{"id":8573,"date":"2018-10-26T14:00:42","date_gmt":"2018-10-26T21:00:42","guid":{"rendered":"http:\/\/blog.mozilla.org\/addons\/?p=8573"},"modified":"2018-10-26T14:00:42","modified_gmt":"2018-10-26T21:00:42","slug":"firefox-chrome-and-the-future-of-trustworthy-extensions","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/","title":{"rendered":"Firefox, Chrome and the Future of Trustworthy Extensions"},"content":{"rendered":"<p>Browser extensions are wonderful. Nearly every day I come across a new Firefox extension that customizes my browser in some creative way I\u2019d never even considered. Some <a href=\"https:\/\/addons.mozilla.org\/firefox\/search\/?category=games-entertainment&amp;sort=rating&amp;type=extension\">provide amusement for a short time<\/a>, while others have become indispensable to my work and life. Extensions are a real-world manifestation of one of Mozilla\u2019s core principles &#8212; that <a href=\"https:\/\/www.mozilla.org\/about\/manifesto\/#principle-05\">individuals must have the ability to shape the internet and their experiences on it<\/a>.<\/p>\n<p>Another of Mozilla\u2019s core principles is that <a href=\"https:\/\/www.mozilla.org\/about\/manifesto\/#principle-04\">an individual\u2019s security and privacy on the internet are fundamental and must not be treated as optional<\/a>. We\u2019ve made the decision to support extensions, but it is definitely a balancing act. Our users\u2019 freedom to customize their browser &#8211; their \u201cuser agent\u201d &#8211; and to personalize their experience on the web can also be exploited by malicious actors to compromise users\u2019 security and privacy.<\/p>\n<p>At Mozilla, we continually strive to honor both principles. It\u2019s why Firefox extensions written to the WebExtensions API are limited in their abilities and have good oversight, including automatic and manual review. It\u2019s also why we make sure users can understand exactly what permissions they\u2019ve granted to those extensions and what parts of their browser they can access.<\/p>\n<p>In short, Mozilla makes every effort to ensure that the extensions we offer are trustworthy.<\/p>\n<p>So it was with great interest that I read Google\u2019s recent Chromium Blog blog post entitled \u201c<a href=\"https:\/\/blog.chromium.org\/2018\/10\/trustworthy-chrome-extensions-by-default.html\"><i>Trustworthy Chrome Extensions, by default<\/i><\/a>.\u201d It outlines upcoming changes to Chrome\u2019s extension architecture designed to make \u201cextensions trustworthy by default.\u201d I thought it would be interesting to explore each of the announced changes and compare them to what Mozilla has built into Firefox.<\/p>\n<h2>User Controls for Host Permissions<\/h2>\n<p style=\"padding-left: 30px;\"><i>\u201cBeginning in Chrome 70, users will have the choice to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.\u201d<\/i><\/p>\n<p>Being able to review and modify the sites that an extension has access to, especially those extensions that ask to \u201caccess your data for all websites,\u201d is a worthy goal. Mozilla has discussed similar ideas, but the problem always comes down presenting this in a clear, uncomplicated way to a majority of users.<\/p>\n<p>Having played a bit with this feature in Chrome, the implementation definitely seems targeted at power users. Extensions that request access to all websites still get installed with that access, so the default behavior has not changed.<\/p>\n<p>The click-to-script option is intriguing, although the UX is a bit awkward. It\u2019s workable if you have a single extension, but becomes unwieldy to click and reload every site visited for every installed extension.<\/p>\n<p>Admittedly, getting this interface right in an intuitive and easy-to-use manner is not straightforward and I applaud Google for taking a shot at it. Meanwhile Mozilla will continue to look for ways Firefox can provide more permission control to a majority of extension users.<\/p>\n<h2>Extension Review Process<\/h2>\n<p style=\"padding-left: 30px;\"><i>\u201cGoing forward, extensions that request powerful permissions will be subject to additional compliance review.\u201d<\/i><\/p>\n<p>The post is vague about exactly what this means, but it likely means these extensions will be flagged for manual review. This brings Chrome up to the standard that <a href=\"https:\/\/blog.mozilla.org\/addons\/2017\/09\/21\/review-wait-times-get-shorter\/\">Firefox set last year<\/a>, which is great news for the web. More manual review means fewer malicious extensions.<\/p>\n<p style=\"padding-left: 30px;\"><i>\u201cWe\u2019re also looking very closely at extensions that use remotely hosted code, with ongoing monitoring.\u201d<\/i><\/p>\n<p>Firefox <a href=\"https:\/\/developer.mozilla.org\/docs\/Mozilla\/Add-ons\/AMO\/Policy\/Reviews#Development_Practices\">expressly forbids<\/a> remotely hosted code. Our feeling is that no amount of review can eliminate the risks introduced when developers can easily and undetectably change what code is loaded by extensions. Mozilla\u2019s policy ensures that no unreviewed code is ever loaded into the browser, and <a href=\"https:\/\/developer.mozilla.org\/docs\/Mozilla\/Add-ons\/Distribution#Signing_your_add-ons\">enforced signatures<\/a> prevents reviewed code from being altered after release.