Mozilla adds two Firefox add-on badges (verified and by Firefox) - gHacks Tech News

ADVERTISEMENT

Mozilla adds two Firefox add-on badges (verified and by Firefox)

Mozilla showcased two new Firefox add-on badges that users of the web browser will soon see on the organization's official add-ons store -- called Mozilla AMO -- and in the Firefox web browser's add-ons manager.

These two badges extend the available badges; currently, add-ons of the recommended extensions program sport a "recommended" badge to indicate to users that the add-ons are part of the program. These extensions are "editorially curated" and meet the "highest standards of security, functionality, and user experience" according to Mozilla.

Extensions that are not in the program show a warning message, currently "this add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.". The message is displayed even for add-ons created by Mozilla.

To address this and reduce user confusion, Mozilla decided to create a "by Firefox" badge to indicate extensions created by members of the organization in a special way.

by firefox addons

If you visit Mozilla's add-ons repository right now, you may notice the new "by Firefox" badge already. Only some of Mozilla's add-ons feature it right now, and  it is unclear why that is the case. Maybe it is taking time to add the badges to all Mozilla-created add-ons on the site.

At the time of writing, only four add-ons had the badge out of ten add-ons listed under the Mozilla developer account. Themes don't show the new badge.

by firefox mozilla

The second badge that Mozilla added to Mozilla AMO is "Verified". The badge highlights add-ons that are part of Mozilla's -- currently experimental -- add-ons promotion package. Unveiled in early September 2020 and called Promoted Add-ons, it is a paid program that developers and companies may join to get their extensions reviewed by Mozilla and promoted by Mozilla.

The Verified badge highlights add-ons that are part of that program, and the system works identical to the "by Firefox" badge.

firefox addons verified

The sorting options on Mozilla AMO feature a new "badging" menu to list "by Firefox" and "Verified" extensions exclusively.

Here are the two sorting URLs to open the "by Firefox" and "Verified" listings of add-ons right away:

  • By Firefox: https://addons.mozilla.org/en-US/firefox/search/?promoted=line&sort=random&type=extension
  • Verified: https://addons.mozilla.org/en-US/firefox/search/?promoted=sponsored%2Cverified&sort=random&type=extension

Verified extensions have been reviewed by Mozilla just like recommended extensions. The built-in Firefox add-ons manager does not show these badges yet, at least not in Firefox Stable. Only the recommended badge is shown there right now. Mozilla mentioned that the badges will show on about:addons as well.

Closing Words

The "by Firefox" badge is a good addition as it makes it clearer if an extension is created by Mozilla or not. The "Verified" badge is controversial as it is tight to a regular payment. A system that would make some review spots available to individual add-on developers would reduce the tension the system may create.

Summary
Mozilla adds two Firefox add-on badges (verified and by Firefox)
Article Name
Mozilla adds two Firefox add-on badges (verified and by Firefox)
Description
Mozilla showcased two new Firefox add-on badges that users of the web browser will soon see on the organization's official add-ons store -- called Mozilla AMO -- and in the Firefox web browser's add-ons manager.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Iron Heart said on October 6, 2020 at 8:24 am

    Dear gHacks community, do you see that „RegretsReporter“ by Firefox(TM) extension in the screenshot? Yep, report your YouTube recommendations containing wrongthink to us, so that we can help sugar daddy Google filter them out even more efficiently than before (as if it’s Mozilla’s business to begin with, they do not own YouTube after all). Differing opinions are not to be tolerated,

    Next to this being a blatant pro-censorship move on Mozilla‘s part, them wanting to gain access to information like your YouTube activity is also an anti-privacy move of course.

    Mozilla fans in this comment section, why do you defend this company?

    PS: Shouldn‘t it be „by Mozilla“ instead of „by Firefox“, the latter is just a product the former is the parent company after all…

    1. DropZz said on October 6, 2020 at 10:38 am

      Its disgusting and a waste of money. But i will still continue to use Firefox because:

      1. It has superior FPP, Configuration options and addons.

      2. The alternative (Chromium) is Helping “daddy Google” to build a complete monopoly and control over future changes on the web. Because Webdevs will only care about Chromium = the most used Chromium Browser = Chrome.

      1. Iron Heart said on October 6, 2020 at 10:17 pm

        @DropZz

        As for (1):

        Brave has FPP too, for example, and it is constantly being extended and works like a charm. One video has demonstrated that FPP can be circumvented anyway in all browsers by storing a related cookie, though this is easily mitigated with the likes of Cookie AutoDelete.

        https://brave.com/whats-brave-done-for-my-privacy-lately-episode-4-fingerprinting-defenses-2-0/

        Firefox‘s and Chromium‘s extensions are largely the same ever since 2017, when Mozilla adopted WebExtensions in Firefox as well.

        Configurability is still a plus for Firefox, though I must say that all the options I need exist in Brave‘s ordinary settings already, plus they‘ve implemented many pro-user changes behind the scenes already:

        https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)

        Configurability in Firefox also seems to be on its way out, judging by Mozilla‘s decision to kill off about:config entirely on Android. This seems to hint at it also being removed on the desktop in the future, at least on stable Firefox versions anyway. userChrome.css is also something they mean to gut.

        As for (2):

        I‘ve debated this ad nauseam here already, suffice to say that I do not believe in Firefox being an opposition to virtually anything. They have to say this of course, so that the diehards continue to use their browser, but the harsh reality simply is: If Google really wanted to push a certain technology, they would just start using it on popular websites they own, like Google Search, GMail, Maps, YouTube etc. Other browsers, whether they are based on Chromium or not (makes no difference, Chromium-based browsers aside from Google Chrome are free to enable or disable support for certain web standards same as Firefox), would be forced to adopt this too, unless they want to deliberately exclude themselves from some of the most popular websites ever (basically suicide). That‘s not even taking into account that Mozilla is totally dependent on Google from a financial point of view, so it is no surprise that they have no real history of opposing Google.

    2. m3city said on October 6, 2020 at 11:12 am

      I read the extension’s description. It says loud and cleary why, whatfor, how data will be used. It’s up to user to install extension. I personally understand motives and don’t see anything wrong with it. If one is afraid of his privacy, one does not install it. If for example you don’t support the motives behind it (as stated in extension description) you don’t install it. And it’s not anti-privacy if you know what you do. Everyone set’s privacy bar on his own standards, just next to generally agreed standards, which in turn we aware of thanks to IMHO Mozilla advocacy.

      1. ShintoPlasm said on October 6, 2020 at 3:27 pm

        @m3city

        I don’t think Iron Heart is complaining primarily about privacy here, but about the censorship aspect. It does look odd that Mozilla is spending time and resources on a tool that would aid in censoring content (i.e. opinions, not merely illegal and harmful stuff).

      2. m3city said on October 6, 2020 at 4:10 pm

        @ShintoPlasm
        I believe I got that. And I can partially agree on the second thing you say – seems like much effort spent on advocacy. But I’m convinced that it’s the right thing to do… not censorship but fighting the bubble google puts us.

      3. Iron Heart said on October 6, 2020 at 10:32 pm

        @m3city

        While I agree that by virtue of this being an extension, technically the user would be at fault for allowing the things it does (data collection, promoting censorship), this is not really my point. My point is that something like this shouldn‘t be created, let alone promoted, by an organization that claims to fight for „keeping the Internet accessible for everybody“ and for the „protection of user privacy“. Something like this extension shouldn‘t exist unless they are utter hypocrites.

