this post was submitted on 24 Oct 2025
357 points (100.0% liked)

Firefox

21241 readers
974 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
golden_zealot@lemmy.ml
357
Mozilla to Require Data-Collection Disclosure in All New Firefox Extensions (linuxiac.com)
submitted 3 weeks ago by KarnaSubarna@lemmy.ml to c/firefox@lemmy.ml
26 comments fedilink hide all child comments
 

all 28 comments
sorted by: hot top controversial new old
[–] thatonecoder@lemmy.ca 54 points 3 weeks ago (4 children)

They should do manual testing to confirn/deny this, in a mystery customer sort of way.

[–] Dirk@lemmy.ml 28 points 3 weeks ago (1 children)

They should make it a requestable permission.

[–] Ferk@lemmy.ml 6 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I'm not sure if that would be viable technically.

They might be able to make requestable the connection requests to outside sources (which I expect is something many extensions use, even those without data collection), but whether those requests relate to data collection is not something that can be determined programmatically.

[–] Dirk@lemmy.ml 6 points 3 weeks ago

Yes, all access to outside sources is blocked by default and users are asked on a per URL basis with the author manually requesting each URL access including a reason – with occasional manual validation from Mozilla staff.

[–] Ephera@lemmy.ml 24 points 3 weeks ago

They have the Recommended Extensions program, where they do that for a subset of the available extensions.

https://support.mozilla.org/en-US/kb/recommended-extensions-program

[–] thingsiplay@beehaw.org 5 points 3 weeks ago

Agreed, it should be this way. But I guess it would break most applications that rely on data collection (and I am saying that with a voice of sarcasm).

[–] sramder@lemmy.world -1 points 3 weeks ago

Calm down guys you’re asking for an actual feature, now… this is gonna need like five years of extensive study and testing.

[–] LiveLM@lemmy.zip 44 points 3 weeks ago* (last edited 3 weeks ago)

Dude I misread "Mozilla to require data collection in addons", almost dropped my phone

[–] naeap@sopuli.xyz 19 points 3 weeks ago (2 children)

So I can just declare 'none' and happily collect data?

Or is there actually some type of control?

[–] thingsiplay@beehaw.org 12 points 3 weeks ago (2 children)

Well, I guess they could. But at least its in the rules and people can report. And if it indeed violates the setting, then the addon could be removed from the repository. So there is an incentive for addon developers not to break that "promise". At least this is the right direction.

[–] FunctionallyLiterate@lemmy.ca 5 points 3 weeks ago* (last edited 3 weeks ago)

Yes, but it's about the tiniest step they could possibly take. It just officially makes violating "trust me, bro" against the rules, but does absolutely nothing to prevent it, nor allow the user to directly prevent such abuse. Some extensions don't need Internet access at all, but there's no (easy) way to stop it from happening. Others only need occasional access for updates, but there's no user control for whether that's all they're doing.

[–] Ferk@lemmy.ml 4 points 3 weeks ago* (last edited 3 weeks ago)

Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked "none" then no need to go out of your way to figure out if it does it.

For some extensions it might actually be relatively easy to figure out if they do communicate with an external server that they might not need to, specially considering that the extension format can easily be decompressed, .crx files are just zip files with some javascript and other files inside.. they might want to obfuscate the logic, but it's not impossible to try and unravel things to some extent.

[–] Ephera@lemmy.ml 7 points 3 weeks ago

It has been a thing for longer that extensions are not allowed to make connections to the internet, unless it's actually required for the functionality they advertise. And I believe, they have some rudimentary code scans in place to check for that. Besides that, there's also their Recommended Extensions program, where they do thorough code reviews for a subset of available extensions.

[–] HiddenLayer555@lemmy.ml 18 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

How about Data-Collection Ban in All Firefox Extensions, Mozilla? How about that?

[–] specialwall@midwest.social 27 points 3 weeks ago

Except most extensions need to collect some data to work. Unless you want firefox to die, this isn't a great idea.

[–] Blisterexe@lemmy.zip 4 points 3 weeks ago

addons.mozilla.com isn't a large enough source of extension downloads for a lot of extension developpers to be willing to comply with that, they'd just drop the platform, and firefox would have an even harder time getting people to use it.

[–] Mwa@thelemmy.club 9 points 3 weeks ago

Good update!

[–] Vincent@feddit.nl 9 points 3 weeks ago

I believe it was already required to disclose data collection, except you had to build the UI for that yourself. This makes it easier to comply, and more recognisable for us users.

[–] Core_of_Arden@lemmy.ml 7 points 3 weeks ago

I really like Mozilla Firefox... Keeps getting better. :-)

[–] Slysilverat@lemmy.dbzer0.com 1 points 2 weeks ago

Let's hope it's not automatically on

[–] sramder@lemmy.world 0 points 3 weeks ago (1 children)

Hey did the patient on apple‘s crappy idea expire already?

[–] cupcakezealot@piefed.blahaj.zone 6 points 3 weeks ago (1 children)

how is knowing what data extensions collect a crappy idea?

[–] sramder@lemmy.world 2 points 3 weeks ago

It’s not, it’s the self reporting that irks me in both cases.