<\/p>\n<h2>Code Readability Requirements<\/h2>\n<p style=\"padding-left: 30px;\"><i>\u201cStarting today, Chrome Web Store will no longer allow extensions with obfuscated code&#8230;minification will still be allowed.\u201d<\/i><\/p>\n<p>In reality, minified and obfuscated code are not very useful in extensions. In both Chrome and Firefox, extensions load locally (not over the network) so there is almost no performance advantage to minification, and obfuscation can be overcome by a dedicated person with readily available tools and sufficient effort.<\/p>\n<p>Nevertheless, Mozilla permits both obfuscated and minified extensions in our <a href=\"https:\/\/addons.mozilla.org\/\">store<\/a>. Critically, though, Mozilla requires all developers to <a href=\"https:\/\/developer.mozilla.org\/docs\/Mozilla\/Add-ons\/AMO\/Policy\/Reviews#Source_Code_Submission\">submit original, non-obfuscated, non-minified code for review<\/a>, along with instructions on how to reproduce (including any obfuscation or minification) the store version. This ensures that reviewers are able to review and understand every extension, and that the store version is unaltered from the reviewed version.<\/p>\n<p>As you might expect, this takes a significant investment of time and energy for both Mozilla and developers. We believe it is worth it, though, to allow developers to secure their code, if desired, while simultaneously providing thoroughly reviewed extensions that maintain user security and privacy.<\/p>\n<h2>Required 2-Step Verification<\/h2>\n<p>As a whole, the web is moving in this direction and requiring it for developer accounts is a strong step towards protecting users. Mozilla recently added <a href=\"https:\/\/blog.mozilla.org\/services\/2018\/05\/22\/two-step-authentication-in-firefox-accounts\/\">two-step authentication for Firefox Sync<\/a> accounts, and two-step authentication for Firefox extension developers is <a href=\"https:\/\/github.com\/mozilla\/addons\/issues\/732\">on the roadmap<\/a> for the fourth quarter of 2018. Like Google, we expect to have this feature enabled by 2019.<\/p>\n<h2>Manifest v3<\/h2>\n<p style=\"padding-left: 30px;\"><i>\u201cIn 2019 we will introduce the next extensions manifest version&#8230;We intend to make the transition to manifest v3 as smooth as possible and we\u2019re thinking carefully about the rollout plan.\u201d<\/i><\/p>\n<p>In 2015, Mozilla announced we were deprecating our extremely popular extension system in favor of WebExtensions, an API compatible with Chrome, as well as Edge and Opera. There were several reasons for this, but a large part of the motivation was standards &#8212; a fundamental belief that adopting the API of the market leader, in effect creating a de facto standard, was in the <a href=\"https:\/\/www.mozilla.org\/about\/manifesto\/#principle-06\">best interests of all users<\/a>.<\/p>\n<p>It was a controversial decision, but it was right for the web and it represents who Mozilla is and <a href=\"https:\/\/www.mozilla.org\/mission\/\">our core mission<\/a>. Three years later, while there still isn\u2019t an <a href=\"https:\/\/browserext.github.io\/browserext\/\">official standard for browser extensions<\/a>, the web is a place where developers can quickly and easily create cross-browser extensions that run nearly unchanged on every major platform.<\/p>\n<p>So I would like to publicly invite Google to collaborate with Mozilla and other browser vendors on manifest v3. It is an incredible opportunity to show that Chrome embodies <a href=\"https:\/\/www.google.com\/about\/philosophy.html\">Google\u2019s philosophy<\/a> to \u201cfocus on the user,\u201d would reaffirm the Chrome team\u2019s commitment to open standards and an interoperable web, and be a powerful statement that working together on the future of browser extensions is in the best interests of a healthy internet.<\/p>\n<h2>Conclusion<\/h2>\n<p>While all of the changes Google outlined are interesting, some of them could go a step further in protecting users online. Nevertheless, I\u2019d like say &#8212; bravo! The motivation behind these changes is definitely in the spirit of Mozilla\u2019s mission and a gain for the open web. With Chrome\u2019s market share, these initiatives will have a positive impact in protecting the security and privacy of millions of users around the world, and the web will be a better place for it.<\/p>\n<p>A lot of work remains, though. Expect Mozilla to keep fighting for users on the web, launching new initiatives, like <a href=\"https:\/\/monitor.firefox.com\/\">Firefox Monitor<\/a>, to keep people safe, and <a href=\"https:\/\/blog.mozilla.org\/blog\/2018\/10\/23\/latest-firefox-rolls-out-enhanced-tracking-protection\/\">advancing Firefox<\/a> to be the best user agent you can have in your online journies.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Browser extensions are wonderful. Nearly every day I come across a new Firefox extension that customizes my browser in some creative way I\u2019d never even considered. Some provide amusement for &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/\">Read more<\/a><\/p>\n","protected":false},"author":1526,"featured_media":8575,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,574,278886],"tags":[304,72,30,304457,278871],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Firefox, Chrome and the Future of Trustworthy Extensions - Mozilla Add-ons Community Blog<\/title>\n<meta name=\"description\" content=\"An interesting comparison between Chrome&#039;s announced changes for trustworthy browser extensions and what Mozilla has built into Firefox.