Recommended Extensions program — coming soon

In February, we blogged about the challenge of helping extension users maintain their safety and security while preserving their ability to choose their browsing experience. The blog post outlined changes to the ecosystem to better protect users, such as making them more aware of the risks associated with extensions, reducing the visibility of extensions that haven’t been vetted, and putting more emphasis on curated extensions.

One of the ways we’re helping users discover vetted extensions will be through the Recommended Extensions program, which we’ll roll out in phases later this summer. This program will foster a curated list of extensions that meet our highest standards of security, utility, and user experience. Recommended extensions will receive enhanced visibility across Mozilla websites and products, including addons.mozilla.org (AMO).

We anticipate the eventual formation of this list to number in the hundreds, but we’ll start smaller and build the program carefully. We’re currently in the process of identifying candidates and will begin reaching out to selected developers later this month. You can expect to see changes on AMO by the end of June.

How will Recommended extensions be promoted?

On AMO, Recommended extensions will be visually identifiable by distinct badging. Furthermore, AMO search results and filtering will be weighted higher toward Recommended extensions.

Recommended extensions will also supply the personalized recommendations on the “Get Add-ons” page in the Firefox Add-ons Manager (about:addons), as well as any extensions we may include in Firefox’s Contextual Feature Recommender.

How are extensions selected to be part of the program?

Editorial staff will select the initial batch of extensions for the Recommended list. In time, we’ll provide ways for people to nominate extensions for inclusion.

When evaluating extensions, curators are primarily concerned with the following:

  • Is the extension really good at what it does? All Recommended extensions should not only do what they promise, but be very good at it. For instance, there are many ad blockers out there, but not all ad blockers are equally effective.
  • Does the extension offer an exceptional user experience? Recommended extensions should be delightful to use. Curators look for content that’s intuitive to manage and well-designed. Common areas of concern include the post-install experience (i.e. once the user installs the extension, is it clear how to use it?), settings management, user interface copy, etc.
  • Is the extension relevant to a general audience? The tightly curated nature of Recommended extensions means we will be selective, and will only recommend  extensions that are appealing to a general Firefox audience.
  • Is the extension safe? We’re committed to helping protect users against third-party software that may—intentionally or otherwise—compromise user security. Before an extension receives Recommended status, it undergoes a security review by staff reviewers. (Once on the list, each new version of a Recommended extension must also pass a full review.)

Participation in the program will require commitment from developers in the form of active development and a willingness to make improvements.

How will the list be maintained?

It’s our intent to develop a Recommended list that can remain relevant over time, which is to say we don’t anticipate frequent turnover in the program. The objective is to promote Recommended extensions that users can trust to be useful and safe for the lifespan of the software they install.

We recognize the need to keep the list current, and will make room for new, emerging extensions. Firefox users want the latest, greatest extensions. Talented developers all over the world continue to find creative ways to leverage the powerful capabilities of extensions and deliver fantastic new features and experiences. Once the program launches later this summer, we’ll provide ways for people to suggest extensions for inclusion in the program.

Will the community be involved?

We believe it’s important to maintain community involvement in the curatorial process. The Community Advisory Board—which for years has contributed to helping identify featured content—will continue to be involved in the Recommended extensions program.

We’ll have more details to share in the coming months as the Recommended extensions program develops. Please feel free to post questions or comments on the add-ons Discourse page.

21 responses

  1. Sylvain Giroux wrote on :

    Great post Scott!

    I’m very happy to see the community be still get involved in this process. Looking forward to more details later this year.

  2. neil wrote on :

    How is this different from the featured add-ons?

    1. Scott DeVaney wrote on :

      The biggest difference will be the manner in which Recommended extensions are *actively* curated. Each new version of a Recommended extension must undergo a full code review before it will be approved. It’s not uncommon for developers to submit multiple new versions of their extension per month, so this new process significantly increases our emphasis on security review. Also, new versions will be subject to rolling re-evaluations in terms of functionality and user experience.

      1. Nathar Leichoz wrote on :

        What about “extension safety” in terms of requesting the least number of permissions to perform the task?

        In the past the “Featured Add-Ons” have included add-ons which require more permissions than are necessary. For example, the QR code generator extensions requires permission to “read all your websites” whereas any such extension should require “activeTab” at most.

