Security is important. However the steady creep of the walled garden limits programmer freedom. Now Mozilla has announced that Firefox extensions will have to be signed - by Mozilla.

Browser extensions aren't as vital to the developer economy overall as standard apps, but if you are thinking of creating one for Firefox you need to know that the terms and conditions are about to undergo a big change.

As of the second half of 2015, all Firefox extensions will have to be signed by Mozilla to work. 

Previously Mozilla ran Addons Mozilla Org, or AMO, an app store for extensions and, to get into AMO, your extension had to conform to a set of guidelines. In addition any malware extensions that are installed from other websites, i.e. not from the safe AMO site, can be blocklisted. This means that Mozilla can disable any malware extensions remotely. 

This would seem to be enough to make Firefox safe.

However, it now seems that finding and keeping track of malware extensions is too much for Mozilla, which also points out that developers have devised ways of hiding their malware and increasing the workload. 

Google solves the problem by only allowing extensions that have been installed from its own website to work. Mozilla plans to solve the problem by signing extensions on the following terms:

• Extensions that are submitted for hosting on AMO and pass review will be automatically signed. We will also automatically sign the latest reviewed version of all currently listed extensions.
  
  
• Extension files that aren’t hosted on AMO will have to be submitted to AMO for signing. Developers will need to create accounts and a listing for their extension, which will not be public. These files will go through an automated review process and sent back signed if all checks pass. If an add-on doesn’t pass the automated tests, the developer will have the option to request t+he add-on to be manually checked by our review team. A full review option will also be available for non-AMO add-ons, explained further ahead. 

So in the future Firefox will only work with extensions that have been signed, no matter where they come from. This raises the question of what happens to a non-public extension and what happens while you are developing one? So far there is no news on how this will be handled.

Unsigned extensions will work for 12 weeks, but will generate a warning. 

The really draconian part is: 

• After the transition period, it will not be possible to install unsigned extensions in Release or Beta versions of Firefox. There won’t be any preferences or command line options to disable this.

If you want to try out your unsigned extension it seems at the moment that you need to run the Nightly or the Developer Edition. So testing on the production version is very likely not going to be possible.

On the plus side, Mozilla says that the user install experience will be improved. 

As I said at the start, security is important, but so is freedom and this particular mechanism has no opt out clause. 

It doesn't matter how much you know, you can't opt to install an unsigned extension. 

What is also very clear is that it won't take long for malware programmers to work out ways around the safeguard. While we are kept out of the walled garden, the malware programmers will simply spend the extra time and find a way to tunnel under it. 

Notice that the validation step is automatic, which means that the extension is simply scanned to see if it does things that are known to be potentially risky. However, in the right hands we all know that "potentially risky" is another way of saying "definitely powerful". So if you want to build an extension that does something amazing it will probably trip the wire and send your extension for a long manual examination - like that is going to reduce Mozilla's workload. 

This is not the good way to increase security. A much better idea is to make what is going on obvious to the user. A nice big warning that a new extension is about to be installed with details of where it comes from, and as much information as possible, is going to be more effective and less restrictive. 

It is sad that one of the biggest icons of open source is closing things down with such inflexibilty. It is simply adding to the list of organizations from whom we have to ask permission to run our programs.

More Information

Introducing Extension Signing: A Safer Add-on Experience

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info