!
    who cares? us few dont count at all…

  13. Cinikal said on May 5, 2019 at 10:27 am
    Reply

    Why is it that only one certificate can do so much damage? How is it that they (Mozilla) has no redundancies in play here? What is the current browser share? How many online right now? How many affected by this mistake? Even Noscript in Tor became disabled for me because of some “intermediate certificate” and I can only wonder wtf kind of consequences this may have caused.

  14. asd said on May 5, 2019 at 10:48 am
    Reply

    I understand things can go wrong in a complicated system like this. but the part that was really stupid was that browser would shutdown in the middle of work with no warning in order to disable the addon! No matter how many times you restored from backup, the same thing would happen. It was like you had no control over your stuff…

    Finally had to give in and hand over the telemetry data to receive the fix…

    As a Firefox fanboy I tried to hang on every time they threw us under the bus, this time is one too many. It is time to switch to Chromium for good.

    1. Gerard said on May 5, 2019 at 1:36 pm
      Reply

      Clever move, from Mozilla to Google. They at least value you privacy.;-)

      1. Iron Heart said on May 5, 2019 at 2:51 pm
        Reply

        @Gerard

        There’s also Ungoogled Chromium. More privacy-friendly than Firefox by default. I am not being ironic here.

      2. Gerard said on May 5, 2019 at 4:32 pm
        Reply

        Even if that’s 100% true, which I doubt, no matter which Chromium-based browser, where do you go for browser extensions? Chrome.google.com afaik.
        Case closed.;-)

    2. thebrowser said on May 5, 2019 at 2:15 pm
      Reply

      @asd, unfortunately I agree with you even after staying on Firefox as a main browser for many years. However I still recommend going with one of the forks such as Waterfox, which are really great projects and will hopefully step up now that they have such a nice opportunity to gain popularity.

      With so many users moving away from Firefox, the question really becomes what alternatives do we have? Will Firefox stand the test of time? Because if not, then all we have is Chromium so I wonder, what would it take for any of these FF forks to take it a step further and become fully standalone browsers?

      1. Gerard said on May 5, 2019 at 7:14 pm
        Reply

        “FF fork” Pale Moon became a “fully standalone browser” a long time ago. However, it’s very much a one-man operation afaik.

      2. thebrowser said on May 6, 2019 at 6:45 am
        Reply

        @Gerard, please correct me if I’m wrong as I haven’t used or followed Pale Moon’s development much. As I understand it Pale Moon is a fork of Firefox and relies on them maintaining the mainstream codebase for security patches and the like.

        If not, how far from Firefox has it really become so that if Mozilla were to shut the whole place tomorrow we would still consider Pale Moon as a viable alternative?

      3. ElasticMan said on May 6, 2019 at 7:09 pm
        Reply

        As @Gerard says, Pale Moon is very much a stand-alone browser these days. I first tried it out when FF57 came out and I’ve drifted between the two, except for the weekend just gone where my ‘go-to’ was PM.

        Security patches for the codebase are sorted by the Lead developer and maintenance patches/point releases have no relationship with Firefox update schedules.

        As to whether it is a ‘viable alternative’ depends on one’s individual use case. If a user relies upon a lot of current FF WebExts then it probably won’t be viable as the PM dev is adamant that he will not support that format.

        Regarding “how far from Firefox has it really become” perhaps one could turn that around from a cod-philosophical viewpoint and ask “How far has Firefox moved away from Firefox?” Thinking about customization, as an example, I have found PM to be better for this than any of the recent FF releases, perhaps closer to the earlier FF ethos than FF itself currently is.

        One of the biggest obstacles for PM is the relative lack of extensions, though many of the most critical/popular ones are around. IMHO the quickest way that this will improve is if one of the bigger Linux distros packages PM as its default browser. How likely or near that is I have no idea, but after this last weekend I wouldn’t be surprised if it has moved up one or two agendas.

      4. thebrowser said on May 7, 2019 at 8:19 am
        Reply

        @ElasticMan, thanks for letting me know.

        It really sounds much more attractive if it is indeed a browser that will continue to exists even if Mozilla pulls the plug on Firefox for some reason. I guess is expected of any forked project to eventually become something new, and now I’m curious to see how Pale Moon behaves so I’ll make sure to give it a try and stick with it for a little while, see what comes out of that.

      5. asd said on May 5, 2019 at 9:21 pm
        Reply

        Unfortunately, Google won the browser race, and Mozilla really handed them the medal with this disaster. The only option is Chromium with as little Google as possible.

    3. ULBoom said on May 5, 2019 at 3:01 pm
      Reply

      Chromium is google, no matter how much it’s pimped out, the core code is not modifiable per the license google has on it. Forks add features to the core with chrome and now chromedgium being among the most junked up versions.

      Compared to FF, the number of privacy and usability changes one can make to chromium through config mods is tiny.

      I still use a stripped version of chromium, the last woolyss with no webRTC, sync or widevine, v.67. In v.68 WebRTC was impossible to disable, it became so deep in the code. Too bad, woolyss may have been the most private chromium available; the current version is still one of the leanest available.

      Maybe try FF ESR, the current issue was fixed with one switch:

      xpinstall.signatures.required false

      and the browser itself works far better, has most features such as containers, removed.

      1. NA said on May 6, 2019 at 5:37 am
        Reply

        AFAIK, Chromium is free software. Most of the code is permissive licensed, like BSD, and some of the code is GPL.

      2. AnorKnee Merce said on May 6, 2019 at 8:06 am
        Reply

        @ NA

        Yes, but the underlying Chromium Project is sponsored and controlled by Google Inc to benefit her proprietary and trademarked Chrome browser. Similarly for Google’s Android Open Source Project and Chromium OS Project.

        What happened is that Google opened her Projects to other Linux developers to contribute but most development are done and approved/committed by Google’s own Linux developers.

        Chromium, Android and Chromium OS can be forked by other Linux developers but they cannot use Google’s trademarked Chrome, Android and Chrome OS.
        ……. For Android, Google imposed the Anti-Fragmentation Policy or Anti-Forking Policy on all her OEM partners. Google Play Store and Chrome Web Store are also trademarked by Google.

        If need be, Google Inc can pull the plug on all Chromium-based browsers by not allowing them to use her Chrome Web Store but at the likely expense of most Linux developers leaving the Chromium Project.

  15. Tomo said on May 5, 2019 at 10:55 am
    Reply

    I think this is just a continuation of sloppy millenial programming.. they crapped FFox with Quantum and destroyed a number of quality, useful and productive addons. Now they are after rest of them. I would like to say it is global conspiracy. It’s not. It’s just a crapramming possibilities of modern programmers. Look at Windows 10 – “Your data is exactly where you left them”.. except after our forced update.

  16. F Mozilla said on May 5, 2019 at 11:00 am
    Reply

    It is 100% unacceptable that FF is designed with an ability to catastrophically fail with no override because of an action (or inaction in this case) from the developer. Any software that relies on regular updates should be designed to continue to work (in a compromised state) even if it doesn’t receive its update. This issue is completely due to Mozilla’s design arrogance.

    I would not be surprised if their already bottom-of-the-barrel 10% market share fell to 5% after this is all over. Ghacks previous article https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-thats-a-bug/ is I’m guessing THE MOST COMMENTED article ever but several orders of magnitude. The reddit thread https://www.reddit.com/r/firefox/comments/bkcjoa/all_of_my_addons_got_disabled_and_they_are_all/ had 1100 comments in 24 hours. This was not a small misstep by Mozilla. They lost ALOT of their already shrinking userbase because of this.

