Mozilla updates its Firefox Add-on Policy

Mozilla will make changes to Firefox Add-on policies in June 2019 that are designed to improve user safety and privacy when using extensions.

Starting in June 2019, extensions may no longer contain obfuscated code. Caitlin Neiman, Mozilla's Add-ons Community Manager notes that extensions may still use minified, concatenated or otherwise machine-generated code, but that the source code needs to be included and that obfuscation is not allowed anymore.

Mozilla will improve the blocking process as well to block extensions "more proactively" if they violate policies.

The organization changed the review process from "review first, publish second" to an automated review system. Granted, add-ons are still reviewed manually which sets the process apart from how Google handles Chrome extension reviews.

Mozilla announced a new Recommended Extensions program in April to promote excellent extensions for Firefox. These would be reviewed before they are published, and promoted in various places.

Add-on Policies

mozilla add-on policies

All extensions released for Firefox need are subject to the policies regardless of how they are distributed. Mozilla reviewers will use the policies as a guideline to determine whether an add-on is safe or in violation of the policies. Violating add-ons will be blocked by the organization.

Mozilla's new policies for add-ons address several add-ons related issues of the past; it requires that add-ons come with a description that clearly states what changes they make, that changes must be opt-in, must disclose if payment is required, must only request necessary permissions, and must disclose data collection, storage, and user data sharing policies.

A large part of the policy focuses on data collection and user privacy. Mozilla notes that add-ons need to disclose when they use cookies and describe the purpose of the cookies clearly, and that add-ons need to provide users with options to refuse the storage of cookies or access to cookies. Furthermore, add-ons need to inform users about the consequences should they choose to disallow cookies or disallow access to them.

The collection of personal information is prohibited without user consent, and the collection of personal information not required for the add-ons "basic functionality" is prohibited as well. Add-ons may not leak local or user-sensitive data to websites.

The new Firefox Add-ons Blocking Process

Mozilla may block add-on versions, entire add-ons, or even developer accounts if violations are detected. It applies "security over choice" when it comes to blocking which means that it "err on the side of security to protect the user".

The organization distinguishes between hard and soft blocks. Soft blocks disable add-ons by default but users may override the block to continue using it. Soft blocks may be used if an add-on contains non-critical policy violations, or causes "severe stability and performance issues in Firefox".

Hard blocks on the other hand disable Firefox add-ons and block users from enabling them in the browser. These are applied when add-ons are found to "intentionally violate policies", contain critical security vulnerabilities", "compromise user privacy", or "severely circumvent user consent or control".

Anyone may request a block on Bugzilla.

Closing Words

All extensions are subject to these new policies. Mozilla notes explicitly that developers should update extensions if these extensions contain obfuscated code as they might be blocked otherwise.

The updated policies address improve transparency (cookie disclosure, monetization, opt-in nature, description), and disallow obfuscation which should improve user safety and privacy when it comes to Firefox add-ons.

Add-on developers may need to update descriptions, extensions, and privacy policies; it is unclear if they are notified by Mozilla about the upcoming policy changes. Add-on developers were notified about the changes.

Now You: what is your take on the announced changes?

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks)). Thank you for being a Ghacks reader. The post Mozilla updates its Firefox Add-on Policy appeared first on gHacks Technology News.

Leave a Reply

Your email address will not be published. Required fields are marked *