        Now, I don‘t see any good aspect in this. Freedom of speech is the very foundation of democracy, because only when the citizens are allowed to express themselves freely can real debate and informed decision (such as the ones at elections) take place. The absolute minimum required from you in a democracy would be you tolerating differing opinions peacefully. You are allowed to disagree (even vehemently), to gnash your teeth or to actively argue against political opponents, but when you start to support hiding differing opinions for the sake of them being different from yours, or even start to violently suppress them at worst, you cease being a democracy, because that would then be authoritarianism by definition. You must choose – it‘s either freedom of speech, or suppression thereof, the latter automatically puts you outside the scope of democracy. You can‘t have it both ways.

        And as @ShintoPlasm has already pointed out, we are not talking about illegal content here. That‘s not what this is about, this is literally about suppressing differing opinions, and as a classical liberal in favor of democracy, I must oppose any such notion of course.

      4. DropZz said on October 7, 2020 at 8:55 am

        @Iron Heart

        (1)

        Braves FPP is not and never will be as good as FF because they have completely opposing approach. One of them is already used for more than a decade with millions of user (TBB+FF) in high risk environment (Tor) and is logically sound (same vs random fingerprint). The other is used as a Marketing buzzword.

        Firefox Addon Store is vastly superior alone by having reviewed/trusted Addons.

        Neither you or i really know if they will kill about:config. Same as you don’t know when brave will add another URL tracking “feature” for crypto sites ;)

        (2)

        “I‘ve debated this ad nauseam here already, suffice to say that I do not believe in Firefox being an opposition to virtually anything. They have to say this of course, so that the diehards continue to use their browser”

        ironic

        “, but the harsh reality simply is: If Google really wanted to push a certain technology, they would just start using it on popular websites they own, like Google Search, GMail, Maps, YouTube etc. Other browsers, whether they are based on Chromium or not (makes no difference, Chromium-based browsers aside from Google Chrome are free to enable or disable support for certain web standards same as Firefox), would be forced to adopt this too, unless they want to deliberately exclude themselves from some of the most popular websites ever (basically suicide).”

        So just give them even more power….yeah giving up sure will show them lol.
        There is a huge difference between Google changing stuff on there own Websites (that everyone else has to adapt to) and Google making changes to Chrome that effects every website / the whole web without any kind of relevant or measurable push back though another browser.

        Example:
        1: All Chrome and some Chromium Forks > Webdevs see only 100% Chromium usage and will assume that everyone uses Chrome because its the most used = Google has full controll

        2: Mostly Chrome and some Chromium Forks + Firefox > Webdevs will adapt and Support both.

        “That‘s not even taking into account that Mozilla is totally dependent on Google from a financial point of view, so it is no surprise that they have no real history of opposing Google.”
        True but not much worse than being depended on Crypto Tracking and a imo shady Ad system.

      5. Iron Heart said on October 7, 2020 at 9:31 am

        @DropZz

        Firefox‘s FPP can be beaten, friend. One random example? The extension ID leak, Firefox assigns a random ID to every single extension which you have installed, and when this leaks (has happened on multiple occasions), you can be uniquely identified easily. Chromium also assigns an extension ID, but it‘s static for all users. This in turn makes it easier to find out which extensions you have installed exactly, but it leaking would be way less of a problem than a leak of Firefox‘s random unique IDs in terms of unique identification.

        The people at Tor are not gods, dude. They also missed the fact that Firefox‘s internal about:addon page was running a Google Analytics(!) script for ages. They have no defense against CSS exfiltration etc. etc. Why do I mention this? To ground you in reality a bit more and to stop your evident overestimation of Tor.

        Brave attempts to make your fingerprint completely random, and since fingerprinting very much depends on your fingerprint being stable / reproducible, I don‘t know why you flat out say that this is not workable, dude. There are studies which show you that it works, here is one for a start:

        https://hal.inria.fr/hal-01527580/document

        Your belief that it only amounts to marketing is just that: Belief. There is evidence that it works.

        Mozilla‘s code reviews are pretty pointless since they only cover a minuscule amount of extensions. Plus: Ever since Mozilla switched to WebExtensions in 2017, the code of Firefox extensions and their Chromium variants are the same.

        about:config is already dead on Android. You can rule out that Mozilla will do the same on desktop, it‘s just not really believable. userChrome.css is also on its way out.

        Your artificial differentiation between Google leveraging their own websites and them leveraging Chromium is pointless. If they start to use a certain web technology on their own websites, Firefox will adopt this, other web devs see that Firefox has adopted this, and will start to use it as well where applicable. End of story.

        I didn‘t say anything about giving up, I merely say that using a browser that owes its entire existence to Google money can‘t be part of the solution. Opposition always implies independence for a start.

        Your fake news regarding Brave Rewards are yesterday‘s message and have already been covered by me here:

        https://www.ghacks.net/2020/07/15/google-chrome-84-is-out-with-security-patches/

        Suffice to say that they didn‘t „hijack“ links, neither are Brave Ads tracking in the classical sense (processing PII on a remote server), Brave Ads are being served fully locally, based on a local algorithm, which is privacy-respecting. May I add that it is highly hypocritical of you to criticize Brave Rewards, when Firefox‘s Pocket Stories are based on the very same principle (local algorithm analyzing your browsing, serving you suggestions as a result)? Except in Firefox’s case it’s enabled by default without asking you… You were blissfully ignorant regarding that, am I right? Also, „hijacking“, the only instance where anything was „hijacked“ was when Mozilla literally hijacked Firefox downloads in Germany with the Cliqz spyware. That‘s some real „hijacking“ for you.

      6. Pants said on October 7, 2020 at 11:05 pm

        tl;dr: what a load of FUD

        > “Firefox‘s FPP can be beaten” quote: Iron Heart

        Over-hyping Brave and trashing Firefox/Tor Browser again. OK, lets play then.

        Put up or shut up. Don’t say to just google it like last time – that’s just a rabbit of hole of mistruths and outdated information. Provide actual current PROOF. Don’t go talking about the network or protocol. If you link to info on client side JS fingerprinting, then stay on topic.

        This is attacking RFP/TB’s overriding methodology (of lowering entropy) in order to hype Brave’s main methodology (randomizing) as superior (fyi: Brave also uses lowering entropy). Nothing could be further from the truth.

        Stop commenting as authoritative on things you do NOT understand. You don’t even know how FPing and entropy work (as evidenced by your previous claims that a site can correctly, 100% guaranteed, correlate or linkify traffic on their site to a single user just because, **unknown** to them, there was only ever one person with that FP who repeatedly visits them)

        First of all, anti-FPing is a never ending game, and no one has ever claiming it is perfect: it never can be – but it can get close, and it can get close enough to be effective. The goal is to make it as useless as possible, and as hard as possible: by focusing on each specific metric (such as fonts, or screen measurements, etc) in isolation. You cannot hide your browser engine, model (brave, chrome, firefox, etc), version, or OS (among others) – and in Tor Browser’s case, that you’re using Tor (or even a de-Tor-ified TB as compared to a gecko engine). So you try to make the entropy within that set (e.g. Firefox RFP users on windows, TB users on Macs, Brave users per OS) useless.

        There are MANY ways to do this: heuristics, blocking known scripts, lowering the attack surface, lowering entropy, lowering entropy based on criteria (i.e in buckets such as mac vs windows etc), randomizing per criteria (different per bucket to reduce breakage/information paradoxes: i.e. leveraging equivalency), raising entropy (by randomizing) – and raising entropy has characteristics: such as per origin, per execution, random seeding and is more “risky” – and each application of randomizing can have characteristics (depending on what is being masked) – but long as it works, then it works. They’re ALL valid methods.

