Bonum Certa Men Certa

Mozilla Has Turned Firefox Into OSPS Consistent With "Attestation" Objectives

posted by Roy Schestowitz on Apr 14, 2024

OSPS is Open Source Proprietary Software (Proprietary in 'Open' Clothing)

Halloween image of witch silhouetted flying in front of full moon with evil pumpkins at base

PART of running this Web site and Gemini capsule involves development and rapid improvement of custom-made software that suits our needs and meets some basic standards. A lot of it is coded in Perl, Python, and Bash. Recently, however, JavaScript too (tr-copy-title-url.xpi).

In the process of doing that we discovered just how locked down Firefox (and its derivatives too) had become. If one develops an extension to Firefox it "has to be installed as a 'temporary extension' because it is not signed at all," as an insider explains. "In Firefox," one must go to "about:debugging#/runtime/this-firefox" and then "Load Temporary Add-on..."

This needs to be done again and again every time Firefox gets (re)started. "The downside to it being unsigned," the insider emphasises, "is that it needs to be reloaded each time the browser is restarted."

This wasn't like that when I developed Firefox extensions nearly 20 years ago. Something has changed, we're not sure when it changed, and this change was likely gradual.

I installed the extension using the steps above and it required the same to be done in LibreWolf, so the artificial restrictions got inherited by the "Libre" 'version'. Great, eh?

So people need to 'sideload' ("sideloading" is a misnomer) their own work, even repeatedly. It cannot be done without so many steps. The insider explains that "restarting Firefox clears the plug-in out of memory, so figuring out how to sign it properly would help with that."

There's an issue with that though. As the insider soon realised, based on the official pages [1, 2], self-signing is forbidden. "As usual for nowadays," the insider says, "self-signing is not allowed. The tedious manual process given initially is the only real option" (for those who update the code frequently and want it to still work).

If one signs or self-signs one's own work, what is the problem? That it might crash everything? There are various ways to undo or remove extensions and "signing" does not in any way assure quality; it makes sense to allow self-signing in many circumstances.

We've attempted to find a workaround, we tried to think more of ways to install the extension fast (without all those laborious steps). We still wonder when these tight restrictions were added and why it happened (or how Mozilla tried to justify/rationalise it).

Mozilla just wants to be in control of everything, even whatever extension the user adds, even if the user himself or herself developed the extension for personal use. This can facilitate censorship of software by Mozilla, as in, you can only do in Firefox what we've approved.

Attestation much? Is this where Mozilla is going? It's a stepping stone towards DRM or at least Tivoisation.

Where was this decision debated? "Gradual steps [were taken] so that the public goes along without complaining," our insider says. As LibreWolf is the same, we can really see how the restrictions get inherited by freer alternatives. Apparently LibreWolf is so secure that the user is wrong to add the user's own code. Or, as the insider puts it: "It's not your computer any more. It's Microsoft via Mozilla via Google. The three collude and conspire to ensure that they have control of the system and not the ostensible owner. Don't look at the DRM hard- coded into Apple's M2, M3, and M4 chips."

I've estimated that it would take ~60 minutes/month (or 12 hours a year) if we need to re-load our extension every time Firefox (or LibreWolf) is restarted. The insider thinks "reloading is an intentional PITA by Mozilla."

"About the only other option would be to make it an official plug-in and downloadable via Mozilla's site. Updating it would be a horrible experience and require lots of time, each update."

Imagine trying to update one's own software and resubmit to Mozilla every small changes for re-signing. Where's the logic in that? What if the code (or extension) isn't of much use to the general public? Or Mozilla turns the coder down? This isn't being done for "security", it's all about control by Mozilla and its masters (GAFAM). One can bet that, like in Windows XP (and later), Mozilla also keeps lists of everything you put in Firefox every time you use it (under the guise of "telemetry" to 'improve' your experience or something).

We've seen similar issues in UEFI 'secure' boot and Certificate Authorities. These facilitate censorship of code or restrictions on site access (i.e. attacks on Freedom of Expression).

The way things work at the moment "is a waste of time," the insider opines. "It is not about "security" as you or I or anyone else thinks of it. It is about control of the machine and wresting that away from the public, without their complaints."

So just remember that Mozilla has turned Firefox into OSPS that refuses to trust you, the user, or obey your will. The word "Firefox" has two Fs, but Mozilla doesn't give a F about your Freedom.

Other Recent Techrights' Posts

Slopwatch: Linux Journal, Linuxsecurity, and Google News Getting Even Worse (More Slopfarms Added Which Attack Linux With Bruce-Force SPAM)
Google News is part of the same problem
GNU/Linux is Replacing Microsoft Windows. But We Need to Eradicate Microsoft, It's a Hub of Crime.
I have been writing about Microsoft since the 1990s when I was in school
Microsoft Staff Harassing Women, Strangling Women, Telling Women to Kill Themselves and Worse? Not a Problem!
Two women have left Brett Wilson LLP
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 03, 2025
IRC logs for Thursday, July 03, 2025
The War on Local Storage (People Hosting Their Files Locally and Privately)
There's nothing wrong with controlling one's computing
What Digital Independence Means
Independence in the digital realms means abandoning platforms like GitHub, not just rejecting proprietary software
NVidia is a Bubble
they temporarily see fortunes and wrongly assume perpetuity thereof
Fedora Does Not Care About Diversity and Inclusion, It's About Optics (Corporate Image)
any notion of inclusion is superficial and misleading
Don't Buy the Excuses for Microsoft's Mass Layoffs
Back in the 90s, Microsoft bought a lot of companies to get and stay ahead
Happy Independence Day to Our American Readers
Maybe tomorrow will be a good opportunity to explain to American people - in terms of concepts, not brands - which tools respect their independence
Links 03/07/2025: More Cuts and Cancellations at Microsoft Revealed
Links for the day
Gemini Links 03/07/2025: Favourite Child and Launching WikiGem
Links for the day
Mystery Surrounding the PCLinuxOS Sites and PCLinuxOS Magazine
Let's hope this isn't something major
People and Companies Do Learn Some Lessons From Their Mistakes (Stubborn Ones Don't)
Brett Wilson LLP is an example of one that would rather drown in mistakes
Links 03/07/2025: 'Hey Hi' Slop Ridiculed Some More and Microsoft's Layoffs Tally for 2025 Reaches About 29,000 in Just 6 Months (Almost 5,000 Per Month)
Links for the day
The Slopfarms Are Losing the Plot (and Google is Propping Up Rogue Sites)
Google is part of the attack on the Web, on information, and on technology
New BetaNews Realises There's No Potential or Future in Slopfarms, Prior Editor Wayne Williams is Back
They realise that slop (so-called "AI") cannot replace humans
Claims That Microsoft Looks for Staff That Works More and Gets Paid Less (or Can Only Code by Grabbing Other People's Code, Under the Guise of "AI")
People can form their own opinion
Richard Stallman Was Right About Reasons Not to Use Microsoft
last updated 2017
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 02, 2025
IRC logs for Wednesday, July 02, 2025
Gemini Links 03/07/2025: No to Cloudflare and Small Web July
Links for the day
Links 02/07/2025: Deep Microsoft Cuts, Macron Speaks to Putin
Links for the day
Confirmed: Microsoft Shutdowns Today, Not Only Mass Layoffs
"The Initiative is the only studio closure planned today, although some other teams have seen cuts of varying degrees."
Microsoft Windows Nosedives in Switzerland While GNU/Linux Leaps Above 6%
sooner or later they might have to make the move anyway
Anxiety at Microsoft: Many Workers (Maybe Over 10,000) Still Don't Know They're Being Laid Off Just Before US Independence Day
"Has anyone gotten the notification yet?"
Microsoft "Declined to Say How Many People Would be Laid Off," According to Associated Press
Some other prominent publications said they reached out for comment from Microsoft and received none
The X War is Over and the "Wayland People" Lost
People will gravitate towards what works for them
20 Years Since My Thesis
It's still online
GNU/Linux is Replacing Windows in Laptops/Desktops
The world will move on while Windows and Microsoft shrink
Now Comes the Expected Webspam, Framing Microsoft Layoffs as "Hey Hi" Success Story (False Marketing That's Piggybacking the Layoffs)
falsely marketed as "intelligence"
Hungary: Microsoft Windows Sinks to 17% "Market Share"
In many nations in Europe it seems like the era of Windows is coming to an end
Microsoft Media Operatives and Bill Epsteingate-Funded Sites Said Microsoft Lays Off 9,000, But Other Sites Say More (Including 2,300 in Redmond Alone)
We might never know the real number/s (Microsoft will keep the cards close to its chest) until there are leakers or unless there are whistleblowers with hard proof
Microsoft Layoffs in Spain, Portugal Record for GNU/Linux
in Portugal we see GNU/Linux at record levels
GNU/Linux Reaches All-Time High in the United States of America
Windows is trending down
Yes, Microsoft is Again Using Its Favourite Liars (Stenographers) to Seed Fake Layoff Numbers, Much Lower Than What's Really Happening
It is Jordan Novet again, just as we predicted
Will Microsoft Once Again Choose Its Favourite Liar to Spread Lies About Today's Layoffs, Quickly to be Replicated and Spread by Slopfarms?
What lies is Microsoft briefing its media moles to tell today?
"OSS Fetishism" Wins After Ferenc Zsolt Szabó Ousted (Microsoft Mole From Capgemini)
Many people said 2025 would be the "year of Linux on the desktop"
There is Nothing That LLMs Can Offer Honest People
LLMs are a passing fad; they're expensive and offer poor "value" for energy; they usually offer no value at all unless you are a cheater, spammer, and liar
What statCounter Shows Today Helps Explain Microsoft's Helplessness, Mass Layoffs
Since many US journalists are already away on holiday almost nobody will dare ask the difficult questions or give a voice to whistleblowers
Microsoft Gets the Chop in South America
The notion of digital sovereignty gained a lot of popularity
Europe Has an 'Exit'
Let's see what happens the rest of this year
El Presidente Talks, Canada Walks (Away From Windows)
GNU/Linux rising
Cities in France and Germany Move to GNU/Linux and statCounter Detects Big Differences
Will governments lead by example?
Microsoft Lost Its Foothold in Africa
How many of these are "old" Windows machines converted to GNU/Linux? Probably a lot.
Led by Europe, GNU/Linux Makes Big Gains This Month
statCounter started showing new/fresh stats
Links 02/07/2025: Massive Microsoft Layoffs About to Commence, "Tesla's Robotaxi Program Is Failing"
Links for the day
Why the Microsoft People Who Started SLAPPs Against Techrights Could Very Well be Sent Back to Prison
White-collar crime is also a crime
The Company Run by Former (and Last Proper) Red Hat CEO, Promoting Microsoft Mono, Faces Shock as Senior Partner Jailed for 33 Sexual Offenses Including Pedophilia
"As reported by The Oxford Mail in April 2025, the offenses include rape, sexual assault, engaging in non-penetrative activity with a child, and more."
Microsoft Lost 29% of Windows Users, Based on Microsoft, Now Come Massive Layoffs
Microsoft collapse is today
Slopwatch: Google Serves to People Linux Slop and Linux FUD (Made by Bots)
"Slopwatch" finds it difficult to ignore Google's role in encouraging LLM slop
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 01, 2025
IRC logs for Tuesday, July 01, 2025
"Wayland People" Behave Like the Googles and Microsofts of This World
Published yesterday by Igor Ljubuncic
Gemini Links 02/07/2025: Arch Linux and Fulfillment in Gemini
Links for the day