Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In this case, I was more insecure being subjected to advertising networks (and the malware carried on them) because of Firefox's mistake which meant I wasn't able to load ublock origin. I'm also not sure how many of those "security patches" are intended to make my browsing experience safer, or simply meant to implement bizarre policies that might blow up in my face at any time (as this certificate issue has).

It's a trade off.

I assume (and hope) Firefox will eventually get their act together so I can go back to using it, but if not at least I don't have to jump ship to chrome.



It's a bad trade off. Every security related bug Firefox fixes is a how to guide for ruining waterfox users day for anywhere from weeks to years.

This will grow increasingly challenging if the code bases diverge in order to keep old school add-ons working given that waterfox has virtually no man power.


One solution would be to have a dedicated computer which is considered compromised from the start. Don't store importent stuff there, don't do money related activities etc. This way you have a convenient browser for 99% of the time - without stupid restrictions and Mozilla control.

In case of infection, restore from image.

edit: replaced spyware with control.


This is a highly impractical way to live life just to make some stand. It's cutting one's nose to spite one's face.

There are other actively maintained browsers with plenty of eyes on them and manpower behind them, many with vibrant plugin ecosystems, just use one of those.


This "bizarre policy" was software signing, which is in fact a security feature.

I don't understand what "getting their act together" means here, when you're posting it on an announcement that the problem has already been fixed. Should Firefox proactively remove all security features that risk ever posing some modicum of inconvenience to users? Because that would be... all of them.


Firefox could allow people to sign their own add-ons. Let's not pretend that the terms "software signing" and "walled garden" are synonymous.


Okay. Now malware addons are signed, and nothing has been accomplished.


In this scenario, malware add-ons would be signed only for that particular Firefox installation.

Essentially, I am arguing that Firefox should let you create your own signing key pair (which would be valid only on that single Firefox installation) and sign any add-on using it.

It's a large enough hoop that most users would not jump over it, not least because they would not know what they're doing, but it would be there for those who need it and relinquish the central point of failure that is the AMO.

The current situation is basically the Secure Boot fiasco all over again.


>I was more insecure being subjected to advertising networks

>2019

>not running your own ad network blocking DNS

Why even bother?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: