On 30/10/2013 21:55, Jorge Villalobos wrote:
Cross posting to dev.planning, where I originally intended this to be.
Please follow up to dev.planning.
Jorge
On 10/30/13 3:42 PM, Jorge Villalobos wrote:
Hello!
As many of you know, the Add-ons Team, User Advocacy Team, Firefox Team
and others have been collaborating for over a year in a project called
Squeaky [1]. Our aim is to improve user experience for add-ons,
particularly add-ons that we consider bad for various levels of "bad".
Part of our work consists on pushing forward improvements in Firefox
that we think will significantly achieve our goals, which is why I'm
submitting this spec for discussion:
https://docs.google.com/document/d/1SZx7NlaMeFxA55-u8blvgCsPIl041xaJO5YLdu6HyOk/edit?usp=sharing
The Add-on File Registration System is intended to create an add-on file
repository that all add-on developers need to submit their files to.
This repository won't publish any of the files, and inclusion won't
require more than passing a series of automatic malware checks. We will
store the files and generated hashes for them.
On the client side, Firefox will compute the hashes of add-on files
being installed and query the API for it. If the file is registered, it
can be installed, otherwise it can't (there is planned transition period
to ease adoption). There will also be periodic checks of installed
add-ons to make sure they are registered. All AMO files would be
registered automatically.
This system will allow us to better keep track of add-on IDs, be able to
easily find the files they correspond to, and have effective
communication channels to their developers. It's not a silver bullet to
solve add-on malware problems, but it raises the bar for malware developers.
We believe this strikes the right balance between a completely closed
system (where only AMO add-ons are allowed) and the completely open but
risky system we currently have in place. Developers are still free to
distribute add-ons as they please, while we get a much-needed set of
tools to fight malware and keep it at bay.
There are more details in the doc, so please give it a read and post
your comments and questions on this thread.
Jorge Villalobos
Add-ons Developer Relations Lead
[1] https://wiki.mozilla.org/AMO/Squeaky
I've read every post on this topic, and I've got some observations to offer.
I develop and distribute two add ons which are not, and never have been,
published through AMO; Dephormation & Secret Agent. Dephormation
disrupts Phorm's communications surveillance. Secret Agent randomises
the browser user agent to suppress device fingerprinting. We can argue
about how effective either might be, its not relevant to the topic in hand.
How and who defines 'malware?
Taking the Dephormation add on for example; I suspect if you were to ask
Kent Ertugrul whether Phorm's spyware was malware, he would say no.
Conversely, Phorm would claim my code was malicious, given the damage it
might cause to their involuntary surveillance business.
Needless to say, I take entirely the opposite view. As do the people who
choose to install my software.
So. The key question is which side do *you* take? If you appoint
yourself as the arbitor between good and evil in a binary world, you
cannot sit on the fence.
Kent Erutugrul probably pays better than I ever will. He employs better
lawyers. I guess that would ensure he wins?
On submitting code, vs code signing... the latter is obviously more
sensible. But if the cost is prohibitive, you will cause people like me
to reassess the commitment we make to developing add ons. However
signing code does not guarantee the quality or intent of the code.
On the question of freewill, I don't think it should be up to you to
protect me from the consequences of my own poor judgement. If I elect to
install an item of software on my own computer, who are you to decide
whether the consequences are in my best interest or not? Its my computer.
Finally... to summarise... I think you need to articulate a much better,
stronger case for what you are doing. On that focusses only on the harm
to other people resulting from software installation. Rather than
protecting the individual from the consequences of choosing freely to
ignore your advice. For example; if this is about selectively targeting
add ons that spread spam, relay malware, support DDOS attacks then there
is a more compelling case to make for protecting other people.
If you are protecting me from the consequences of exercising my own
freewill, or stupidity, I disagree with your goal completely.
To borrow a bit of John Stuart Mills philosophy on liberty;
"The sole end for which mankind are warranted, individually or
collectively, in interfering with the liberty of action of any of their
number, is self-protection. That the only purpose for which power can be
rightfully exercised over any member of a civilized community, against
his will, is to prevent harm to others. His own good, either physical or
moral, is not sufficient warrant. He cannot rightfully be compelled to
do or forbear because it will be better for him to do so, because it
will make him happier, because, in the opinion of others, to do so would
be wise, or even right...The only part of the conduct of anyone, for
which he is amenable to society, is that which concerns others. In the
part which merely concerns him, his independence is, of right, absolute.
Over himself, over his own body and mind, the individual is sovereign."
... to which I'd add 'over his own computer the individual is sysadmin too'.
https://en.wikipedia.org/wiki/John_Stuart_Mill
regards
Pete
PS; blocking access to a target domain from within an add on is also a
risk you might want to consider. In that case it would be possible for a
single add on to suppress any network access.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
