Open
Bug 899173
Opened 11 years ago
Updated 2 years ago
time for another round of disabling side-installed addons
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
NEW
People
(Reporter: mmc, Unassigned)
References
Details
During the Firefox 8 update cycle addons that were side-installed (as detected by extensions.autodisablescopes) were disabled by default. It is time for another round of this. One outcome of the addons workweek (https://wiki.mozilla.org/Add-ons/WorkWeek2013) is that there are millions of unique addon ids, but the vast majority of those are installed by only one user. It is likely that these are addons installed without user intent or desire. Dashboards are at http://panorama.khan.mozilla.org/fisheye/ecosystem (requires MPT VPN access). Showing a prompt with all installed addons listed, and the side-installed addons disabled by default, will likely improve the user experience. Blocking bugs are likely to be bug 596343 and possibly bug 775253.
Reporter | ||
Updated•11 years ago
|
Comment 1•11 years ago
|
||
We were told this wasn't going to be done again...
Reporter | ||
Comment 2•11 years ago
|
||
Hi Mike, I filed this bug based on several conversations with AMO folks and security folks. I wasn't at Mozilla when Firefox 8 rolled around, so I don't know how that process went down. If there were severe problems last time, then we should alleviate those. It is pretty clear from that all is not well with the addons ecosystem, though, so we should do something about that, too. Thanks, Monica
Comment 3•11 years ago
|
||
The problem at the time was that the UI was very poor, particular leaving off descriptions. The bugs we reported were closed saying "it won't happen again" See all of the dependent bugs for 596343, particular the WONTFIX and the open ones.
Reporter | ||
Comment 4•11 years ago
|
||
OK, understood. In that case, if people who are responsible for this decision (Gavin? Johnath? AMO team?) think it's a good idea to pursue this bug, then we should triage open bugs blocking bug 596343 and see which ones must be fixed, and make sure that the UI works with Australis, etc.
Comment 5•11 years ago
|
||
+1 Monica. Make it happen! We need to end side-installs.
Comment 6•11 years ago
|
||
Mike, the bugs that were closed will be fixed before we do this again. The initial plan was to only do it once, but there have been so many cases of add-ons bypassing the opt-in screen that it's become clear that doing it once was not sufficient.
Comment 7•11 years ago
|
||
My primary concern is that last time, the dialog was very poorly worded and targeted all add-ons. I hope that this time around, we will truly focus on the side-loaded add-ons.
Comment 8•11 years ago
|
||
It tried to target only side-loaded add-ons. I don't think we're going to be able to narrow down the opt-in list any more than we could before. There's not much metadata available to us to determine how an add-on was installed.
Comment 9•11 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #8) > It tried to target only side-loaded add-ons. I don't think we're going to be > able to narrow down the opt-in list any more than we could before. There's > not much metadata available to us to determine how an add-on was installed. When we did the last round of stuff I added an entry to the database to record whether add-ons had been side-loaded. I don't know whether any of the methods of circumventing the opt-in screen get around that but we might at least have a record of add-ons that were definitely side-loaded.
Updated•11 years ago
|
Component: Untriaged → General
OS: Mac OS X → All
Hardware: x86 → All
Comment 10•11 years ago
|
||
Which field is that? I don't see anything that looks applicable.
Reporter | ||
Comment 11•11 years ago
|
||
Reading through old bugs, it might be "isForeignInstall" (called "thirdParty" in this patch https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=693743&attachment=568524) https://mxr.mozilla.org/mozilla-central/search?string=isForeignInstall&find=&findi=&filter=^[^\0]*%24&hitlimit=&tree=mozilla-central
Comment 12•11 years ago
|
||
Ah, I was looking at the wrong database. In any case, we're going to have to do some testing to see how common that flag is with the kind of side installs we're looking to prevent before we decide if it does what we need.
Reporter | ||
Updated•11 years ago
|
Reporter | ||
Comment 13•11 years ago
|
||
There is a related discussion going on here, which I missed until today: https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/HG44n4ZWzhA
Comment 14•11 years ago
|
||
It's sort of related, but it shouldn't block this effort.
Reporter | ||
Comment 15•11 years ago
|
||
I chatted with Asa about this, he said to check back in 3 weeks to see about getting this on the Firefox roadmap.
Comment 16•11 years ago
|
||
+6, do it. I'll take the registration thing.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•