this post was submitted on 29 Oct 2025
478 points (99.2% liked)

Technology

75756 readers
7991 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
478
Mozilla to Require Data-Collection Disclosure in All New Firefox Extensions (linuxiac.com)
submitted 2 days ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
20 comments fedilink hide all child comments
 

Also Servo 0.0.1 Browser Engine Released https://www.phoronix.com/news/Servo-0.0.1-Released

Finally more competition.

top 20 comments
sorted by: hot top controversial new old
[โ€“] pHr34kY@lemmy.world 108 points 2 days ago* (last edited 2 days ago) (4 children)

This is a great change. I wonder how long before the hate brigade comes along to complain.

[โ€“] spacelord@sh.itjust.works 39 points 2 days ago

You've got a downvote, so it seems not long. ๐Ÿ˜„

[โ€“] Zagorath@aussie.zone 19 points 2 days ago (1 children)

Yup, sounds great to me. I could see a world in which it becomes a bad thing because they try to enforce it by pulling a Google and blocking users from installing extensions that aren't through their official add-on store, but as it is, it's hard to see any reasonable criticism.

[โ€“] themachinestops@lemmy.dbzer0.com 13 points 1 day ago

They can't unlike google they don't have any leverage to enforce it. They only have a small market share.

[โ€“] ricdeh@lemmy.world 11 points 2 days ago

insert rant about Mozilla CEO

[โ€“] 6nk06@sh.itjust.works 5 points 2 days ago (1 children)

It's not clear whether it's a useless disclosure or enforced by the API.

[โ€“] TheGrandNagus@lemmy.world 9 points 1 day ago

Some extensions have a verified/recommended by Mozilla seal of approval, so these extensions would be checked by a human to see that they comply.

Obviously they can't check every update of every extension in existence, but even just the above is an improvement and certainly not useless.

I don't think this could be enforced by the API without also seriously limiting what extensions can do, which people would go crazy about if they did.

[โ€“] This2ShallPass@lemmy.world 21 points 1 day ago (2 children)

It is possible that any developer could just say "none" even if the extension does collect data? If it has to be manually disclosed, this won't stop malicious actors. Only trustworthy extension developers would disclose this.

[โ€“] bobo1900@startrek.website 18 points 1 day ago

Since some extensions are "mozilla-approved", I guess they test it regularly, it wouldn't be hard to verify if one is really sending anything despite their disclosure.

[โ€“] helloyanis@furries.club 8 points 1 day ago

@This2ShallPass @themachinestops As an extension developper on Mozilla's store, yes it's definitely possible. There's some automatic review process but what you state in your implicit data consent disclosure (that's how they call it) is up to the developer.

However, the extension can't access all websites unless you specifically allow it while installing. There's an "All websites" permission, so if it's that or if it includes some kind of sketchy site then it's a bad sign.

Finally, just like any web page, you can always inspect an extension and check the network requests to see if it's doing malicious stuff. If so, then you can report it.

But since mozilla accounts are free and only require a verified email, they could just create another one. It's an endless game of whack-a-mole!

[โ€“] Treczoks@lemmy.world 18 points 2 days ago (2 children)

The only issue with this otherwise great idea is that "the developer says, that...". A browser API should have a way to only grant certain rights when this is technically disclosed, e.g. an extension can only access location data if this is (formally) declared, and must be able to cope without it if the user or any global policy disallows it.

[โ€“] Feyd@programming.dev 7 points 1 day ago* (last edited 1 day ago) (1 children)
[โ€“] Treczoks@lemmy.world 1 points 1 day ago

So what does this new change do then? Is it just about disclosing the state to the user?

[โ€“] MalReynolds@piefed.social 6 points 1 day ago

So, sandbox the extensions, a practical, sensible step on the path to browser as OS (contentious, but doesn't that seem where things are going, and if we lose firefox...). I get it, it's mr right now harm minimization, as opposed to mr right (linux or flatpak) general purpose computers in service of their users with usable security control.

[โ€“] TheGrandNagus@lemmy.world 13 points 1 day ago

Nice addition!

[โ€“] rumba@lemmy.zip 12 points 1 day ago

no one ever discloses, they just wait to get caught, then make a new extension and restart the cycle.

[โ€“] MonkderVierte@lemmy.zip 2 points 1 day ago (1 children)

And firefox itself?

[โ€“] ripcord@lemmy.world 9 points 1 day ago

Already has it

[โ€“] SloganLessons@lemmy.world 2 points 1 day ago* (last edited 1 day ago)

..... this wasn't a thing already? Better late than never I guess

[โ€“] biotin7@sopuli.xyz 1 points 1 day ago

I would also like to see a competition to Mozilla itself. One that's fiercely loyal to it commitment to an Open internet.