        Randomizing vs lowering also carries pros and cons (per metric). Randomizing can lead to breakage and unintended consequences, and easily spotted information paradoxes. So HOW you randomize matters. Lowering entropy is a proven, simpler, more robust method in general.

        But you seem to conflate methodology with effectiveness. There’s nothing wrong with randomizing, and there is NOTHING WRONG with lowering.

        It’s only fair we actually look at Brave, right? Since you claim it’s superior.

        Brave
        – FACT: Brave isn’t even the first to implement randomizing or the concept of a poison pill, and they certainly didn’t invent it: Firefox’s RFP has been doing it since FF57. In FF78 they starting randomizing canvas .. before Brave (it’s not a race, and a poison pill is OK: just pointing out that their marketing is full of BS)
        – FACT: Brave’s randomizing fingerprinting defenses are ultimately NO BETTER than lowering entropy. It is trivial to detect and bypass the poison pill (same for RFP canvas which fully randomizes and is not trying to hide). Sure, naive scripts will swallow it: that’s the concept of a poison pill. But to make everything a poison pill brings risk, added complexity and overhead, and HOW it’s done also matters: subtlety randomizing like Brave means they have to implement per-origin, per-execution in order to protect the seed. This also means it’s session based, which does nothing for repeat visits within a session (unlike RFP). RFP suffers none of these problems. All worthy FPing scripts will include canvas – you only really need the one poison pill for naive scripts. However, it it works, then that’s OK… but see the next point.
        – FACT: All of Brave’s randomizing can be detected as randomized: thus you can return a static FP
        – FACT: Most of Brave’s randomizing can be detected by first party JS only (no need to cross check origins) using mathematical proofs that cannot be beaten
        – FACT: Brave’s canvas fingerprinting defenses can be (mostly) BYPASSED (so far it seems entropy is not diminished): I’m not going to openly discuss this here
        – FACT: Brave implementation, so far, is severely lacking: it does nothing for high precision timing attacks (this is a massive hole, for those reading. I don’t expect Iron Heart to understand it’s significance in FPing), it does nothing for fonts, it does NOTHING in SO MANY AREAS that TB/RFP does cover. That’s not a criticism of the Brave FP team, that’s me pointing out the hypocrisy and ignorance
        – FACT: Brave hasn’t been tested to anywhere near the degree of TB/RFP (in fact, it already has lots of holes, even where they have tried to do something). And please, don’t go crying about it’s new and they haven’t had the years TB and Mozilla have had – you’re the one who wants to make comparisons and make claims about TB
        – FACT: Brave’s anti-FPing is inferior to RFP/TB

        TB
        – FACT: 95% of the TB’s FPing protection comes from RFP
        – FACT: RFP (excluding that 5%, or with about 5 extra pref flips) and TB (with the extra 5%) have repeatedly been shown to be effective in beating FPing: over many years, with many independent researchers, in many large scale tests
        – FACT: TB/RFP has been thoroughly and constantly vetted and tested and probed by experts

        both
        – FACT: yes there will always be areas that can be tightened up, or bugs: it’s a never ending game as new APIs are implemented, etc and as scripts evolve. And there will always be some things that can’t be solved without radical rethinking

        Extensions: For the record Tor Project has always said not to install extra extensions other than those they bundle. This practically outside the scope of FPing – you cannot control what users do or what extensions they install. There is a difference between leaking a unique internal one (firefox) vs a universal one (chromium) – they both have issues and they’re both awful.

        It’s something that needs fixing upstream (by both Mozilla and Chrome/ium), it’s not a TB or RFP or Brave problem to fix. While it could be used to fingerprint, it’s a really just a PoC. That said, the ONLY examples of it in the wild that I have seen, target Chromium: because a known list of IDs is easier to implement and payoff much more likely, than specific extension targeting on FF for UUIDs.

        CSS exfiltration: this has nothing to do with fingerprinting and is a spec issue which affects all browsers. Please try to stay relevant.

        > about:config is already dead on Android
        > userChrome.css is also on its way out

        Totally untrue. I’m using it right now on Fenix Nightly. Do you really **actually** understand the reasons why it was removed in release on Android? And it will never be removed from desktop for reasons that are probably too long to list: and you’d also have to understand why it’s there, how it’s used, who uses it, and why this differs from Android and the reason why it was removed in release on Android.

        Removal of userChrome.css is pure speculation, and while it’s been mooted at times by a few devs over a very long time, it’s just not going to happen IMO: as evidenced by years of super infrequent aforementioned devs comments. In fact the reasons they would want to remove it have been mitigated somewhat by adding a pref to enable it. So it’s even LESS LIKELY … because, logic!

        This is how you Iron Heart (IH) comes across to those who know the facts

        In almost everything ever mentioned by IH about Firefox or Mozilla on ghacks; the comments are:
        – cherry picked and out-of-context, irrelevant, outdated, hypocritically brought up, uselessly compared, pure speculation (like screaming for 6 months about being unable to disable 3 telemetry trackers in Fenix, while it was **in development**), flat out incorrect (e.g. claims about Firefox’s DNS pre-fetching defaults: which changed over a year ago), or blatant lies (learn to read the docs)
        – almost always accompanied with shilling for Brave
        – and when confronted with facts (or opposing viewpoints), the messenger is attacked and the comments go off-topic… and all the usual doubling down, etc
        – this leads to no-one wanting to engage

        I have seen the same (slightly toned down) comments and arguments on reddit (by IH: the style, copy-pasting, content, and actual words reveal who it is), which when actually challenged, are quickly downvoted and eventually self-deleted… because facts and logic matter. The fact is that on ghacks, there is no rating system, and commentators don’t engage due to “retaliation”, and the BS spreads and intensifies

        I’ve only ever bother to call out IH’s FUD a few times, and have refrained as per Martin’s wishes. Not today.

        IH is not knowledgeable about Firefox (or fingerprinting), and readers deserve to know the level of ignorance here

        Those who actually know, like experts, know that Firefox is a vastly superior product when it comes to privacy and anonymity ability (no one cares about a few default differences). IH has even admitted that FF is superior in this regard, right here on ghacks. That superiority is all driven by Mozilla: extra extension APIs, lots of prefs (as a side consequence: but they work at keeping them and adding them: e.g for TB and FF users get to use them as well), by creating FPI (first party isolation: which is the only comprehensive solution to cross site tracking via persistent local web storage mechanisms), by adding Origin Attributes such as containers, by adding dFPI (dynamic FPI), by unmasking CNAME cloaking (internally and for extensions), and so on. If IH is so smart, then why isn’t IH using Firefox? I already know the answer: bias and/or ignorance

        Brave is a gimmick, with shady operators, just like Chrome

      7. Iron Heart said on October 8, 2020 at 8:07 am

        @Pants

        > This is attacking RFP/TB’s overriding methodology (of lowering entropy) in order to hype Brave’s main methodology (randomizing) as superior (fyi: Brave also uses lowering entropy).

        As I told you last time already, lowering entropy is not a clever approach, because it relies on the user not changing anything. The user making random changes (like installing extensions), already makes the concept fail. But hey, you left it out.

        > Stop commenting as authoritative on things you do NOT understand.

        I understand them, you just don‘t like that I do not believe in Firefox‘s approach for the above reason. But hey, implying that your opponent understands nothing is an old favorite of yours, color me surprised.

        > You don’t even know how FPing and entropy work (as evidenced by your previous claims that a site can correctly, 100% guaranteed, correlate or linkify traffic on their site to a single user just because, **unknown** to them, there was only ever one person with that FP who repeatedly visits them)

        It‘s still possible. A first party can record your fingerprint and re-identify you when you re-visit just fine, when you are the only one with this fingerprint. You claiming that it is not possible is laughable.

        > blocking known scripts

        …already gets rid of most fingerprinting, but hey, let‘s play your little game for the few scripts that are yet unknown and not covered by it, shall we?

        > Randomizing can lead to breakage and unintended consequences, and easily spotted information paradoxes.

        Lowering entropy can also break things, it also gives false vlaues in cases where websites would rely on true values in order to work correctly. In their case, the false values are just static. Providing no value can also break sites. You can‘t escape the problem by lowering entropy, and you know it.

        > Lowering entropy is a proven, simpler, more robust method in general.

        > there is NOTHING WRONG with lowering.

        Only if you don‘t change anything, lol. This method is so bad because it does precisely rely on the user not touching ANYTHING. Which is why it is hardly workable in real life, this is already a problem with extensions, but several other settings in the browser also can‘t be changed or otherwise your fingerprint becomes more and more unique.

        > Brave isn’t even the first to implement randomizing or the concept of a poison pill,

        > it’s not a race, and a poison pill is OK: just pointing out that their marketing is full of BS

        They never claimed to have invented it, in fact, they referred to prior studies in the article where they described their approach. The fact that they referred to prior studies on the subject means that they CAN‘T have invented it, logically. You just say that they claim this, with no evidence presented, in order to make them look worse than they are. You don‘t like the project, as it threatens Firefox, and that‘s OK, but that doesn‘t give you the right to lie and / or to pur words in peoples‘ mouths.

        > Brave’s randomizing fingerprinting defenses are ultimately NO BETTER than lowering entropy.

        Except they are, by virtue of being workable in the real world. Lowering entropy relies on the user not changing anything, not gonna happen outside of special purpose Tor setups. I‘d bet even most Tor users are unique because the users have touched the settings or installed extensions, goes to show how effective it is in real life.

        > All of Brave’s randomizing can be detected as randomized: thus you can return a static FP

        Sorry, but you can‘t detect a randomized fingerprint. If, let‘s say, a website only has one visitor using Brave, then this user (granted, across sessions) always produces a new fingerprint each time when revisiting the website. Now, you can put all those fingerprints in one bucket called „random“, but you can‘t really be certain that it‘s the same one without relying on the network level. With a static fingerprint, if the user is alone, I can be certain that it is the same one. Firefox‘s and Tor‘s approach rely on a crowd protecting you, the randomization doesn‘t. Yeah, put all random fingerprints in one bucket, but there would be no certainty.

        > Brave’s canvas fingerprinting defenses can be (mostly) BYPASSED (so far it seems entropy is not diminished): I’m not going to openly discuss this here

        Yep, because it‘s explicitly stated that the implementation is still incomplete. There really is no point in discussing something that‘s incomplete. Woah, an alpha version can be bypassed, the world is coming to an end…

        > Brave implementation, so far, is severely lacking: it does nothing for high precision timing attacks (this is a massive hole, for those reading. I don’t expect Iron Heart to understand it’s significance in FPing)

        It‘s lacking because it is not yet complete, they state as much on all websites where they discuss it. It‘s a work in progress. Fingerprinting protection in Brave is still relatively new, it is normal and expected that it is not yet complete. While Tor and Firefox had years and years of development in the area (resulting in the „don‘t touch my settings“ approach). You are unfairly comparing the two, one of them had a massive time overhead. I know that you don‘t like when I state this, because it reveals the lack of fairness with which you approach the topic. If time is not a factor, why did it take you so long to create the ghacks-user.js. pardon, „arkengem“ I meant? Also, nice ad hominem right there, implying that I don‘t understand things before I even had the chance to reply. If you hope that manipulative techniques like this will give you an edge, I am afraid you are mistaken.

        > Brave hasn’t been tested to anywhere near the degree of TB/RFP (in fact, it already has lots of holes, even where they have tried to do something).

        Yeah, because it‘s new and didn‘t have the 1 1/2 decades time overhead which TBB had. And that it has holes can be attributed to… I don‘t know… it being still in its INFANCY and it being INCOMPLETE (as they openly state)?

        > And please, don’t go crying about it’s new and they haven’t had the years TB and Mozilla have had – you’re the one who wants to make comparisons and make claims about TB

        See, you even state it yourself, you just refuse to acknowledge it because that would lower your bashing potential of Brave. Dear Pants, I always said that it is not yet complete as it‘s still relatively new, but this always fell on deaf ears because if you were to acknowledge this, you‘d be deprived of an important mosaic in your Brave bashing campaign here.

        > Brave’s anti-FPing is inferior to RFP/TB

        Can‘t really be inferior to a technique that is already besten by the user installing one additional extension or changing one setting.

        > RFP (excluding that 5%, or with about 5 extra pref flips) and TB (with the extra 5%) have repeatedly been shown to be effective in beating FPing: over many years, with many independent researchers, in many large scale tests

        > TB/RFP has been thoroughly and constantly vetted and tested and probed by experts

        Yeah, under laboratory conditions, when no setting was changed and no extension installed, which is not what usually happens out there – those studies amount to proofs of concept. You fail to mention this, of course, as it would go against the narrative you try to build up here. But hey, nice strawman anyway, appealing to authorities usually works… Except here, one only needs to take a look at the methodology of the tests.

        > For the record Tor Project has always said not to install extra extensions other than those they bundle.

        Hmm, I wonder why… Might there be a weakness to their approach? Just don‘t touch it, don‘t change anything… Surely something that works in the real world outside of proof of concept studies. I could even see that being a thing for Tor, where users literally don‘t change anything because it would be high risk, but I don‘t see it for Firefox. Do you think users don‘t change anything after they have applied your hardly workable user.js? Firefox is a general purpose browser, Tor is a special purpose browser and separate from it for a reason. What you and Mozilla suggests as an approach fails in real life (Tor proof of concept studies excluded).

        > There is a difference between leaking a unique internal one (firefox) vs a universal one (chromium) – they both have issues and they’re both awful.

        Chromium‘s method is only awful when e.g. a website tries to find out whether or not you have an adblocker installed. It only has to check for uBlock Origin or AdBlock Plus extension IDs. While this is bad, it is not as bad as Firefox‘s method in regards to fingerprinting: When I find out the extension IDs of your Firfox extensions, which is trivial to do, I can uniquely identify you.

        Chromium user with uBlock Origin installed: static IP, true for millions of users out there. I know that the person has uBlock Origin installed, but I can‘t uniquely identify him or her based on that.

        Firefox user with uBlock Origin installed: Since I know that FF extensions have a unique ID per user assigned to them, a unique ID that never changes, I can use this information to identify the user wherever he / she goes. I don‘t know which exact extension it is, but I do not need this to uniquely identify someone, the ID string alone is enough.*

        * I can still find out which extension it is by probing for certain behavioral patterns.

        Fantastic approach on Firefox‘s part, haha. That is why Tor and Firefox are so afraid of someone installing extensions, it ruins everything. By the way, why do you suggest installing extensions on GitHub, wouldn‘t that totally ruin all your fingerprinting efforts? No further comment…

        > Totally untrue. I’m using it right now on Fenix Nightly.

        Totally true. Fenix Nightly is an alpha build, it‘s completely gone from Fenix stable. and you know that. Nice strawman deception tactics, as always.

        > Do you really **actually** understand the reasons why it was removed in release on Android?

        Yeah, because some random settings didn‘t apply to Android and thus had no effect upon changing them. Surely enough that justifies outright removing about:config instead of just hiding those settings. Also, if about:config was broken and thus unneeded, why do you yourself keep meddling with it un an alpha testing build?

        > And it will never be removed from desktop for reasons

        I‘ll make sure to cite this the moment it gets removed from Firefox stable (desktop). Already bookmarked it just in case.

        Mozilla doesn‘t want users (babies) to break stuff, they want to be in charge of user’s setups it will get removed.

        > Removal of userChrome.css is pure speculation

        Is that why support for it is marked as „legacy“ in the code? Because „speculation“? „Legacy“ means „on its way out“ in Mozilla terms.

        > cherry picked and out-of-context, irrelevant, outdated, hypocritically brought up, uselessly compared, pure speculation (like screaming for 6 months about being unable to disable 3 telemetry trackers in Fenix, while it was **in development**), flat out incorrect (e.g. claims about Firefox’s DNS pre-fetching defaults: which changed over a year ago), or blatant lies (learn to read the docs)

        So basically Satan, lol.

        > like screaming for 6 months about being unable to disable 3 telemetry trackers in Fenix, while it was **in development**

        The trackers made it to the stable release, just like I predicted, so they were not just there „while in development“, as you claimed. Are you really trying to imply that they are no longer there? If so, that‘s just a lie, and you know it. They are still there in Fenix stable.

        > e.g. claims about Firefox’s DNS pre-fetching defaults: which changed over a year ago

        Wait a second, last time I checked network.dns.disablePrefetch was still set to false, while it being set to „true“ would be the user-friendly value. Everyone: Go to about:config, type in above setting, and check whether it‘s set to false or to true. If it‘s set to false, compare this to Pants‘s statement.

        Have fun.

        > or blatant lies

        Strong claim after I‘ve exposed two of your own in succession just moments before.

        > almost always accompanied with shilling for Brave

        Even if that were the case, which it isn‘t, it would be no worse than your shiloing of Firefox, my dear hypocrite. At least I am not willing to lie in order to „protect my lawn“, which is where we differ.

        > the messenger is attacked

        You mean like this?

        > things you do NOT understand, You don’t even know how FPing and entropy work, I don’t expect Iron Heart to understand it’s significance, Do you really **actually** understand, you’d also have to understand why it’s there, how it’s used, who uses it

        > cherry picked and out-of-context, irrelevant, outdated, hypocritically brought up, uselessly compared, pure speculation (like screaming for 6 months about being unable to disable 3 telemetry trackers in Fenix, while it was **in development**), flat out incorrect (e.g. claims about Firefox’s DNS pre-fetching defaults: which changed over a year ago), or blatant lies (learn to read the docs)

        > this leads to no-one wanting to engage

        If that were true, why was I not spared this diatribe of yours?

        > I have seen the same (slightly toned down) comments and arguments on reddit (by IH: the style, copy-pasting, content, and actual words reveal who it is), which when actually challenged, are quickly downvoted and eventually self-deleted… because facts and logic matter.

        Sorry to disappoint you, Mrs. Paranoid, I have not had a Reddit account for ages. Though I cannot stop anyone citing me or reusing my arguments, if that‘s even the case.

        Nice manipulative technique y‘all: Imply that someone has an account somewhere, imply that this account is not successful and basically hated, provide no proof for either assertions, deprive said someone of the opportunity to prove that the account does not belong to him, since Internet accounts are anonymous. It‘s called smearing, one of Pants‘ preferred techniques.

        Why don‘t you link to said Reddit account of which I am not the owner as I don‘t have a Reddit account, so that I may take a look? One can find me on GitHub and here only for anything tech-related.

        > I’ve only ever bother to call out IH’s FUD a few times, and have refrained as per Martin’s wishes.

        Implying that such a conversation ever happened, a conversation (if it ever happened) none of us was privy to. As far as I know, Martin hasn‘t banned me despite numerous public demands of yours, as I do not violate the gHacks comment guidelines, and because my comments are oftentimes helpful. He has occasionally deleted parts of my comments (and also your comments, kind reminder) when he thought that they were too aggressive or otherwise inappropriate, which is his right as moderator.

        > IH is not knowledgeable about Firefox (or fingerprinting), and readers deserve to know the level of ignorance here

        Playing the „not knowledgeable“ card again, nothing new in the west.

        > Those who actually know, like experts,

        [Editor: unfounded personal attack removed]

        > know that Firefox is a vastly superior product when it comes to privacy and anonymity ability (no one cares about a few default differences).

        Those in the know and you always state that Firefox needs to be heavily modified to become half-way private. Brave is much more private out of the box already, and as far as I can tell, the Brave team has already modified the values of all non-breaking features to the benefit of the user, whereas Firefox leaves that task to the user.

        > That superiority is all driven by Mozilla:

        The problems are also driven by Mozilla, like blatant security issues such as the swiss cheese sandbox, the lack of site isolation (Project Fission has been rotting away in Nightly), their ability to remotely and covertly run code in all Firefox installations by default, preinstalled trackers, the always open Push socket that can be used for unique identification, the extension ID problem already mentioned, and so on and so forth.

        I can also isolate stuff in Chromium via multiple full profiles, there is no need for overhyped containers that only make cross-site login forms break left and right. CNAMEs are a very obscure form of tracking and will soon be covered by Brave Shields (which are not limited by extension APIs)…

        > If IH is so smart, then why isn’t IH using Firefox? I already know the answer: bias and/or ignorance

        Yeah, the only smart solution is Firefox. Except when you want sound security, good web compatibility, freedom from telemetry, experiments shenanigans.

        What you just did is shilling, by the way, the very thing you accuse me of doing.

        > Brave is a gimmick, with shady operators, just like Chrome

        You mean „shady“ as in hijacking Firefox downloads with Cliqz spyware unbeknownst to users, or misusing the notification system for politics, or playing opposition while being dependent on Google, or asking for donations without making it obvious (only in some hidden away FAQ) that donations do NOT go to Firefox development, or hiding a for-profit behind a non-profit, or turning people into watchdogs on a platform you don‘t even own, or sticking your brand on products fully developed and maintained by others or… Wait, that wasn‘t Brave Software, that was Mozilla, dear hypocrite.

      8. Pants said on October 8, 2020 at 1:02 pm

        Martin, this is the last reply in this thread from me. Have got what I wanted. I’m not going to ever directly engage IH (waste of time), I’m just going to comment for the readers’ benefit, occasionally, if I feel like it and have time

        tl;dr: Dear readers, who are you going to trust on this: Tor Project and hundreds/thousands of researchers and tests: or IH? PS: check the FACT list below

        > Yep, because it‘s explicitly stated that the implementation is still incomplete

        LIES. I said “Brave’s canvas fingerprinting defenses can be (mostly) BYPASSED”. IH quoted that and replied it’s incomplete –> CANVAS is not incomplete. It’s one of the first things they did. IH’s own link, article dated 18 May 2020: https://brave.com/whats-brave-done-for-my-privacy-lately-episode-4-fingerprinting-defenses-2-0/

        quote: “These defenses were discussed in detail in the previous entry in this series, and are currently applied to the canvas and Web Audio APIs”

        epic fail: this is because, like most things Brave do, it’s a gimmick and has an ulterior motive. In this case they are going “all in” (not necessary) on randomizing to make a point of difference for spin marketing. They also chose to make a marketing difference by being “subtle”. They choose risk over sanity, and they screwed up – being subtle has backfired. Can it be fixed, sure, but that’s not the point. The point was to show the strategy carries extra risk.