        Any abuse of that permission model should be frowned upon as it legitimizes the over-use of permissions for the convenience of the author just because some possible “future” feature may need it.

        1. rugk wrote on :

          I totally agree. You should definitivley push for few permissions.
          As for the QR code example, I can actively demonstrate that it works without requesting *any special* permissions at the installation time and still provide a rich feature set.

          See https://addons.mozilla.org/firefox/addon/offline-qr-code-generator/ for my add-on. (Disclosure: I’m the dev.)

        2. Scott DeVaney wrote on :

          It’s a good point that we don’t want extensions leveraging powerful permissions unnecessarily. Certainly we factor that into our evaluation.

  3. Grant wrote on :

    Good first step to help improving the health of the extensions ecosystem. Hopefully you’ll also be reaching out to extension developers who don’t quite meet the standards with suggestions for improvement.

  4. hellosct1 wrote on :

    great

  5. V wrote on :

    Hi, I am wondering if you know of an extension that allows photo uploads directly to Facebook, for Mac OS Mojave? Direct upload from the Mac Photos program was available with previous operating systems. It was taken away with Mojave. Would like this capability back and Apple isn’t going to provide it, so maybe an extension? Thanks.

  6. Hansi wrote on :

    Hi all,

    there are classic versions of uBlock and NoScript, which work reasonably well in SeaMonkey 2.49.4.

    This is atm the latest legacy uBlock version:
    https://github.com/gorhill/uBlock/releases/tag/firefox-legacy-1.16.4.10
    and this would be the last uBlock version officially supported in SM 2.49.4:
    https://github.com/gorhill/uBlock/releases/tag/1.13.8

    You can find the latest legacy version of NoScript on https://noscript.net/getit, search for classic or directly download the current legacy version::
    https://secure.informaction.com/download/releases/noscript-5.1.9.xpi

    It would be cool, if these legacy version could be added to SeaMonkey/Thunderbird Addons store.

    1. Caitlin Neiman wrote on :

      You might want to post this to the Thunderbird discussion forum: https://discourse.mozilla.org/c/thunderbird

  7. Glenn Sharp wrote on :

    Why no extension for LAST PASS ?

    1. Caitlin Neiman wrote on :

      Hi Glenn, it looks like you can get LastPass for Firefox from addons.mozilla.org or from the LastPast website:

      https://addons.mozilla.org/firefox/addon/lastpass-password-manager/
      https://lastpass.com/lastpassffx/

      1. Glenn Sharp wrote on :

        Caitlin
        Yes I can get Last Pass app but it will not load the passwords on my IPad.
        Last Pass works fine on Firefox on my MacBook but not on my IPad.
        That is why I was trying to get the extension on Firefox on my IPad.
        I was trying to get an answer from Last Pass support .But they did not respond.
        Thank you for your reply.
        Glenn

        1. Caitlin Neiman wrote on :

          No problem, Glenn! Unfortunately, Firefox for iOS does not support extensions because Apple developer policies prohibit them. 🙁 If that changes, hopefully Last Pass will be able to offer an extension for that platform.

  8. ahsan kamal wrote on :

    nice post man

  9. Glenn wrote on :

    Very nice.. Thank you Scott DeVaney and Neiman for support!

  10. Pam wrote on :

    I am new to Firefox and need help bringing them over from my Google Chrome account. Any suggestions?

    1. Pam wrote on :

      I am trying to bring my bookmarks over.

      1. Caitlin Neiman wrote on :

        Hi Pam, and welcome to Firefox! This page will walk you through how to bring your bookmarks over from Chrome: https://support.mozilla.org/en-US/kb/import-bookmarks-google-chrome

  11. Mike wrote on :

    I am looking forward to this.

    Honestly, even as a tech-savvy user I can not really say whether my extensions are really safe and not injecting some kind of questionable script into my pages.

    I hope that one criteria for recommended extensions is that no remote connections are being made to read out any user data.

    It would probably be good for users if recommended extensions get a safety badge in the local list of installed extensions in the addon settings.

    But it really needs to offer exceptional security and privacy, a single incident of a recommended extension being fraudulent would call the entire program into question.