    If Mozilla wants to still be around 5 years from now they should:
    #1 – Get on Twitter and grovel. Acknowledge how big a F-up this is. Tell us how you are going to bake in a solution to override any stupidity you force on the user on purpose or accidentally so we never have to go through this kind of nonsense ever again. ‘I’ installed a browser on ‘MY’ computer – ‘YOU’ (Mozilla) should not have the ability to disable it for any reason ever – not even by accident.
    #2 – Understand and listen to the users. For 10 years now they have ignored their loyal user base rather than build on them. We don’t want baked in Pocket – we want baked in UBlockOrigin. We don’t want data collecting schemes, telemetry, and forced advertising experiments we have to x100 disable in the about:config – we want clean out of the box performance (market yourself as the privacy browser with user controlled ads and you will gain +20% market share almost overnight). We don’t want the hamstrung addons we have now – we want robust addons (like before) so Build out the extension API system already. It’s been over a year now and addons are still basic.
    #3 – Get on social media and show the users you are working on the things they want. Tell us you just finished on an API that will let them do XYZ. Tell us you are in the middle of making pages load 10% faster. Tell us you’re taking out screenshot but your are putting back rss preview because you realized it was a stupid mistake. Tell us you realize recognize your mistakes and how you are fixing it.
    #4 – Fire all their corporate management idiots and hand control of the development back to the coders. Every marketing decision I’ve seen from them resulted in quick cash but loss in user base. No users = dead browser / company. Fast “creative” revenue is sinking the company long term.

    1. 12bytes.org said on May 5, 2019 at 6:54 pm
      Reply

      >#4 – Fire all their corporate management idiots and hand control of the development back to the coders. Every marketing decision I’ve seen from them resulted in quick cash but loss in user base.

      THIS! agree 100% – i think there’s a lot (or at least some) really ethical, privacy-respecting devs in the house of Moz, however at the corporate level i have zero respect for a company whose purported ethic is “Committed to you, your privacy and an open Web” and then partners with a pile of privacy-hating mega-corporations

      what was a very popular browser among a small but dedicated crowd has become a money making machine

  17. Mikdi Balazs said on May 5, 2019 at 11:03 am
    Reply

    A customer – sure, there are exceptions – has not all the information to make the good decision when selecting an add-on.

    There was a big mistake, to let not to renew the signature. Point.

    All those security shits, that you are facing to at the Android application ecosystem, proves that the security checking has to be enforced, not loosen.

    1. Anonymous said on May 5, 2019 at 3:00 pm
      Reply

      “All those security shits, that you are facing to at the Android application ecosystem, proves that the security checking has to be enforced, not loosen.”

      No, the security shit in the Android application ecosystem comes from a culture of malware tolerance from Google which is fundamentally a malware company, and furthermore them getting a share in distribution of third-party malware. It does not come at all from the fact that they would warn users about malicious apps and not let them override. Manual checks and a culture of user respect are what stop malware in stores, but Mozilla dropped that to adopt the Google model, with their useless permission system, and useless automated checks. Malware warnings may be valuable, especially if they come from manual checks with no compromise in policies for user respect, but this doesn’t have to come with no possibility to override the blocking, the cause of the current disaster.

  18. MarkZucker said on May 5, 2019 at 11:06 am
    Reply

    As a long time FireFox user, I am very disappointed about this. Mozilla is more interested in centralizing control than giving user option to control the browser. While Firefox is messing up, another variation on Brave has been released; since it uses chrome extensions, I can replicate every single function on FireFox. I am jumping ship to this:

    Dissenter Free Speech Web Browser Beta For Windows

    -Blocks ads and trackers that make Big Tech money on your data
    -Dissenter comment section on every URL on the internet
    -All Chrome Extensions work with it

    https://dissenter.com/dist/browser/dissenter_installer_74_0_66_49.exe

  19. Rudolf said on May 5, 2019 at 11:09 am
    Reply

    This could have been the final death strike for Firefox.
    I love Firefox and it’s my only choice out there.
    But I could understand anyone now switching to other browsers.

    Goddamn Firefox already is only at 20% marketshare … at best!
    I don’t want to imagine where it will be in a month …

    This is a desaster

    1. Iron Heart said on May 5, 2019 at 2:07 pm
      Reply

      Firefox has around 10% market share, give or take. And when I see incompetence like this, I can only come to the conclusion that this is well deserved.

    2. Anonymous said on May 6, 2019 at 4:50 am
      Reply

      Firefox is already below 10% marketshare, if I recall correctly last time Edge almost beat Firefox

  20. Marti Martz said on May 5, 2019 at 11:24 am
    Reply

    A little late apparently… but just got struck by this. Fx is no longer my main browser but it does have a test purpose… it failed miserably with this issue. It closed all tabs in one instance without warning and actually self terminated in another instance with no warning whatsoever.

    Someone there should remember to change all the light bulbs. ;)

  21. wastebin said on May 5, 2019 at 11:27 am
    Reply

    Can’t we just go back a version until they have this bug sorted ?

    1. Kalmly said on May 5, 2019 at 3:55 pm
      Reply

      I am using version 56.0. I was stunned this morning when I fired up the browser and found my extensions destroyed. Going back a version, wastebin, is not going to help.

      1. Iron Heart said on May 5, 2019 at 4:58 pm
        Reply

        @Kalmly

        Use Waterfox. It’s basically Firefox 56, but with more recent security updates applied to it. It has all the security fixes included, up to and inluding the most recent Firefox 66 security patches.

        https://www.waterfox.net/

      2. kalmly said on May 6, 2019 at 4:22 pm
        Reply

        Took your advice, Iron Heart. Sad to leave FF behind. We’ve been together for many years, but I need something that works. Installed Waterfox this morning and my extensions automagically reappeared.

        P.S. I also use Pale Moon.

  22. Tom Hawack said on May 5, 2019 at 11:28 am
    Reply

    As Martin writes it in this article, “Better, in my opinion, is an updated system that never blocks or disables extensions installed by the user unless they are blacklisted by Mozilla.”

    This is imperative. It has truly been a nightmare and I try to imagine what it has been for neophytes who don’t even know where to find answers. This issue has been more than an incident, it’s been a failure, a fault.

    Those who count on add-ons to surf the Web in a reasonable civilized way will have realized if applicable how this Web unfolds, deploys, displays without an armor : madly. Similar to a world where you’d have to choose an armored car, and there are place on this planet where it is required.

    What I’ve learned from this tough adventure is that it is possible to disable Firefox add-on signing requirement given the right script. I’ve installed this script and won’t remove it. Not only to prevent the repetition of what happened but also because it grants me freedom to modify extensions, try new ones, unsigned. This may be dangerous for unaware users but for those who practice caution, a true relief.

    If it doesn’t kill you it’ll make you stronger, right?

  23. Marek said on May 5, 2019 at 11:29 am
    Reply

    Mozilla should focus on making a good browser, not on some leftist mambo jambo and homosexual agenda. Stop with politics in the IT world.

    1. AnorKnee Merce said on May 5, 2019 at 4:04 pm
      Reply

      Leftists = liberals = socialists = communists = power-crazy rulers/developers or control-freaks = nanny-state.

  24. Steven said on May 5, 2019 at 11:32 am
    Reply
  25. Anonymous said on May 5, 2019 at 11:53 am
    Reply

    Lucky I am. With waterfox the signature requirement is disabled by default. Needed to use their repository for legacy add on ❤️

    1. Robert said on May 5, 2019 at 4:09 pm
      Reply

      The only reason why I don’t use “Waterfox” is because the “Internet Download Manager” extension isn’t supported and I was having constant problems getting it to work. IDM worked good in Firefox until this fiasco crashed it. I would still use Waterfox if IDM supported it.

      1. Anonymous said on May 6, 2019 at 4:51 am
        Reply

        @Robert
        Flashgot

  26. bb8 said on May 5, 2019 at 11:58 am
    Reply

    actually, I believe there’s nothing they can do. Btw, I didn’t know until yesterday that they fired own CEO for having personal opinion. So your opinion on using whatever extension you like is less important for them than opinion of some LGBT (whatever they’re called) activists. Good luck with that

    1. Anonymous said on May 5, 2019 at 3:21 pm
      Reply

      Like most of those who complain about that, you’re probably the type of right-wing person who has no problem with unionists being fired all the time for their political opinions, and who supports the right to arbitrary firings in general. Hypocrisy at its finest.