        It also utterly fails to allow for randomizing on repeat visits per first party = it has weaknesses. They can’t even do internally with code what a decent extension can do (with canvas): because their strategy is flawed. Aside from a single good posion pill for naive scripts, it’s a really shitty strategy (per-origin means they have to protect the seed). In Tor Browser that would break the unlinkability of Tor and new circuits. Does anyone seriously not think experts haven’t looked at this in the last decade. Why do you think they rejected it.

        Also: ALL randomizing can be detected, even per-origin: it’s not what IH or Brave claim it is. “Farbling” in Brave is a risky gimmick and they didn’t even factor in Tor, which they added as another gimmick.

        As for the rest, there we have it: more proof of the utter ignorance, lack of comprehension, going off-topic, doubling down and completely missing every single point of importance when confronted with facts and logic

        FACT – fails to provide proof as requested that RFP/TB’s anti-FPing can be beaten
        FACT – claims that a decade+ of science and math behind methods to defeat FPing, which is to break linkability, that have held up under tests, is BS, and claims a FP on a site can be linked to previous visits by the same user
        FACT – doesn’t understand that the number of visitors on a site does not factor in how entropy, FP and linkability work. Period.
        FACT – misses the point that RFP/TB users do not have a static FP: they randomise canvas (properly, unlike Brave)
        FACT – misses the point that Brave (like RFP) can be rendered to a static FP – which IH claims is flawed, despite the evidence: so it’s no better than TB/RFP (in fact it’s worse)
        FACT – misses the point that Brave choose a RISKY method, and they FUCKED it up. It’s BYPASSABLE. Canvas is one of the highest entropy items around. It’s the first thing they tackled, and it’s SHIT. I also suspect that WebGL is also compromised. That’s a major screwup
        FACT – misses the point that yu don’t need a decade to implement protection. The science and knowledge is already there. Canvas spoofing has been around for a long time. Cry me a river – I’m not the one that claimed RFP/TB was easily broken and making BS claims
        FACT – misses the point that Brave users also shouldn’t change things
        FACT – does not understand RFP at all: almost all of it is hardcoded and can’t be changed (excl. extensions). One exception here is letterboxing, which bucketizes: and creates the ability for the user to resize, maximize etc and cause the metric to be unstable
        FACT – misses the point that extensions in Brave carry the same risk in FPing (observable behavior, overriding values etc)
        FACT – does not understand *how* a UU/ID is leaked and says he can do it “trivially”
        FACT – still doesn’t know **why** Fenix release disabled config
        FACT – still doesn’t understand that Firefox has TWO dns prefetch settings: so all IH’s claims that Firefox does not stop dns prefetching is false since FF70
        FACT – thinks this is about Brave/Firefox when it’s really about him
        FACT – I have more facts

        last one cuz it’s dozey … FACT – doesn’t even know his own shilled Brave: release already contains anti-FP: I can only surmise this is indicative that he doesn’t even use it, and is in here for any of the following: attention, trolling and giggles, getting paid, is biased and has an axe to grind with Mozilla. It certainly seems like an obsession/profession to me.

        I’m using the word “scientist” symbolically to indicate another real world scenario
        Me: scientist (who has coded for over 25 years), deals in facts and logic
        [Editor: please no personal attacks]

      9. m3city said on October 7, 2020 at 1:46 pm

        @Iron Heart,
        I concur with all what you say about democracy, free of speech.
        We both know that youtube (social webs, info portals etc) puts each one of us in bubble – thanks to tracking, but I guess thats the other thing you know perfectly. Being in info bubble is wrong for me, you, anyone. You may or may not get unbiased info, but you will get info that “suits you” by some algorithm. In this case, you get yt movies. Description of RegretsReported says specifically that this is to analyze that algorythms, based on user input that found a particular video CRAP for him.

        “Insights from the RegretsReporter extension will be used in Mozilla Foundation’s advocacy and campaigning work to hold YouTube and other companies accountable for the AI developed to power their recommendation systems. These insights will be shared with journalists working to investigate these problems and technologists working to build more trustworthy AI.”

        We may differ if Mozilla should do any advocacy at all, but still it has nothing to do with “suppressing differing opinings”.

      10. Iron Heart said on October 7, 2020 at 10:38 pm

        @m3city

        I am aware of the problem of filter bubbles. I would appreciate it if YouTube would suggest a more diverse range of content to users, so that they can truly become informed in the larger sense of the word. In general, it is always advisable to check out various sources of information from different backgrounds, so that the bigger picture of things becomes apparent and filter bubbles are avoided.

        However, this is (sadly) not how most humans operate. Most humans have a preconceived opinion, and search out content on the web that confirms aforementioned preconceived opinion, and they only appreciate suggestions that go into the same overall direction. Sad but true. That being said, ultimately it is anyone’s personal freedom to live in a filter bubble, just like it is anyone‘s personal freedom to search for information outside of the filter bubble. Anybody must decide what is best for himself or herself – I have no business in that, even though in general I believe that people should look outside of what just happens to be convenient for them.

        If Mozilla‘s goal was to diversify YouTube‘s algorithm, so that it could present a broader (more neutral) picture, I‘d be in favor of that. However, this is not what seems to be happening here. Mozilla seems to be very one-sided in what they consider to be offensive, and against what they have crafted the extension as a consequence. The goal here seems to be the suppression of suggestions that users find offensive, the problem is, Mozilla seems to have a clear idea of what must be considered „offensive“. The project has a clear political bias which I do not appreciate at all, the goal is not diversification, the goal is suppression. The algorithm is to discriminate against certain content, to put it plainly. The algorithm is to leave you in a filter bubble, just a filter bubble that suppresses certain content now.

        If you ask me, the only case in which something should be banned from the algorithm, or from YouTube in general, is when it‘s literally illegal according to the law. Every other occasion where something is being reported is just an abuse of the report button.

        I also have to wonder, how can you even receive a great many „regrettable“ recommendations? YouTube‘s recommendations aim to be closely aligned to the content you‘ve already watched as it stands, so it‘s hardly possible to be offended by them…

    3. iHateRegularExpressions said on October 6, 2020 at 10:15 pm

      Dear Iron Hear, I see that, I know everything one needs to know how evil and deceitful Mozilla/Firefox is. Everything they do is disgusting. Yet I am using their product because there is no better alternative now and your constant and annoying shitposting will never turn me into a Brave fanboy. For now I am certain when shit hits the fan it would be googled or not googled chrome or some ancient artefact. I have my own standards and “Three times faster than Chrome. Better privacy by default than Firefox.” is definately not one of them.

      1. Iron Heart said on October 6, 2020 at 10:42 pm

        @iHateRegularExpression

        It is unfortunate that you think of me as a „shitposter“, when I or my posts certainly do not qualify for that term. I am critical of what Mozilla has turned Firefox into, and what this organization as a whole has become, and I have good reasons for my stance. I used to promote them in the 2000s and early 2010s, but not anymore.

        I do not promote Brave or suggest that anyone should use it, I merely state that I use it myself, and I occasionally mention it when I am being asked for a browser suggestion, both of which are legitimate, I think. I also believe that it is a better option than Firefox for my own use case, as otherwise I would use Firefox (logically). My main reason for picking Brave over something like Ungoogled Chromium (which is a fine browser in its own right) is merely better fingerprinting protection and an internal adblocker that will survive Manifest V3. No other reason to use Brave as far as I‘m concerned, but those two are strong ones for me (note: Doesn‘t have to be the case for others). Surely enough, aside from Brave which I myself use, there are other great options like the aforementioned Ungoogled Chromium, or Vivaldi, or Bromite, or Kiwi… Just use what meets your needs best.

