Slashdot Mirror


Mozilla Slipped a 'Mr. Robot'-Promo Plugin Into Firefox and Users Are Pissed (gizmodo.com)

MarcAuslander shares a report from Gizmodo: Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox -- and managed to piss off a bunch of its privacy-conscious users in the process. The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware. Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.

Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. "The Mr. Robot series centers around the theme of online privacy and security," the company said in an explanation of the mysterious extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

2 of 307 comments (clear)

  1. Does the plugin actually *do* anything? by gman003 · · Score: 4, Interesting

    So I disabled the addon as soon as I read the article, and I am legit mad that Mozilla would do this, but... what does the addon actually do? I didn't notice any difference before disabling it, and I've dug through all the links and nobody seems to be saying what it does.

    Even if it was just a blank addon, no effect other than putting what's essentially an ad into my addon list (pun unintended), that would be bad, but it would be less bad than if it actually disrupted the browser in some way.

    Mozilla's half-assed apology seems to indicate the addon only starts doing things once you "opt-in", with no mention of how or where one would do that. Which is probably the least evil way you could do this, I'll admit.

  2. What Config Key Do I Disable/Delete? by ewhac · · Score: 4, Interesting
    So if Mozilla can remotely jam new extensions in to my browser without so much as a dialog, that means malicious actors with even fewer scruples will be able to do it in about a week. Short of firewalling all of mozilla.org, how do I turn this shit off?

    (I wonder if this has anything to do with the weird XSS blocking dialog NoScript threw three times earlier today. It was blocking an XSS attempt between two domains, neither of which was open in any browser tab at the time.)