Mozilla silently bans 2 anti-state-censorship add-ons in Russia(discourse.mozilla.org) |
Mozilla silently bans 2 anti-state-censorship add-ons in Russia(discourse.mozilla.org) |
We received no notifications about this restriction. Waiting for the official statement or just any comment from Mozilla.
> Is this a way for Mozilla to censor add-ons they don't like, enforce copyright, government demands, etc.?
> No, the purpose of this is to protect users from malicious add-ons. We have a set of guidelines (https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Revie...) for when it is appropriate to blocklist an add-on and have refused multiple times to block for other reasons.
Is Mozilla refusing to sign the add-on? Or just refusing to host it on addons.mozilla.org? There's a big difference. If the extension can still be signed, it's easy to install on production Firefox builds. If it can't be signed, then it can only be installed on Nightly or Developer builds with xpinstall.signatures.required disabled in about:config.
So it looks like they are still signed, but they are not available on amo in Russia. The extensions can still be installed on production Firefox builds if they are hosted elsewhere, such as:
Runet Censorship Bypass: https://files.catbox.moe/g7mww2.xpi
Censor Tracker: https://files.catbox.moe/37grym.xpi
Russia could block mozilla.org (in which case 1000s of clones would likely emerge). Mozilla is a not for profit. Why not simply ignore such requests..
Here's the statement we're sharing with the press:
In alignment with our commitment to an open and accessible internet, Mozilla will reinstate previously restricted listings in Russia. Our initial decision to temporarily restrict these listings was made while we considered the regulatory environment in Russia and the potential risk to our community and staff.
As outlined in our Manifesto, Mozilla's core principles emphasize the importance of an internet that is a global public resource, open and accessible to all. Users should be free to customize and enhance their online experience through add-ons without undue restrictions.
By reinstating these add-ons, we reaffirm our dedication to:
Openness: Promoting a free and open internet where users can shape their online experience.
Accessibility: Ensuring that the internet remains a public resource accessible to everyone, regardless of geographical location.
We remain committed to supporting our users in Russia and worldwide and will continue to advocate for an open and accessible internet for all.otherwise the whole amo would be blocked.
how china blocks that? ublock sucks anyway if you're using 127.0.0.1:53 with unbound/dnscrypt or something
You just have to download it somewhere.
This sort of condescending, controlling, anti-user behavior was one of the reasons I left Mozilla, and the politically/culturally difficult situations it puts them in are a bed they have, unfortunately, made for themselves.
The worst? Probably murder.
https://en.m.wikipedia.org/wiki/List_of_Russian_assassinatio...
https://en.m.wikipedia.org/wiki/Suspicious_deaths_of_Russian...
Having said that the list contains many names of people who would be hunted and killed by any government. Imagine Apache starting revolt, murdering civilians, keeping / trading slaves, cutting heads etc. etc. Whoever the author of the article is - they did a shitty job.
This list is a big disservice to true victims of Putin, like Navalny and the likes.
We saw that when companies like McDonalds could no longer operate in Russia, Russia essentially took the McDonalds and created a knock-off. If Russia decided to ban Firefox, they may just fire up a knock off and sell it to the populace as Mozilla is an evil American corporation so they have created RuskieFox and all that national pride stuff. Would tech saavy people trust the Russian knock off? My guess is the tech saavy people won't and will find ways to get firefox from Mozilla. But the non-tech saavy? Probably not. From this, if we assume Mozilla is doing what it can to protect users (which may or may not be the case), it would be better to comply but Russians get official builds of Firefox than being banned and the Russian government replacing Firefox with their own build.
> Would tech saavy people trust the Russian knock off?
No one with a single brain cell uses the Yandex web browser. It's akin to giving the Russian authorities full access to your entire web presence.
> But the non-tech saavy?
For those Firefox has never existed. Most people in Russia use: Yandex web browser, Opera or Google Chrome.
