Note: This is my personal opinion and is not meant to reflect Mozilla’s views.
We’ve done a lot of work to help Firefox users have control over their add-ons (for example, bug 596343 and follow-ups 693743 and 693698) but some software companies are hard at work circumnavigating these protections. A while ago I filed bug 721258 concerned about the way the Ask Toolbar changes our 3rd party add-on confirmation screen. Today, in a follow-up comment I posted this screencast which shows an example of it in action:
Planet Mozilla viewers – you can watch this video on YouTube.
Some suggested that this isn’t that bad or that it could be worse. As someone charged with looking out for our users it’s pretty frustrating to run into that kind of opposition – just take a look at our support forum. Ask is known for this kind of stuff. And in fact, “how do I uninstall the Ask toolbar” is their top support question. It looks like we can’t do anything technical to prevent this at the moment. Maybe by drawing attention to it we can come up with another solution that protects people.
Clarification: At the end of the video, when I’m trying to fix the location bar search – the problem is that “domain guessing” is happening when it shouldn’t be (documented here).
Maybe it’s because I’m a Linux geek and Linux comes with more tools, but the first thing I’d have done in your situation is use a command like
diff -u old_profile/prefs.js new_profile/prefs.jsand, if that doesn’t turn up anything useful, I’d have flushed all caches and then rundiff -ur old_profile new_profile.If none of the non-binary results did the trick, I’d have next tried
sqlite3 .dumpon the various SQLite databases (eg.places.sqlite) followed bydiffon the resultant SQL files.Yes, Firefox could really use a simpler, cleaner way to figure out what happened.
Can you post the prefs.js from the broken profile?
Hi Boris – here it is http://people.mozilla.org/~mverdi/files/prefs.js.txt
This should have occurred to me while making the video but restarting in safe mode and selecting “Reset all user preferences to Firefox defaults” did the trick.
I once filed bug 650477 for small part of the problem, but unfortunately it was WONTFIXd without any further indication of what to do with this pain.
OMG, that is horrendous
In my opinion all misbehaving addons should be blacklisted.
That’s odd. Nothing in that prefs.js should affect the url bar, offhand….
It looks to me like the address bar search is just doing “I’m feeling lucky” style search instead of normal Google search.
Unfortunately, I suspect this will keep happening with Firefox treating all other apps as malicious and not providing hooks for other people to interact cleanly. As long as there’s no way of nicely informing Firefox that the toolbar is being installed (and have it, for example, prompt the user at install time), people will end up trying weird things to remind their users that they at one point wanted this stuff.
Firefox really doesn’t play well with others…
Mook, the problem is that most users don’t really want most of this stuff. They’re tricked into installing it. And if there weren’t lucrative economics associated with tricking users into installing most of it, many of these add-ons would have next to no usage. This is not in the best interest of users. It’s more often than not sleezy vendor behavior driven by the easy economics of search.
- A
Asa: I agree that many of the installs are unwanted; that’s why I only attempted to describe a flow that includes user opt-in. I feel that by assuming all other entities are malicious, Firefox-the-project breeds a reality where this is true. After all, people who would rather respect the user and do nice things are forced to go through weird hacks anyway to get a reasonable user experience – so more effort overall is being poured into working against the system.
I’m not asking Firefox to just allow everything; I’m asking for doing the right thing to be significantly easier to implement than doing the wrong thing.
Pingback: Ask Toolbar is changing the Firefox add-on process | Verdi helps you with Firefox
How about mandating a section in addon installation which tells what regular browser features are being changed by given addon.
Or may be that section is auto generated by FF installation script ?
I like that but it may fall into the category of yet another screen that people automatically don’t read and just click next.
Maybe this has already been mentioned but here goes:
Allow the addon to install only if it is hosted in the official repository (https://addons.mozilla.org). Otherwise, it will not get installed. This way:
1. Mozilla can monitor the addons.
2. Users can post reviews and crapware will be automatically minimized and perhaps eliminated.
3. If ask wants to dump their toolbar on Mozilla users, they would have to create a user account at addons.mozilla.org, upload their addon and users would download it if they needed it, rate it etc..etc… The same would go for McAfee, AVG or anyone (big company, small time addon creator etc.).
This would eliminate third party addons completely. But for most users, this would work out.
I understand that this could go against Mozilla’s principles of the open web etc.. But wouldn’t it solve half the problems? Or am I missing something?
The key is like you said, that could go against our principles. I don’t believe we want to force developers and users to only be able to use AMO. That would be kind of like Apple’s app store. But there is a proposal that might accomplish something like this – https://bugzilla.mozilla.org/show_bug.cgi?id=728227