      1. NA said on May 6, 2019 at 5:30 am
        Reply

        Your deflection is wrong! Are you saying it is ok to fire someone for traditional personal opinions, or not? Do you even care about hypocrisy? The elephant in the room is Mozilla has an outsized focus on social justice, WITHOUT the budget of Microsoft or Google. We obviously need competence, and you can’t take the heat when degeneracy breeds damage.

      2. AnorKnee Merce said on May 6, 2019 at 8:26 am
        Reply

        @ Anonymous said on May 5, 2019 at 3:21 pm

        The US Constitution prohibits businesses from discriminating or firing employees based on race/color, religion, gender/sex and nationality.
        ……. Most major religions are against same-sex marriage, eg Christianity, Judaism, Islam, etc. So, it is illegal or unconstitutional for a business to fire an employee based on his/her religious view opposing same-sex marriage.

        The US Constitution does not protect political unionists who disrupt businesses or employees who are drug addicts or thieves/embezzlers, lazy, indisciplined, sexual-harassers, etc.

        OTOH, some liberal Blue states in the US also prohibit businesses from discriminating or firing employees based on their sexual orientation = cannot fire an employee for being an LGBTQ. But the US Constitution trumps State Constitution.

  27. gazoo said on May 5, 2019 at 12:02 pm
    Reply

    Yesterday I posted that I received the certificate signing issue only under a new profile – which had no extensions installed. My default profile (loaded with extensions) was unaffected. I was using FF on/off during the day and even rebooted my computer a few times as I came/went. 24+ hours later (perhaps 36+ hours after the original reports), boom! All my extensions are gone.

    I had not been reading the details on fixes and imagined that this would be fixed quickly. I did not conceive that Mozilla would double-down on this.

    When I go to Mozilla’s add-on site to reinstall the extension, I get an unhelpful message that says “Download failed. Please check your connection.” I can only imagine what a non-techy would make of this.

    Honestly, I don’t want to waste my time trying yet another tweak or spending a couple of hours trying to understand what’s happening here. I shouldn’t have to.

    Switching browsers is sooo easy to do. I’m on Brave right now, also have Vivaldi on stand-by.

    Both of these options have the same set of extensions Firefox *used* to have. Took me just a couple of minutes to set up. I’m sick of tweaking and configuring and fighting my browser – the same way I was sick of doing the same under Windows.

    Mozilla… you make me work way too hard for the (virtue-signalling) privacy you tout. Now, you’ve taken ownership of a program installed on *my* computer and wrecked it. Google didn’t take the browser market away from you – you gave it away.

    1. Tom Hawack said on May 5, 2019 at 12:16 pm
      Reply

      Changing browsers (or lets’s say the default browser) on the ground there’s been a serious flaw with the one we use is, IMO, similar to changing cars because of an engine issue. And what next with the new browser? First, it may be less fit for our needs but before all it is likely one day or another to face it’s own issues : and then what? Another browser, back to Firefox?

      Also, my feeling when reading many comments about users’ decisions after this nightmare is that thse users behave as if browser developers were begging them to stay, as if they were nice enough to accept a browser but, hey! : you’ve faulted, browser, so I’m quitting you. Strange mentality. 100% error-free does not exist, choosing a browser on the basis of no-incidents is odd. IMO you choose a browser for given reasons and if those reasons mean anything to you then you participate to the problems rather than escape. Of course for those who choose a browser rather than another for evanescent reasons will face no questions when hopping from one to another, like a kangaroo : hop, hop … yeah? Nops … hop hop hop, what about this one? ya, nice, I’ll stay a while. Bizarre.

      1. thebrowser said on May 5, 2019 at 5:54 pm
        Reply

        @Tom Hawack,

        I’m sure this has happened to all of us at some point, we frequent a particular place we really like (let’s say a cafe) and become regular customers there. The staff knows you, they treat you well, you are a loyal customer and you enjoy being one and support them in return. But after time the staff changes slowly, people change jobs or move to another city all the time. Then suddently you realize that without the right people running the place the coffee just doesn’t taste as good as is used to anymore. This does happens in real life be it with a cafe or some other type of store/service, and so does in the software industry (I’m sure we could come up with a list of examples about this).

        I’ve been using Firefox regularly as my main browser for many years, because I genuinly like it better than the alternatives in some way or another. I’ve adapted my workflow around this browser and so even though I toy with some others every now and again this is what I’m used to and look for at the end of the day. However this is the perfect excuse to start looking for a new ‘base’ which in my case is not too far off: Waterfox, perhaps Brave or even Vivaldi on the side. Why not?

        Is not about punishing the developers, walking away with my head high full of dignity or abandon the ship. This is after all a free competitive market and I do have alternatives to choose from, that may or may not fulfill my needs. But one thing that I know for sure is that Mozilla Firefox just doesn’t cut it anymore for me after this last one blast (that is making me waste so much of my time).

        I’m not saying that I will never use Firefox anymore, I’m just saying that it’s not the right time for me. I don’t recognize any of the staff and the coffee doesn’t taste as good anymore.

      2. Tom Hawack said on May 5, 2019 at 6:31 pm
        Reply

        @ thebrowser, you write, “This is after all a free competitive market and I do have alternatives to choose from, that may or may not fulfill my needs.”

        Of course. Competition is not a concept and would be meaningless if it had no impact on our choices : like democracy, if the institutions exist and are a necessary condition they are not a sufficient one if people don’t practice it : I’m free means I have the rights but also that I use those rights. OK.

        What I meant to say in my approximate English is that users who seem to move from one place to another (as from café/bar to café/bar or “Tournée des grands ducs” in French!) with no substantial reason, just because they face an annoyance which blinds them to what they may like… bothers me. If moreover they start gossiping on the last café, sometimes in a rude way, then it irritates me.

        Now, once you know what you’re searching for, what you like and dislike, prioritize both combined and choose accordingly, calmly as your comment illustrates it… that’s just fine, no problem.

        But meanwhile the Web is filled with hysteria, hatred, exaggerations, disproportionate love and hatred : one day someone who saved a kitty will be worshiped as a god (I love kittens but saving one is not being a hero), another day someone who’s been rude will be crucified (I dislike rude behaviors but not to the point of condemning someone as witches in the Middle-Ages).

        This said, everyone is free, that’s not the point but, rather, a great lack of respect, often, too often, regarding fellow mates as well as application developers, companies and so on. I mean : you can argument and say your truth calmly.

        Calmly and in fewer words than mine :=)

      3. thebrowser said on May 6, 2019 at 7:03 am
        Reply

        @Tom Hawack, absolutely agree with you in that the internet quickly overreacts to the slightest opportunity, and I really wish we could all take a step back and reflect more often. I really liked a comment in Martin’s new article where a user (@BacktoFF) did exactly this: take a hasty decision to uninstall FF and then come back the next day with a clearer head. What do you think of this? I for one like that he reflected on the issue and tried something new, then came back, but after one single day already gave up another perfectly viable option.

        In this particular scenario however I must agree with @gazoo; this is not the typical mistake due to a ‘bad direction’ from the board, poor design choice or a bug from the developers. It’s an issue that effectively takes away the security, privacy and comfort that all those extensions give us (so important these days even in the smaller devices).

        Moreover, the ultimate lack respect that Mozilla could have towards their users is that they haven’t said a word about this whole thing. Not an explanation, not an apologize, not an acknowledge that there’s even a problem. We only know of how things are going because of blogs like gHacks. I have unsuscribed already from Mozilla’s newsletter, what good is it really if they are not informing about what is happening or give me solution to a problem they caused?

      4. gazoo said on May 5, 2019 at 11:18 pm
        Reply

        @Tom Hawack

        > Strange mentality. 100% error-free does not exist, choosing a browser on the basis of no-incidents is odd.