      2. iHateRegularExpressions said on October 7, 2020 at 1:08 am

        @Iron Heart
        This is so sad, you just repeat your nonsense forever, get some help.

      3. iHateRegularExpression said on October 7, 2020 at 1:35 am

        @Iron Heart
        WTF is wrong with you? Why is every Mozilla/Firefox related thread filled with your “revelatons”? Use your Brave and be happy with it.

        [Editor: please no personal attacks]

      4. Iron Heart said on October 7, 2020 at 7:05 am

        @iHateRegularExpression

        Don‘t know what you are trying to say here. I replied to your comment in a corteous manner, yet you attack me. Just for the fact that I am using something else? Yep, clearly I am the one who needs to get help…

      5. Ryan F said on October 7, 2020 at 2:57 pm

        @Iron Heart, thanks for your perspective. Your comments are thorough and well-thought out and I agree that Mozilla as a company has some shady morals. I don’t really have anything else to add, pretty much just giving you a “like” in the form of a comment.

      6. Iron Heart said on October 7, 2020 at 10:42 pm

        @Ryan F

        Thank you for your kind words. I am just stating how I see things, negative reactions are to be expected among the many. I just don‘t see anything positive in that stuff, but clearly there are also other opinions to the contrary.

        Glad to hear that you get something informative out of my posts.

    4. TacoT said on October 6, 2020 at 10:35 pm

      Geeze. Didn’t even know this existed. It really is time to abandon Firefox – the parent company is too much to take anymore. Everyone, make sure you report the non-believers. They mustn’t be tolerated.

    5. Anonymous said on October 7, 2020 at 2:32 am

      This criticism of Mozilla should be reported to the mothership as a “regrettable comment”. Is there an extension for that already ?

      The “conspiracy theory” terms, that Mozilla’s own censors already extend to merely not trusting their company with our data in spite of the vast evidence of them already misusing it, were not vague enough as an abusive censorship tool for tech companies. Now anything “regrettable” is the target. What’s great with this word is that it’s totally up to the censor to decide what’s regrettable or not. We’re not privy to what that really means and to how they’re going to let it evolve arbitrarily to include always more benign forms of opposition. Maybe because some of the things there wish to censor are not yet unpopular enough outside of their little circle that they feel ready to say it loud and clear.

    6. Anonymous said on October 7, 2020 at 9:58 am

      And that was the last straw for me. The last one after many many others over the past few years.

      Done with Mozilla Firefox, unless they make some big changes. I’ve been with Firefox since it existed and used Netscape before that. But I just can’t take the Mozilla crap anymore.

  2. Allwynd said on October 6, 2020 at 8:26 am

    That’s not gonna give them any more market share, in fact they will probably drop from 4% world market share to 3% market share on all platforms and soon be dethroned from the top 4 by Samsung Internet and other contenders.

    Stuff like this is useless as it doesn’t sway people from using or avoiding certain extensions, the people that still use Firefox know what they’re doing already. If they had more than 10% world market share, it would’ve been worthwhile, but now it just feels like they’re simulating activity just to answer the question “No, we’re not dead yet, but thanks for asking, stuff still happens here…”

    1. Anonymous said on October 6, 2020 at 9:25 am

      Market share will keep diving as Mozilla continue to destroy what is left of Firefox. The only saving grace is probably ESR version and Enterprise Policy support, which makes it easier for IT/power users, but really that’s about it.

      Most consumers are already well-served by Chrome and Edge.

      1. Allwynd said on October 6, 2020 at 12:03 pm

        ESR is like refusing to update an old version, except it gets some security patches, eventually it will be phased out and still made obsolete. It’s like clinging to what’s left and trying to avoid the inevitable.

        My opinion is you either embrace all the changes and stay up-to-date or just move on to something else.

        Overall using Firefox to me feels like using something that’s outdated, something on the fringe and something that might not even exist in a few more years. I’m guessing in 5-10 years, if Firefox still exists, they will have given up on Gecko and have adopted Blink or WebKit instead, I just don’t see their rendering engine continuing to be viable much longer, it’s also like most of the Firefox users’ opinions that I read all over the internet, they’re mostly using it, because according to their words, Firefox is the last bastion of internet freedom that’s still fighting Chrome’s dominance, nothing regarding features that only exist on Firefox or something that makes it better than Chrome… Occasionally there is someone using outdated arguments like how Chrome is a resource hog and Firefox handles memory better when for the last 5 years both Chrome and Firefox have been equally resource-heavy or light on resources, depending on how you look at things (glass half empty/half full).

  3. TelV said on October 6, 2020 at 11:27 am

    Runnaroo search engine visible in the second image looks interesting from a privacy point of view, but seems to be ad-supported judging by the one which appears on top of the search results: https://www.runnaroo.com/search?term=LTSC

    Needless to say though, you don’t need to install the addon to use it.

    Interestingly though, there’s a video search engine mentioned at the foot of the page called Peteyvid which I haven’t heard of before and which is privacy orientated according to the landing page: https://www.peteyvid.com/

  4. Peter Gunn said on October 6, 2020 at 1:14 pm

    So, at this time Firefox extensions appear as (stay tuned, others may be on their way) :

    1- Recommended : “editorially curated”, “highest standards of security, functionality, and user experience”
    2- By Firefox : created by Mozilla (in a special way)
    3- Verified : reviewed and promoted by Mozilla
    4- Not actively monitored

    OK. As far as I’m concerned, “Verified” will bring no extra value and “Not actively monitored” no reason to ban or to under-estimate.

    1. Martin Brinkmann said on October 6, 2020 at 1:34 pm

      The main difference is that 3) Verified add-ons get code reviews. It does not tell you anything about the quality of the extension though.

      1. Peter Gunn said on October 6, 2020 at 3:49 pm

        @Martin, “Verified add-ons get code review” is a good thing to know, sort of a comfort amid rhetoric, that of Mozilla, which appears — maybe only to the newbies — as unclear. For instance I’d care to know what is the difference between “code review” and “highest standards of security”, unless to consider that the latter corresponds to the former with a higher degree of zeal. Good point anyway that it doesn’t go the other way around. This is ambiguous, except for Mozilla and a few experts I guess.

        Your article brings some light, fortunately.

  5. Herman Cost said on October 6, 2020 at 2:30 pm

    The ‘verified’ thing does not bother me much as I can and will simply ignore it. While I can see where some might find this annoying, in general I think people should focus their concerns about forced changes to their systems that reduce functionality and privacy, as opposed to marketing initiatives like this one.

  6. Sebas said on October 6, 2020 at 3:26 pm

    The regrets reporter extension is a nice way to totaliarism. You can report anti-LGBTQ+ content and any other content that is not in the canon of the woke church: https://foundation.mozilla.org/en/campaigns/regrets-reporter/

    Well done Mozilla. Firefox is now officially an inquisition browser: dare to disagree, you unbeliever.

    1. ShintoPlasm said on October 6, 2020 at 4:09 pm

      Can you also report pro-LGBTQ+ propaganda?

      1. Sebas said on October 6, 2020 at 6:05 pm

        Lol.😁 The only thing is Firefox is dead. Let’s hope that Google does not take over more then they allready do. You know the Google Be not Evil to China extension or so.

