So in case you haven't heard of it (or noticed about it), there was a kerfuffle in Firefox land recently about this: https://www.theverge.com/2017/12/16/16784628/mozilla-mr-robot-arg-plugin-firefox-looking-glass As part of a tie-in with an American TV show, Mozilla thought it'd be a great idea to silently install a cryptically-named addon in all(?) Firefox deployments. Which can't be turned off. This is concerning enough - a Random Internet Person quoted in the article has a solid explanation as to why: "There are several scary things about this: - Unknown Mozilla developers can distribute addons to users without their permission - Mozilla developers can distribute addons to users without their knowledge - Mozilla developers themselves don't realise the consequences of doing this - Experiments are not explicitly enabled by users - Opening the addons window reverts configuration changes which disable experiments - The only way to properly disable this requires fairly arcane knowledge Firefox preferences (lockpref(), which I'd never heard of until today)" Mozilla's response is also, IMHO, rather worrying, because it seems to fail entirely to grasp how concerning this kind of action is, and seems concerned instead with self-justification and downplaying: “Our goal with the custom experience we created with Mr. Robot was to engage our users in a fun and unique way,” a Mozilla representative said in a statement. “Real engagement also means listening to feedback. And so while the web extension/add-on that was sent out to Firefox users never collected any data, and had to be explicitly enabled by users playing the game before it would affect any web content, we heard from some of our users that the experience we created caused confusion.” (FWIW I don't think that statement is even factually correct; I can't prove it with screenshots, but I'm pretty sure that when the addon appeared in my Firefox install, it was enabled, not disabled). I think we should be concerned by this kind of behaviour on the part of the supplier of our default desktop browser, and we should express that concern to them. Assuming Fedora-as-a-project shares my concern, do we have a channel to communicate with them about this, and request assurances that they understand the seriousness of this, and that they have changed policies so that nothing like it will happen in future? Thanks. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