        I completely agree with this sentiment. But this isn’t just a simple incident and I feel that you are attempting to dilute the seriousness of this. FF, in it’s current state is unusable. There is no confusion about this for those who rely on extensions.

        Like I said, it’s wrecked. I didn’t do it, or a nefarious hacker or a state-nation or my kids. It was the very company who I trusted to work with me on privacy issues that took hold of my personal workplace, destroyed the defenses I had in place and made me vulnerable.

        Mozilla did so without warning and 2 days later… without a viable solution. It’s mind-boggling and unprecedented.

        If we go with your car analogy: it’s akin to disabling the brakes or removing the windows (in the cold, rainy season). This is a far more serious issue than spark plugs or flat tires that you allude to.

        I understand loyalty to a brand: especially one that attempts to empower the end-user. I do not condone blind loyalty. I may go back to FF or I may not given their many missteps. I hope they will be stronger as a result. Many other users will not go back as they get comfortable with alternatives and their ecosystem. In the meantime, they have literally taken that choice away from me (and so many others).

        What other course of action do I have? I can’t even install trusted and Open Sourced extensions from dedicated people like gorhill (uBlock Origin, uMatrix). Not a single extension, that I spent hours verifying and vetting, is available to me – even as I write this.

        All I want to do is render some html in a safe (privacy-first) environment. I can no longer do that with Firefox (for the time being).

  28. stefann said on May 5, 2019 at 12:40 pm
    Reply

    I will stay with Firefox 52.9.x ESR as long as it is possible (it meet my needs). I utterly hate “Quantom”. 85% of my addons can’t be replaced. Those addons that can be replaced have a terrible user interface, compared to the old addons.

    1. Iron Heart said on May 5, 2019 at 2:05 pm
      Reply

      Firefox 52 ESR doesn’t get updates anymore, ever since August 2018. I recommend Waterfox. It has all the more recent security patches applied to it, up to and including the security fixes of the most recent Firefox 66.

      https://www.waterfox.net/

  29. uluuuu said on May 5, 2019 at 12:54 pm
    Reply

    Mozilla’s decisions lately have been abysmal. I have already mostly switched to opera and vivaldi, but if they keep breaking things I’ll be removing firefox completely. There is nothing right now that makes it better than chromium-derived browsers and a lot of things that make it worse.

  30. BadTaste said on May 5, 2019 at 1:10 pm
    Reply

    The whole system is a F***ing joke. A centralized sh*t.

    Why Mozilla? Why not the developer of an extension signs his/her software? What if an account gets compromised? We won’t even realize only if it is too late.

    Example:
    Every software on Launchpad signed by the maintainer not by Launchpad.

    Advertising revenue got into the skies in these couple of days. Thank you Mozilla (google)

  31. Pseudonym said on May 5, 2019 at 1:11 pm
    Reply

    I’ve been using Vivaldi for the last few years. But I switched to Firefox Quantum because of bugs and 3 other reasons. Firefox runs better on my system than Vivaldi (and Vivaldi has many cool features that Chrome doesn’t have).

    1.
    Even now after many months with a huge history and 14 activated extensions, Firefox still starts within 1-2 seconds. Vivaldi needs 11 seconds even with an empty profile. Both installed on the same SSD (Acer Swift 1 with Pentium N5000). That doesn’t bother me, but it’s annoying.

    2.
    But much more important for me is the soft scrolling in Firefox. For years I tried to optimize the scrolling behavior of Google Chrome and later Vivaldi for me. This was best done with the extension SmoothScroll (from smoothscroll.net). But even with that I was never really 100% satisfied. Because if you found a good setting, the CPU load when scrolling was higher than it should be. You know the fans: even if they are quiet, it’s annoying if they always turn up and down for 10 seconds. I’m sensitive to this.
    And with Firefox it is optional for me by default. I can read long pages, focus on the last line I’m on, scroll down without losing focus and read on.
    Of course you can also scroll one page further with the space key, but I don’t want to do this way.

    3.
    And this is the point that bothers me the most. Even if there is an (incomplete) workaround by activating synchronization.
    You can’t just backup your profile folder on Google Chrome / Vivald and restore it on another replacement device. Many things like extensions and passwords get lost.
    With Firefox this is no problem. Simply backup the folder %AppData%\Mozilla\Firefox\ (I often use 7zip or WinRAR for this), copy backup to USB stick, connect USB stick to new system and restore backup. Done.

    The error with the certificate also annoyed me of course.
    This could have been solved differently by manually pointing to the expired certificate, but asking the user if he still wants to use the extensions.

    1. Clairvaux said on May 5, 2019 at 4:00 pm
      Reply

      @ Pseudonym

      Thanks for letting me know that I’m not alone at struggling with Vivaldi scrolling. I asked the question several times on Vivaldi forums, and I only got blank stares. That’s quite annoying indeed. It also happens within the browser’s interface. In the bookmarks manager, for instance.

      As for transferring profiles wholesale, I wasn’t aware you could do this with Firefox. I thought transferring extensions, in particular, was bound to fail.

      Passwords I really don’t recommend to keep inside a browser. That’s too much of a security and backup risk. If you’re up to using Firefox (or Vivaldi), you’re up to using a password manager.

      If Mozilla can break it big way with certificates, just imagine what they could do with passwords.

      1. Pseudonym said on May 5, 2019 at 6:19 pm
        Reply

        With Firefox you can encrypt the access to the passwords with a master password. If you can bypass this, you can probably get hold of the passwords of a password manager. At the latest when he can copy the database and intercept the main password.
        With two-factor authentication this may be different.

    2. ULBoom said on May 5, 2019 at 4:04 pm
      Reply

      Google doesn’t seem to be interested in tweaking the obvious shortcomings of chromium/chrome such as poor scrolling, something so basic. Also not interested in disabling that horrid flashing omnibar, in fact they have refused to do so. Browsing data cannot be deleted on shut down, it just sits there, everything you’ve done, until you manually remove it at startup. I have yet to find an extension that really removes data at shutdown.

      They call chrome, in their quarterly reports, a browser based user ad data collector or similar. Those thinking they’re getting anything resembling privacy with chromium, are not.

      The browser core is fixed by google’s license on it which doesn’t even require the code to be published; they publish something, what?

      Warts and all, I’ll stay with FF ESR until there’s no choice. It’s not like chromium/chrome hasn’t had a lot of issues, too.

  32. Operation Normandy said on May 5, 2019 at 1:14 pm
    Reply

    I think a sane course of action would be to backtrack on the chain of decisions enabling this and other things, most importantly the PERSONS enabling this. Its absurd that a select few in charge are able to continue subverting the privacy and security of the entire userbase again and again. I dont believe anyone other than mozilla employees want most of this nonsense.

    1. Anonymous said on May 5, 2019 at 3:15 pm
      Reply

      The incredible fact is that the Mozilla managers are paid that much and yet most of their decisions are that toxic for the community. The only possible explanation is that they’re paid to fuck the users. Corruption.

      1. Clairvaux said on May 5, 2019 at 3:53 pm
        Reply

        Don’t look for convoluted explanations and conspiracy theories, when laziness, incompetence and arrogance explain so much.

        Mozilla isn’t the first company to fall prey to such demons. Indeed, it’s a most common cause for the demise of formerly superb businesses.

      2. Boomerang Kid said on May 6, 2019 at 9:16 pm
        Reply

        No. They’ve been doing it for way too long, way too many times and way too aggresively for it to not be malice. I mean look at how fast they close issues on their bugzilla that criticize them. Or how terribly they treat even long-term supporters that dared to challenge them: http://www.philippecloutier.com/blogpost79-Modestly-Moving-Away-from-a-Monstruously-Mad-Mozilla.

      3. Clairvaux said on May 7, 2019 at 1:09 am
        Reply

        @ Boomerang Kid

        What do you mean, no ? The interesting article you link to supports my point, and the one I’ve generally been making on this thread, and numerous others before, about Mozilla.