> From this, if we assume Mozilla is doing what it can to protect users (which may or may not be the case), it would be better to comply but Russians get official builds of Firefox than being banned and the Russian government replacing Firefox with their own build.
Mozilla loses nothing from not complying but gains reputation and trust of not sharing the bed with Putin.
Because no one is helped by that, least of all Russian people wanting to use Firefox. It seems fairly obvious that "all of Firefox is not available in Russia" is worse than "two extensions are not available in Russia".
The project manager for it used to work in the advertising industry. When the ticket was filed in Bugzilla, she quickly set it to be private to try and hide it. Another mozilla employee put it back to public, and then the ticket was set such that not even employees could see it by Mozilla executive leadership.
How about them ramming Pocket down everyone's throats?
Or the 2022 "partnership" with Facebook over an advertising a "privacy preserving" advertising standard?
How about the CEO's astronomical pay increases while market share sank? How about the fact that they now have a billion dollars in assets, half of that in cash? And they slashed their software development budget a year or two ago? And paid someone ~350,000+ to write an "AI and racial justice" report?
https://lunduke.locals.com/post/4387539/firefox-money-invest...
And then there's the partnership with an identity protection service (why the fuck is a browser company getting involved in that!?) whose CEO was running people-search network sites https://krebsonsecurity.com/2024/03/mozilla-drops-onerep-aft...
Would you care to provide examples? I am a longtime user of Mozilla products unfamiliar with the topic and I am genuinely curious.
> What should we think of their VPN they try to promote so much
Mozilla does not have its own service but rather resells Mullvad, one of the most privacy focused services in existence. Is there more to this story that I am unaware of?
"""
Mozilla replaced a feature that was end to end encrypted with one that sent private data to a third party for data mining. They denied getting paid for the integration. That was technically true. They eventually admitted they got paid for referrals. They bought the company in 2017 and promised to release the source code. They still haven't. The Pocket website says "as a member of the Firefox family, privacy is paramount."[1] The first part is misleading and the second part is simply false.
"""
If Mozilla refuses to sign the extensions, then we can pick up the pitchforks again.
I wish some talented bunch of people forked Brave to allow sideloading extensions and strip it of the crypto stuff.
You don't need Mozilla's approval; anyone can publish an add-on anywhere and anyone can install it in Firefox. I've distributed some bespoke non-public addons like this.
It's just the Mozilla add-on website/listing that's curated, which seems reasonable; it's their website and they can have their rules.[1] You can make your own "clipsy add-on listing" website if you want.
[1]: in this case, it's not even "banned", just not displayed in Russia. It was probably a "ban these extensions or we'll ban all of Firefox" type scenario. Saying "njet" to Putin is tempting, but how does all of Firefox being banned in Russia help Russian people? It doesn't. You may not like the situation, but simplistic takes which simply ignore the reality of the situation are not serious.
Nope. Not on Android.
/s
In Russian Hacker News, someone is saying the exact same thing about Google Chrome.
Self-hosting xpi files is definitely allowed, and all xpi files are signed by Mozilla. https://extensionworkshop.com/documentation/publish/self-dis...
See https://extensionworkshop.com/documentation/publish/signing-...
My previous statement was overly broad, but the restrictions do apply to rejected xpis.
The Apache tribes fought the invading Spanish and Mexican peoples for centuries.
The first Apache raids on Sonora appear to have taken place during the late 17th century. In 19th-century confrontations during the American Indian Wars, the U.S. Army found the Apache to be fierce warriors and skillful strategists.
OK, I'm imagining people defending their homelands against invaders.Chechnya was pacified with regular significant money transfers to the strongman at the head. Indians, hmm...
Because what people really want is a browser that can't use Netflix or Spotify...
Firefox would no longer exist today if they hadn't included DRM. Ideological purity is fun and all, but it's perhaps a good idea to occasionally recognize reality.
https://gs.statcounter.com/browser-market-share
Let's put it bluntly, but libre principle does not live well with consumerism of the modern world.