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mike Conca\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/\",\"name\":\"Firefox, Chrome and the Future of Trustworthy Extensions - Mozilla Add-ons Community Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg\",\"datePublished\":\"2018-10-26T21:00:42+00:00\",\"dateModified\":\"2018-10-26T21:00:42+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/e06b9ebc82832ecd9f04e7dd59c65325\"},\"description\":\"An interesting comparison between Chrome's announced changes for trustworthy browser extensions and what Mozilla has built into Firefox.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg\",\"width\":640,\"height\":427,\"caption\":\"Crossed Hands\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/addons\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Firefox, Chrome and the Future of Trustworthy Extensions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/\",\"name\":\"Mozilla Add-ons Community Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/addons\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/e06b9ebc82832ecd9f04e7dd59c65325\",\"name\":\"Mike Conca\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/04780e375a532aeb20ec1365ce163109?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/04780e375a532aeb20ec1365ce163109?s=96&d=mm&r=g\",\"caption\":\"Mike Conca\"},\"description\":\"Mike Conca is the Group Product Manager for the Firefox Web Platform, leading the product team responsible for the core web technologies in Firefox including JavaScript, DOM Web API, WebAssembly, storage, layout, media, and graphics.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/mconca\/\",\"https:\/\/x.com\/MikeConca\"],\"url\":\"https:\/\/blog.mozilla.org\/addons\/author\/mconcamozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firefox, Chrome and the Future of Trustworthy Extensions - Mozilla Add-ons Community Blog","description":"An interesting comparison between Chrome's announced changes for trustworthy browser extensions and what Mozilla has built into Firefox.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/","twitter_misc":{"Written by":"Mike Conca","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/","url":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/","name":"Firefox, Chrome and the Future of Trustworthy Extensions - Mozilla Add-ons Community Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/addons\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg","datePublished":"2018-10-26T21:00:42+00:00","dateModified":"2018-10-26T21:00:42+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/e06b9ebc82832ecd9f04e7dd59c65325"},"description":"An interesting comparison between Chrome's announced changes for trustworthy browser extensions and what Mozilla has built into Firefox.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#primaryimage","url":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg","contentUrl":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/10\/cross-hands.jpeg","width":640,"height":427,"caption":"Crossed Hands"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/10\/26\/firefox-chrome-and-the-future-of-trustworthy-extensions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/addons\/"},{"@type":"ListItem","position":2,"name":"Firefox, Chrome and the Future of Trustworthy Extensions"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/addons\/#website","url":"https:\/\/blog.mozilla.org\/addons\/","name":"Mozilla Add-ons Community Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/addons\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/e06b9ebc82832ecd9f04e7dd59c65325","name":"Mike Conca","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/04780e375a532aeb20ec1365ce163109?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/04780e375a532aeb20ec1365ce163109?s=96&d=mm&r=g","caption":"Mike Conca"},"description":"Mike Conca is the Group Product Manager for the Firefox Web Platform, leading the product team responsible for the core web technologies in Firefox including JavaScript, DOM Web API, WebAssembly, storage, layout, media, and graphics.","sameAs":["https:\/\/www.linkedin.com\/in\/mconca\/","https:\/\/x.com\/MikeConca"],"url":"https:\/\/blog.mozilla.org\/addons\/author\/mconcamozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts\/8573"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/users\/1526"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/comments?post=8573"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts\/8573\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/media\/8575"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/media?parent=8573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/categories?post=8573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/tags?post=8573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}