        There’s no need to invoke malice when incompetence and arrogance completely explain the problem. The anonymous poster I was replying to accused Mozilla’s managers to be paid “to fuck the users”. That would be “corruption”, according to him. Corruption by whom ? The implied answer is Google. Mozilla would have been overtaken by Google spies trying to ruin it from inside.

        This is a typical conspiracy theory by former fans, who cannot cope with the fact that their former lover now stinks and smokes in bed.

        It’s enough to study economic history, the history of businesses, the history of management, and history itself, to realize that such things have been happening since the dawn of humanity. Endeavour, success, hubris, aloofness — and ultimately, failure. Millions of human enterprises have followed that path. It’s so very human.

    2. ULBoom said on May 5, 2019 at 4:05 pm
      Reply

      They jumped far too eagerly on the junkware merry go round.

  33. Mark Hazard said on May 5, 2019 at 1:47 pm
    Reply

    Good article Martin. I agree 100%.

  34. John C. said on May 5, 2019 at 1:48 pm
    Reply

    In older versions of Firefox (eg. 52.8.1) where extensions are disabled by this problem, if about:config has the xpinstall.signatures.required pref, you simply set it to “false” by double-clicking on it. Then restart Firefox and your extensions should be re-enabled.

    1. Iron Heart said on May 5, 2019 at 2:02 pm
      Reply

      Or one could just use a browser that doesn’t enforce extension signing by default (Waterfox).

    2. jern said on May 5, 2019 at 4:18 pm
      Reply

      I use FF 54.0.1 (64 bit) on a Mac. I tried your suggestion. My extensions are still disabled.

      1. Iron Heart said on May 5, 2019 at 4:55 pm
        Reply

        @jern

        Extension signing can’t be disabled in stable builds – the setting is in them, but is ineffective. The only Firefox versions where you can disable extension signing are:

        – Firefox Nightly
        – Firefox Beta
        – Firefox ESR

        or:

        – Waterfox

        Waterfox is what I would recommend in your case. Firefox 52 ESR is technically older than the browser you use, while Waterfox is based on Firefox 56.

        https://www.waterfox.net/

    3. Beetle said on May 5, 2019 at 5:05 pm
      Reply

      I run FF 54 on Win and xpinstall.signatures.required = true yet i did not experience any problems, addons weren’t disabled. Very odd, glad it didn’t affect me.

  35. Lord-Lestat said on May 5, 2019 at 2:08 pm
    Reply

    And as expected… another public relations disaster. Mozilla really loves to damage itself. Dissenter… add-on mass deactivation… Compared to Mozilla every other browser developer (yes, even Google) has more professionalism in direct comparison with them!

    And what is even more funny… quite some people of Mozilla’s new simple target user group are now showing their brand loyalty and… dump Firefox for Brave, Vivaldi or something else – Not to forget the number of people who are using from now on the… Gab-Browser ;-)

    Mozilla’s most dedicated speed/simplicity-only loving user groups of apologists have for sure a lot of work to do this time.

    1. Robert said on May 5, 2019 at 4:15 pm
      Reply

      How many people are trolls and are saying they are jumping ship from Firefox to another browser when in fact they never really used Firefox in the first place? Analytics can likely get a better census on browser choice changes that this mess created and I will be interested in seeing what damage Mozilla has done to the remaining clients they have left.

  36. 12bytes said on May 5, 2019 at 2:19 pm
    Reply

    cron job to notify people about soon to expire certs? i guess not

    not disable extensions whose signature hasn’t changed and are still on AMO? um, nope

    not disable anything that isn’t blacklisted? nah

    I KNOW! let’s just MASS-DISABLE EVERYTHING when there’s a hiccup in the system, jeopardize user privacy and piss off everyone! WIN!

  37. Cathy said on May 5, 2019 at 2:20 pm
    Reply

    I’ve got probably a half dozen profiles, some dedicated to legacy Firefox versions, on two users on each of my two main computers and I’m supposed to run Firefox in each profile hoping the fix will be pushed out? What about users who are non-techie? How many of them could figure out the nonsense about enabling studies? I waited all day for the profile I used most to be patched – it never was. I finally gave up and downloaded the new cert from links provided by the community and updated manually. If the cert needs to be in each profile, Mozilla needs to publish the cert officially in a form that can easily be installed – without enabling “phoning home.”

    1. Richard Allen said on May 5, 2019 at 4:11 pm
      Reply

      What a mess. I have two “stable” channel profiles along with Nightly. My default profile was never affected even 2 hours after my Test Profile and Nightly were. After I enabled normandy/studies in about:config my default profile quickly downloaded the Hotfix. My Test profile has had Studies enabled for months and never downloaded the Hotfix, I suspect they prioritized those using FF as their default browser first.

      For those still needing the Hotfix I’ll post a link. It worked in both of my stable channel profiles and in Nightly on my end. Use at your own risk, backup your profile, drag and drop onto open browser window. Yes, the Hotfix is signed. ;)

      Hotfix: https://drive.google.com/open?id=1YpXUI_ABzaqq7TNJzBJ0O2-MfkOQjfFq

  38. Alanf said on May 5, 2019 at 2:56 pm
    Reply

    The Hotfix is a good idea, but unless you have made sure that “app.normandy.enabled” and “app.normandy.first_run” have been set to the default value of “true” you can’t set the “Allow Firefox to install and run studies”

    Fix that and the Hotfix downloads almost instantly.

    1. Belga said on May 5, 2019 at 4:07 pm
      Reply

      Not the solution in my case… but thanks !
      I downloaded finally the fix here : https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
      For the rest, I fully agree with the content of the two comments from Tom Hawack above.

  39. Clairvaux said on May 5, 2019 at 3:49 pm
    Reply

    A prompt stating that “extension could not be certified, do you want to continue running it” would give the user control over the situation and avoid another PR disaster.

    ***

    Bloody obvious. But that would require, from Mozilla, a different mindset towards their clients. To be really “open” to what they want. Not just to boast about being “open source”. It’s a question of attitude.

    It’s they trying to have it both ways, not us.

  40. Richard Allen said on May 5, 2019 at 3:51 pm
    Reply

    @Martin

    Well said sir! Completely agree!

  41. Nijaz said on May 5, 2019 at 4:29 pm
    Reply

    I think that they should enable using extensions without signing, but of course with some warning or advanced options. But I won’t stop using Firefox. I already downloaded their extension called “hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi” which unlike all other extensions could be installed and could fix all problems. Somebody posted link somewhere. I don’t know how they can fix ESR, Tor, and older versions. Maybe teaching people to do something manually. I am not gonna stop using Firefox because it has best printing ability. It’s printed pdf files are 10x to 100x smaller than of Chrome or Opera. It prints text as text, especially good for wikipedia. I use pdf-xchange lite printer as virtual device. Firefox is still the best!

  42. Henk said on May 5, 2019 at 4:45 pm
    Reply

    Maybe we should put this Mozilla disaster in a wider perspective?

    Since at least 10 years now, there has been an ongoing trend to take control, adaptation, configurability away from individual computer users and instead concentrate this controlling power more exclusively in the hands of the organizations that provide the system, the application, and/or cloud storage.

    Among the many reasons given for this global trend are (1) better security for all parties; (2) better commercial viability for the providers, such as more efficient maintenance and updating channels plus more consistent data collection; and (3) more simplicity, convenience and ease-of-use for the average consumer while shielding them from ever more complex background structures.

    The essential consequence of this global trend is that for the user, software feels ever less as something you “own” (with your own rights to fully control, adapt, change and if necessary correct it). Instead, software feels ever more like something you “borrow” or “hire”: with the actual owner, the providing organization, restricting what you as one of their users may still change or control.

    Among the negative side effects of this global trend are (1) less freedom and convenience for individual users who need or want their own nonstandard settings, (2) a greater risk of individual privacy loss through implicit, sometimes even unavoidable data sharing; and (3) a greater risk of catastrophic errors affecting the entire user base, because the centralized, uniform channeling may spread a bug quickly and widely (while users are left with less effective means to correct it).

