this post was submitted on 14 Jun 2024
194 points (99.0% liked)
Firefox
18050 readers
172 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Am tired, but bit confused at sequence of events.
Did Russia ban Mozilla from offering specific extensions, whereupon Mozilla removed for Russian users the banned extensions?
Or...
Did Russia ban Mozilla from offering some undefined type of extension, whereupon Mozilla removed for Russian users any which seemed to fall under the ban under an abundance of caution until they could assess each & reinstate those which did not fit the ban?
Or, more worryingly, but maybe implied by the supposed temporary intent of the ban...
Did Russia ban Mozilla from offering specific extensions, whereupon Mozilla temporarily removed for Russian users the extensions in order to give Russia the ability to track or otherwise meddle with Russian users of those extensions... or to enable Russia to interfere with the extensions' code for their own ends?
I feel I can make a reasonable guess, but there's a fairly big safety issue here depending on what happened.
Anyone dissenting within an authoritarian regime knows to exercise extreme caution, but always good to put out reminders to have multiple layers of protection, so if one fails you are still ok.
From the article:
Well for the extensions that are open source it is possible for Russia to meddle with the code, but they'd have to get past code review. But this is concern for anything open source not just Mozilla stuff. It's rare that something gets bad gets into an open source project, but it did happen a few months ago with ssh. Didn't get past testing and required someone to work on open source projects for years before they got a level of trust to get something pulled into main source tree. So it's basically the equivalent of getting a job at a company for years just to put malware into some proprietary software. Which could also happen, but if there's a good code review process it shouldn't happen.
Excepting those kind of weird scenarios, unless they're extensions made by a Russian company that Moscow control over, then no, the extensions wouldn't have been fiddled with by the Russian government. And if they were extensions the Russian government had the ability to change, they wouldn't be trying to ban them.
I highly doubt that a browser extension is going to allow a bad commit. It seems like that would be way more obvious as it is at a much higher level. (No C)