      2. Anonymous said on October 7, 2020 at 3:02 am

        > Let’s hope that Google does not take over more then they allready do. You know the Google Be not Evil to China extension or so.

        Mozilla already added China to its regrettable content list. I don’t see why you’re complaining here.

      3. Sebas said on October 7, 2020 at 8:36 am

        Google’s Project Dragonfly is what I was referring to. Anyway it is kind of amusing to see what money will go into the Mozilla regrettable content project and other political activities at the cost of crippling firefox itself.

        https://www.ghacks.net/2020/08/11/mozilla-lays-off-250-employees-in-massive-company-reorganization/

        “A pessimist might see the announcement in the following way: use the Firefox money as long as it is there to push other tech products and certain ideals”.(Martin)

        And this little gem: https://blog.mozilla.org/blog/2020/08/11/changing-world-changing-mozilla/

    2. VFTS said on October 6, 2020 at 4:20 pm

      It all started long time ago with removing dissenter extension. Youtube also banning anyone who has different opinion. Don’t let me start with social networks. I mean firefox is dead for a long time now.

  7. burn loot murder said on October 6, 2020 at 10:27 pm

    despite the very low percentage of lgbtq+ people, every company acts like they are the majority.

    1. ShintoPlasm said on October 6, 2020 at 11:11 pm

      If you look at ads in the US (both on TV as well as online), you’d think they’re 33% black, 33% Chinese. If you look at ads in the UK, you’d think they’re 50% black.

    2. Anonymous said on October 7, 2020 at 3:19 am

      Keep confirming their narrative that they only want to fight hate speech. You’re only giving them credibility.

  8. anonymous said on October 7, 2020 at 2:26 am

    “For years, journalists, researchers, and even former YouTube employees have been telling YouTube that they need to stop their recommendation engine from sending users down racist, conspiratorial, and other regrettable rabbit holes.”

    “YouTube claims to be fixing this problem, but it’s all happening behind closed doors, without any way for the public to tell if it’s actually working. Last year, Mozilla gave YouTube three recommendations to help address this problem in a more open and transparent way. So far, YouTube has not made these changes.

    That’s where you come in. Mozilla’s RegretsReporter browser extension transforms everyday YouTube users into YouTube watchdogs. We can use our own data to answer questions about regrettable recommendations that can go a long way towards helping journalists who investigate these problems, other groups like Mozilla who push for more accountability, and engineers and designers who build this technology.”

    Is that why Mozilla did that massive lay off, to form a Ministry of Truth?

    1. ShintoPlasm said on October 7, 2020 at 1:03 pm

      “Regrettable” sounds completely dystopian to me, like something out of Orwell or Huxley. It is such a communist term – “Comrade John used to have regrettable opinions about the party and the state, but was cured of them after a few pleasant weeks in a re-education camp”.

      1. Anonymous said on October 7, 2020 at 2:58 pm

        Here we go again, “Google is communist”. The 21st century version of old fascist theories.

  9. Anonymous said on October 7, 2020 at 3:08 am

    Look at some of what their great pay-to-be-verified system promotes: AdBlock with its paid ad whitelist, or unprivate trash like Honey and Linguix spell checker.

    Of course extensions that are well known from their intrinsic value don’t need to pay to be promoted, and often don’t have the money to do it even if they wanted to. So we end up with lots of promoted trash. And Mozilla gets more pocket money. Keep ruining trust MozCorp.

  10. memberofthewokechurchapparently said on October 7, 2020 at 5:51 am

    As useful as I find this blog on occasion, I’m really starting to think you should turn off comments. For whatever reason, you draw in some real gems of human beings. /s

    Besides, do we really need one more person to declare the end of Mozilla for the hundredth time in a comment section? Or argue that the program/extension/coffee machine/back scratcher they already use is the best on the entire planet and thus any recommendation otherwise is a waste of all our time?

    1. Iron Heart said on October 7, 2020 at 7:06 am

      @memberofthewokechurchapparently

      How about: „Don‘t like it – don‘t read it.“

      It‘s easy. Try it for once.

      1. memberofthewokechurchapparently said on October 8, 2020 at 4:06 am

        Funny how your sort always say that and yet don’t take their own advice.

        Don’t like my comment, don’t read it. Try it for once. ;)

    2. Anonymous said on October 7, 2020 at 11:58 am

      > Or argue that the program/extension/coffee machine/back scratcher they already use is the best on the entire planet and thus any recommendation otherwise is a waste of all our time?

      That’s your spin on shady software paying Mozilla to be misleadingly promoted as more secure. The gems of human beings at the Silicon Valley really need to start questioning their beliefs of what’s right or wrong.

  11. big said on October 7, 2020 at 7:23 am

    Could any chromium big fans comment the SRWare Iron browser please?

    1. Iron Heart said on October 7, 2020 at 7:54 am

      @big

      SRWare is spyware, unfortunately:

      https://spyware.neocities.org/articles/iron.html

      If you want a Chromium-based browser which doesn‘t spy on you, in no particular order: Ungoogled Chromium, Brave, Vivaldi, Bromite (only on Android), Kiwi (only on Android).

      Here is how I‘ve set up mine:

      https://www.ghacks.net/2020/07/05/behave-for-chrome-and-firefox-warns-you-of-port-scans-and-local-attacks/#comment-4467393

      1. Spyware Level: High said on October 7, 2020 at 12:22 pm

        @Iron Heart

        Brave is spyware, fortunately:

        https://spyware.neocities.org/articles/brave.html

      2. Iron Heart said on October 7, 2020 at 1:51 pm

        @Spyware Level: High

        The spyware level of Firefox is also high according to the same website:

        https://spyware.neocities.org/articles/firefox.html

        Most of the assertions on this blog are nonsense. That being said, the article about SRWare Iron is pretty much spot on. Generally I am not referring to the blog based on it being misguided (they literally think a software providing automatic updates, which is true for almost any browser, qualifies for a high spyware level).

      3. big said on October 7, 2020 at 12:34 pm

        @Iron Heart

        Thanks bro.

  12. Femail said on October 7, 2020 at 10:16 am

    I would never suspect extensions to be sponsored by the “verified” declaration. Anybody: do I miss some information from the screenshot shown above? I don’t see the word “sponsored” anywhere?

    @memberofthewokechurchapparently

    quitting the comment-section would course the death of the opportunity to ask questions,that, fingers crossed,may be answered by other readers of this blog.
    I too, am sick and tired of the ongoing rant,no names mentioned ;). I simply scroll down to avoid it and pick up reading all the other comments. I Miss contributions from well-informed people like Pants and others, that seem to have fled over the years. I miss comments by people, eager to clarify issues in versatile ways like it used to be long ago.
    my solution to better the atmosphere:

    1. stick to the topic of the blog when writing comments
    2. stay focused and ignore/ cease commenting on the ongoing rant about Brave

    1. Anonymous said on October 7, 2020 at 2:50 pm

      > I Miss contributions from well-informed people like Pants and others, that seem to have fled over the years.

      You can still follow his work on github:

      https://github.com/arkenfox/user.js

      Currently removing regrettable comments like this one:

      “perhaps the bigger question is whether Mozilla should be messing with DNS at all
      personally i find this fucking offensive, period
      this should be done at the OS level, or per application at the users discretion
      i really think the broader picture of Mozilla’s goals need to be considered here and given the avenues they’ve been perusing, and rightfully getting their fucking teeth kicked in for, i don’t want them messing with DNS”

      https://github.com/arkenfox/user.js/issues/1027#issuecomment-703230453

      I’m glad Big Tech bought github, this comment removal feature they added was long overdue.