    The present Mozilla problem is a great illustration of the latter central-error risk, but of course we’ve seen this very same effect many times before: in the past two years probably most notably with the Windows 10 updating system.

    And as a whole, Windows 10 seems to illustrate the ongoing take-away-user-control trend even better than Mozilla does. But this very same trend can be seen just as well in many small single-purpose applications such as, for example, CCleaner. It is, in fact, everywhere.

    What can be done in our interest as users, correcting the negative sides of this trend by offering better individual user control and privacy, without sacrificing too much security and ease-of-use?

    Many software providers have sought the solution in offering two different control layers: a simple and limited control UI for standard users, plus a less accessible but more extended control UI for more demanding users. Like Mozilla’s own very limited Firefox settings GUI vs. its more detailed (though right now still inadequate) config list option. Many specific applications, such as video card controller apps, offer “default” vs. “advanced” options screens. Most versions of the Linux OS in fact do the same kind of thing: they offer a simple GUI with only basic options (like only a few standard app repositories) with a much more complex terminal system hidden underneath for those who need their own fine-tuning and control. To a limited extent, in Win10 the command line and gpedit can have a similar function.

    In my opinion however, this is not quite the way to go. Because this tends to create and keep two separate classes of users: a majority of “normal” users who meekly let themselves for the most part be controlled by the software provider, and on the other side just a small minority of “expert” users who actually know and use the harder, hidden pathways to slightly better individual control. But shouldn’t everyone be entitled to more full control or privacy, regardless their knowledge or abilities? And shouldn’t everyone be entitled to make her own mistakes, instead of leaving that responsibility to others or (dangerously) to some industry monopolist?

    Software developers should stop treating end users like children and offer everyone a much more complete range of options and control, in a much better, much more extended and still accessible and understandable user settings UI. That most of them don’t offer this is not because it cannot be done, but because they’re too lazy to develop something like that (and probably think most users won’t use most of it anyway).

    We, the users, should keep insisting that software developers give us back more responsibility and freedom to choose and change things according to our own preferences (and we should contribute to such a counter-trend by installing and using software that does best in this respect). We should claim back our own responsibility, the right to be responsible for our own errors, the right to learn and understand a little better what we are doing.

    While going in that direction, both developers and end users should minimize risks (both security and error risks) by routinely isolating and compartimentalizing things, instead of concentrating all kinds of risk management on a dangerously centralized one-for-all level.

    Sure, things always can and will go wrong… But with better choices from all sides, on all levels, they really don’t need to go wrong on such a massive scale as happened with Mozilla yesterday.

    Maybe we just need a little more online freedom and diversity and privacy again? Today many seem obsessively afraid that this may be unsafe, without considering that in the long run, the opposite may be far more dangerous. Let’s not pay too high a price for trying to rule out all potential risks: let’s not allow ourselves to be suffocated by fear of some missing certificates ;-)

    1. user17843 said on May 5, 2019 at 6:33 pm
      Reply

      @Henk said on May 5, 2019 at 4:45 pm

      The reason for this is when the internet started, engineers and enthusiasts were creating software for themselves. 10-20% of the population used the internet.

      Many people did not care about money. Those who did found ways to monetize things, for example Apple with selling hardware, or Google selling ads, or Mozilla selling the search engine.

      Internet use was growing exponentially, which means money just came in in amounts no one could really believe.

      Then in around 2005 everything changed. The industry was starting to get saturated and professional managers overtook the companies, and started to optimize revenue in every single possible way.

      The goal was now to get everyone on board, not only the geeks, so that exponential growth once again would be possible.

      And all those managers and CEOs had discovered that the web was created for grown ups. They decided you can reach more people when you dumb everything down, and force things on to people.

      Thus, a race began where companies try to be as close as possible to their customers, which means absolute control over the software.

      Every % counts. And when you can get 10% more revenue with a simple change in user interface, the humans behind the computers do not count anymore. Everything starts to become numbers and statistics. Devoid of life.

      Users revolted against this creepy behavior by pathological companies, and created tools to fight back. Unfortunately, with every year that goes by, the power users have less and less of a lobby, because the percentage of noobs becomes bigger and bigger, they start to dominate the internet.

      The reason so many people complain about this certificate problem is not only the problem itself. It’s a symptom for a way larger problem, with users like us not being taken seriously anymore.

      We want to believe that there’s at least one company that is on our side.

      No one can use this browser in production mode if something unexpected like this can happen.

      There are hundreds of thousands of users who have secured the browser with extensions, configs and enterprise policies in order to use it in time-critical or security-dependent environments, and still this happened to them.

      1. John Fenderson said on May 6, 2019 at 5:51 pm
        Reply

        @user17843: “The reason so many people complain about this certificate problem is not only the problem itself. It’s a symptom for a way larger problem, with users like us not being taken seriously anymore.”

        A million times this.

        This is what I mean when I say that I am not the target demographic for Firefox anymore. What makes it a bit painful is that there are no modern browsers that I’m aware of that do have me as part of their target demographic.

  43. AnorKnee Merce said on May 5, 2019 at 4:51 pm
    Reply

    AFAIK, add-on signing was enforced by Mozilla since Firefox 48 Stable, but not for the ESR channel, ie Firefox ESR retained the “xpinstall.signatures.required” preference setting in about:config, which defaults to “true”. This preference setting was removed from FF Stable since FF 48.

    So, since FF 48 Stable, all add-ons/extensions must be signed with a Mozilla certificate before they could be installed or run. Mozilla’s servers would check for the signed certificates of the installed add-ons/extensions every 24 hours. Users cannot disable this requirement. Seems. tech-geeks can still workaround the above disaster.
    ……. Only FF ESR users can disable this add-on/extension signing requirement by setting “xpinstall.signatures.required” to “false” in about:config and so can easily fix the above disaster.

    Maybe, all FF users should move to the ESR channel to avoid the above disaster = will also only need to upgrade every year, instead of every 6 weeks for the Stable channel.
    ……. It’s like running Win 10 Ent LTSC = will only need to upgrade every 3 to 10 years, instead of being forced auto-upgraded by M$ every 6 months or every year in Win 10 Home/Pro/Ent. ….

    1. AnorKnee Merce said on May 5, 2019 at 8:10 pm
      Reply
  44. pHROZEN gHOST said on May 5, 2019 at 4:54 pm
    Reply

    My extensions are not disabled. But I cannot use the update function because the download fails for each and every extension that has an update available.

    Is Mozilla following in Microsoft’s footsteps?

  45. pHROZEN gHOST said on May 5, 2019 at 5:00 pm
    Reply

    I am removing Firefox from my computer. I’ve had it.

  46. SimpleFix said on May 5, 2019 at 5:08 pm
    Reply

    It’s not that Mozilla had no valid CA certificate (self-signed) on file. The Mozilla ‘experts’ just compiled Firefox with an outdated certificate instead of the new one, and didn’t notice.

    Anyway, to prevent this from hapening again, Mozilla should drop their hard-coded, and broken, certificate store and update CA certificates on the fly. This way, their software would simply update certificates in the store as needed. That’s how Microsoft handles it in Windows and it works since day one.

  47. jern said on May 5, 2019 at 5:54 pm
    Reply

    I just installed Waterfox 52.2.9 (64 bit) on my Mac. All of the disabled FF extensions were ported over automatically and appear to work perfectly.

    1. jern said on May 5, 2019 at 6:06 pm
      Reply

      Note: If you have specific permissions established for websites they will have to be reestablished with Waterfox. Those settings are not ported from FF.

  48. ilev said on May 5, 2019 at 6:09 pm
    Reply

    ” The organization revealed that Firefox ESR and Android versions need separate fixes.”

    My copy of Portable Firefox 60.6.1esr got the fix .xpi yesterday, automatically. Add-ons work.