I think that's a poor argument. However, I think the stronger argument is that in this case it's actually relatively okay. Like, it'd be a better world if DRM didn't exist, but given that they lack the market power to do anything about that, EME actually seems like the least bad option:
* It's sandboxed.
* It's optional and doesn't run by default.
* Firefox prompts the user and asks if they want to run the DRM.
In fairness, I understand that there are different views on this; I stop one tiny half-step shy of the GNU/FSF position, in that I would argue that people should have complete control of their machines, but that that includes the right to run software that doesn't respect their right to control the machine.
I guess we're all better off using Chrome then?
> You don't need Mozilla's approval
to pointing out that Mozilla has approved (signed) this extension.
And the reality is Mozilla can always block any extension they want. They can just change the Firefox source code. It doesn't matter what functionality does or doesn't exist now or what the policy they do or don't have – everything can always be changed. That's true for almost anything.
So what they "could do" is a complete distraction in the first place because the "could do" anything. What they ARE doing matters.
It's not about things Mozilla could theoretically do to block you, it's that they require you to proactively get their permission to run an extension (in a prod version of the browser on an ongoing basis, which I think is reasonable table stakes). Here's their official docs for self-distribution, i.e. not using the AMO at all: https://extensionworkshop.com/documentation/publish/submitti... Notice that step 1 starts with giving Mozilla your extension to approve of, step 4 goes so far as to say that if your extension doesn't pass their checks then
> The message informs you of what failed. You cannot continue. Address these issues and return to step 1.
then step 7 is make sure Mozilla reviewers can read your source code, step 9 is wait for them to get back to you, and step 13 is download the XPI that Mozilla has approved to be allowed to run in their browser.
So yes, you absolutely need Mozilla's approval to publish an extension, even if you self-publish the XPI after they've blessed it. If they do not perform the action of signing it, they don't need to change any source code, it won't install. It may be true that in this case they have given that approval, but that doesn't invalidate the general point, and this is a fundamental restriction, not "language-lawyering".
To me it seems absurd for a company that claims to be so pro-privacy to not allow any genuinely private extensions to exist. Anyone who wants to make a 'real' addon has to share their code with mozilla.
What you're saying is technically true, but also not relevant, as explained. They can have the best system in place today, and just change Firefox tomorrow. So it doesn't really matter how the system works now. This is true for anything from Mozilla to XFree86 to Redis to left-pad.
De-facto reality is that right now anyone can create an account and just create a signing key and distribute their extensions $anywhere. Approval is little more than rubber stamp. Mozilla not going around granting "approval" or anything like that.
And they certainly didn't revoke the very weak "approval" here; people can distribute and install it. It's just not listed on the Russian add-on store. So that makes it doubly irrelevant.
Unfortunately, it's iOS only and based on WebKit.
There's definitely an opportunity here, maybe using Servo as the browser engine.
It's available on macOS as well: https://kagi.com/orion/#download_sec
https://gist.github.com/TheBrokenRail/c43bf0f07f4860adac2631...
Ugh, I don't want to go back to a chromium based browser but I don't know how what other options I have at this point, short of dropping down to links/lynx/elinks ..
I still feel like it's an easy recommendation compared to the rest of the browser market.
Which ones are the right ones? Yours? Mine?
Who defines what the "right" political idea is? And do you really want to live in a society limited only to ideas that are deemed as the "right" ones by whoever has that power?
> ... forcing people onto beta or developer builds to have proper control over their own software ...
Hopefully enough folks do prioritize browser engine diversity, so we aren't stuck with no significant alternative.
Im not sure that we should support one "not the best" company just because other company definitely worse.
My understanding is that a democracy would exist to allow the majority of a society to define what they want, and that in the US we have a democratic republic because our founders still didn't trust the public enough to leave decisions entirely to a majority vote of the public.