  49. Angry Hedgehog said on May 5, 2019 at 6:39 pm
    Reply

    Many of the disabled addons are security related ones. Like noscript and antivirus browser addons. Who do you think gets the most benefit of this besides those who make malicious websites. Firefox is following the Truecrypt path.Unfortunately.

  50. John G. said on May 5, 2019 at 7:15 pm
    Reply

    I have Firefox with no extensions for banking and educational purposes and it works like a charm.

  51. Ansens said on May 5, 2019 at 7:59 pm
    Reply

    Firefox has been my main browser since version 3.5.x. I endured so much during this time. I even forgotten the introduction of WebExtensions, which most of my favorite extensions stopped working and there were no equivalents or their functionality decreased, for example, NoScript. But what has happened now is too much. So, after ten years, goodbye.

  52. Bobby Phoenix said on May 5, 2019 at 8:00 pm
    Reply

    I think this is the only sane and logical reply on this whole post. I don’t understand why everyone is so overly crazy about a mistake. This happens all over the place. Just like Microsoft forgetting to renew their domain for the Web App Live Tiles. The best thing that can come from this is a better secure signing system because this happened. Who knows what other browsers are hiding behind their codes? They could be better, they could be a lot worse. Leaving Firefox because of this is simply stupid.

    1. Clairvaux said on May 5, 2019 at 8:19 pm
      Reply

      One mistake ? A mistake ?

      Some mistakes get you fired, in some places.

      Also, you seem not to have noticed the trend, here. It’s not a bug. It’s a feature. It’s been going on for ages.

      The Firefox subreddit (from which I was banned for defending free speech, which is not deemed Mozilla-correct by those oh so “open”-minded people) has now posts such as this one, saying basically : shut up and stop complaining.

      https://www.reddit.com/r/firefox/comments/bkz2qx/i_love_firefox_but_im_starting_to_dislike_the/

      Those people have their heads buried so deep up their arses they cannot even understand it’s precisely this arrogant attitude about everything, that has alienated them so many former fans.

      Talk about a mistake… Right at the moment where they should be apologizing profusely, some of their fanboys choose to rub our noses in their waste. Once again.

      The guy literally says criticizing Firefox, or Mozilla for such “mistakes”, is “hate”. He literally says you must not complain, and the devs know best.

      There’s no redeeming such people.

      1. Iron Heart said on May 5, 2019 at 8:56 pm
        Reply

        @Clairvaux

        In a way, you should be thankful for the ban. That spares you the trouble of dealing with the fanboy temple that is otherwise known as the Firefox subreddit.

        A cesspit of snakes that you should avoid. I agree with you 100% about their attitude.

      2. Clairvaux said on May 6, 2019 at 1:31 am
        Reply

        Yeah, I guess you’re right. Like a divorce, so to speak… it’s better when it’s over.

        I had already jumped ship from the browser itself to Vivaldi, but I was hanging around the old flame, thinking things might be mended again some day…

    2. John Fenderson said on May 6, 2019 at 6:11 pm
      Reply

      @Bobby Phoenix: ” I don’t understand why everyone is so overly crazy about a mistake.”

      I think it’s because it happens to hit on an already sore point: the continued reduction of the ability to control what Firefox does. Not having the ability to disable signature checking isn’t a mistake — it’s an intentional design decision. It was a bad decision from day 1 for a number of reasons, and Mozilla was well aware of what the problems with it were.

      What I find ironic is that none of the serious criticisms of that decision foresaw that Mozilla would compound the problem by demonstrating a level of incompetence that would cause everyone to break like this.

  53. Arta56 said on May 5, 2019 at 9:20 pm
    Reply

    I agree with this piece. Firefox used to be about openness and possibilities, and as we see the attempts to turn it into a nanny that limits what the users can do is a huge failure. If they want to protect inexperienced users, they should at least provide an option to disable that feature. Many add-ons help to protect privacy and online safety, and a system that disables them out of nowhere is also a huge risk, in addition to being an annoyance. I don’t need a browser that tells me what news are true or which extensions I’m supposed to install. I have a brain for that.

  54. Haakon said on May 5, 2019 at 10:50 pm
    Reply

    Well, thank goodness my beloved, life pivotal extensions are back to normal. I guess I’ll cut Mozilla some slack as my Dark Theme was unaffected. Mess with my theme, and IT’S OVER!

    Thanks for all the great coverage, Martin.

  55. Richard Steven Hack said on May 6, 2019 at 12:33 am
    Reply

    This isn’t about certificates or anything else other than simple mindless incompetence.

    Fundamentally the issue is about overwhelming concern for “features” far more than for reliability, security or usability. This issue is endemic to the entire software (and hardware) industry, but is epidemic to Mozilla. It is the result of the psychological nature of programmers to want to “tinker” and get “results” – meaning the emotional satisfaction of getting something “to work” without being concerned about the consequences for the end user of their products.

    “Software engineering” is anything but. Real engineering requires using cost/benefit analysis as well as a concern for the legal consequences if your product fails. Nothing like that exists for programmers and program managers in the industry. It’s all about what’s “cool” and similar infantile notions.

    Programmers need to be automated out of the industry and replaced by professional system designers who use computer-aided engineering tools to analyze designs according to objective standards of engineering practice, reliability, security and usability.

    Unfortunately this will never happen until some major disaster directly traced to the current level of incompetence forces a change. Until then, we’re stuck with this less-than-lethal level of constant annoyances.

    1. Clairvaux said on May 6, 2019 at 1:26 am
      Reply

      That’s an interesting view.

      I have a question, though : is this even possible ? I mean, at a cost compatible with the relevant market, without getting to Boeing-grade prices ?

      And a comment : whatever the emotional / coolness factor, there was a time, in software development, where such train wrecks would not happen. The Microsoft of yesteryear wasn’t, by any stretch, what it has become today.

      That Firefox cert meltdown is eerily reminiscent of the careless way Microsoft breaks its users systems with Windows 10 “upgrades”. This would never have happened under Bill Gates. At that time, IT professionals might have hated Microsoft for its heavy handed approach, but they slept at night knowing that if Redmond said you could, and indeed, you should apply patch X or upgrade Y, then it meant it would work.

  56. Ngamer01 said on May 6, 2019 at 3:40 am
    Reply

    At one time Mozilla used to be the leader, but ever since they allowed the market to dictate their decisions, they started restricting what users can do with Firefox including killing full themes and XUL extensions which were two of the reasons they were at top in the browser wars. They decided to abandon open source to become semi-open source and implement both HTML 5 DRM and DRMing the browser’s looks so that nobody can heavily theme the browser anymore. They also started being Chrome Jr. too.

    All we’re waiting now is for Mozilla to announce they’re switching to the Chromium engine. Then bam all the work they did to unseat Microsoft with IE 6 will be down the drain with Google and Chrome taking over for Microsoft and IE.

    Perhaps if Mozilla goes bankrupt, we can have somebody buy the IP and revive Phoenix from the ashes to do what Mozilla fails at today?

  57. Vrai said on May 6, 2019 at 4:11 am
    Reply

    >>> Mozilla should be very transparent about the issue and explain why it happened, and how the organization plans to avoid similar issues in the future. In particular, users would probably like to know how such a critical issue could happen in first place.

    Nah – I just switched to a competing Chromium based browser ( after years and years of being a Firefox user ).
    Piece-o-cake! :)

  58. jorlin said on May 6, 2019 at 10:49 am
    Reply

    If like me, you do not allow any “studies” to be performed on your system.
    You can make it easier on yourself by these simple steps.

    Just disable the XPI signing checks (but do *not* install any new extensions!) and wait until the cert. is renewed and is built in into an update for Firefox on your Operating System (flavour)
    Steps:
    1. Enter: “about:config” (minus the quotes) in your address bar and accept the risks.
    2. Search for : xpinstall.signatures.required
    3. Click toggle and restart firefox. This will disable the check for the xpi certificates
    4. Be mindful that this will disable an in itself useful security feature and may leave you open to attacks if you install new extensions.
    5. Wait until Mozilla releases the needed update in a package format that is compatible with your Operating System (flavour)
    6. repeat steps 1-3 (step 3 now reactivates the check for xpi certificates)
    .
    .
    .
    n. Hope that Mozilla will finally have a system in place that notify them of certificate expiry dates well in advance of their actual expiry dates. Some certificates cannot be automatically renewed. I don’t know exactly what part of the certificate chain got broken, so I cannot make any statements on this.

  59. Clairvaux said on May 6, 2019 at 1:31 pm
    Reply

    “In the face of the divisiveness caused by the recent add-on issue, I just want to say thanks to this sub and it’s moderators for keeping everyone updated on what was happening.”

    https://www.reddit.com/r/firefox/comments/bl9sax/in_the_face_of_the_divisiveness_caused_by_the/

    On Firefox reddit. That’s too funny. Saying things that make Mozilla look bad is “divisiveness”. You’re undermining the unity of the glorious Soviet people, comrade. Would you like a little visit by your friendly KGB local resource person ?

    Thank you, comrade Stalin, and you, the wise leaders of the Communist Party of the USSR, for leading us on the path of eternal progress.

  60. Kubrick said on May 6, 2019 at 3:28 pm
    Reply

    I am astounded by the abundance of loyal users here lol,one hiccup and the rats are jumping ship so maybe this mass exodus of loyal firefox users will not be such a loss after all and considering their usage share was low to begin with maybe this is not such a issue after all and usage statistics are just that,”statistics with no real meaning.I am curious as to what browsers people are jumping too and will those developers not make mistakes also.?..google for example ,do they not make errors etc and did chrome users suddenly decide to be artificial lemmings and dive elsewhere?.When does this boycotting end?.It is rather childish in my opinion but there you go.

    1. Clairvaux said on May 6, 2019 at 3:35 pm
      Reply

      “I am astounded by the abundance of loyal users here lol, one hiccup and the rats are jumping ship so maybe this mass exodus of loyal firefox users will not be such a loss after all, etc.”

      Thank you, comrade Kubrick, for illustrating my point so perfectly.

      So there are good users and bad users, we only need good users really (never complain, say everything is fine and dandy, defer to authority), “loyalty” is what counts (not the bloody browser doing what it’s supposed to do), and anyone not liking us anymore is a “rat”. And anyway we never wanted them in the first place.

  61. Ed Petrella said on May 6, 2019 at 3:53 pm
    Reply

    I started reading ghacks a year ago. Today I rely on ghacks for information about everything computer related. When Firefox broke I went immediately to ghacks.

    Thank you Martin Brinkmann

  62. Kubrick said on May 6, 2019 at 7:04 pm
    Reply

    @clairvaux.
    Just to point out to you fellow traveller that the soviet era has ended as an administration,perhaps not in a psychological state but it has ended and glasnost is your friend.
    I am certainly not a comrade and do not wiah to be addressed as such as beautiful as russia is.
    I sense sarcasm in your reply and the conversation will rapidly revolve into personal criticisms.
    But i will re-iterate my initial post that firefox users do not seem to be a loyal community and i stand by this.

    Many Thanks.

    1. Clairvaux said on May 6, 2019 at 9:13 pm
      Reply

      @ Kubrick

      “But i will re-iterate my initial post that firefox users do not seem to be a loyal community and i stand by this.”

      And that’s Firefox’s fault, and Mozilla’s fault. They broke the product, whereas you make Firefox users bear the blame for that.

      Firefox users used to be loyal. Indeed, many of them, who had been fanatical about the program for years (decades ?), finally left in disgust.

      That should have you concerned, and you should blame Mozilla for that, instead of turning things upside down, and blaming Firefox users for the incompetence, laziness and arrogance of Firefox developers and Mozilla employees.

      That’s the way it works in a sane economy, a market-driven economy, when customers pay for products, and the company goes broke when they stop paying.

      Whereas in your virtual communist economy of Mozilla so-called open-source, forced-from-the-top irresponsible behaviour, Firefox do-gooders insist in their right to ship a rotten product, and blame the users for their failings.

  63. George said on May 7, 2019 at 12:25 pm
    Reply

    It’s like watching Netscape, Netware et al slowly shoot themselves in the foot although in this case it’s not in slow mo but real time.

  64. CJ said on May 8, 2019 at 2:24 am
    Reply

    @Martin Brinkmann Your assessment is spot on. A preinstalled add-on shouldn’t stop working simply because it can’t connect to a server to check a certificate. If it was in compliance when it was installed that should be good enough. Trying to install a new add-on or update a preinstalled add-on is another ball game entirely. But giving the end user the option to install it without verification, after the appropriate warning, should be an option.

  65. Vince0105 said on May 8, 2019 at 11:44 am
    Reply

    Dear Mr Brinkmann,

    I’ve put your site in my Firefox bookmark a few years ago but this is my very first comment.
    From my little experience, calling this cert add-on disable a disaster is obviously an exaggeration.
    This narcissist tendency is a plague of the internet.

    Earthquake in Honduras or cathedral on fire in Paris can be called disasters.
    Surfing the web with Firefox 66.0.3 for a few days without any extensions was nothing more than a little annoyance for me.
    Now, I’ve just updated Firefox to v 66.0.4 from Ubuntu’s official depot. I’ve installed again Privacy Badger, my favorite extension, and life goes on.
    Awesome, isn’t it !

    My humble advice: keep your enthusiasm about technology and try to stay grounded.

    1. clazy8 said on May 8, 2019 at 6:02 pm
      Reply

      Vince0105, I appreciate your effort to put the issue into perspective, but if you take a few more steps back, you may find that your comment (and my reply, to be sure) are much better examples of the narcissistic tendency that plagues the internet. “Disaster” is only mildly colorful language that is perfectly appropriate within its context.

  66. trlkly said on May 16, 2019 at 7:20 am
    Reply

    I’m seeing a lot of arguments that seem to not understand why signing exists. It is a feature to protect users from malicious addons. If you can turn it of, then becomes useless.

    The same goes for bypassing a certificate. If you can do that, the system becomes useless.

    For those who are upset at the need to have addons signed, Mozilla has been very transparent about how to deal with that. Download the Dev version (same as Beta) and disable signature checks there.

    Yes, this was a big mistake. But what Mozilla needs to do is test this stuff well ahead of time, and to keep track of exactly when every single certificate they have used will expire. They should not do anything that would compromise the addon signing.

    Do note that Chrome signs addons, too. And that even Chromium actually encrypts your user profile in such a way that you cannot transfer it to another computer. Everyone is trying to create implement walled garden protection.

    Mozilla is not acting out of malice. They are protecting their users. If you want to opt out, you should know enough about browsers to find out how to do so.

  67. An A-Team said on May 17, 2019 at 1:55 pm
    Reply

    >Mozilla is not acting out of malice. They are protecting their users.

    I’m not sure I agree with that. Users aren’t babies, and when you have spectacles such as Mozilla firing an executive because he isn’t a fan of gay marriage, it makes me wonder what’s next. Perhaps Mozilla will bump extensions because they aren’t in line with whatever agenda they may have, and every single user will feel the burn.

  68. Alexie said on July 2, 2019 at 8:26 am
    Reply

    I was a Firefox fan. Firefox is one of the best browsers of all time, that we can configure and optimise our privacy and security. But…Firefox is using a lot of system resources like CPU and Memory. Then I switched on to older Firefox alternatives like SeaMonkey and K-Melon (Chameleon). SeaMonkey and K-Melon works like charm. SeaMonkey provides a minuscule footprint on system resources; RAM and CPU. Also we can incorporate basic add-ons like uBlock Origin, NoScript and Https Everywhere. K-Melon is a good backup browser. Now I Uninstalled Firefox.

  69. Alexie said on July 2, 2019 at 8:39 am
    Reply

    These browsers are used along with an incredible- Firemin app…!!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.