The Day Web Privacy Went AwayBrowsing the web unprotected due to a broken Firefox add-on systemMay 4, 2019
This morning, while I was browsing the web using Firefox, something felt off. It took a while before I noticed that my add-on icons were missing. I recently reinstalled my OS, so I must have just forgotten to install them. But I'm pretty sure I didn't forget.
So I went to the add-ons page.
Huh. They're not there. I was pretty sure I installed them. But that warning message looks suspicious, it should not be there. So I clicked the link in the warning.
Huh. I did install them. But why are they not enabled? Why are they considered legacy? Could it be just me? A quick search on the internet revealed that Firefox broke their add-ons.
From what I understand, the certificate used to sign the add-ons expired, leading to Firefox rejecting add-ons signed with it. How could they let this happen, twice? Was it not in any of the backlogs? Have they not learned from the first incident?
And if you look closely at the add-ons I have, all of them are privacy-related. Adblock Plus blocks unwanted content. HTTPS Everywhere ensures content is loaded securely. LastPass generates secure passwords and stores them securely.
With all three lost due to this fiasco, it feels like being dropped into battle without a weapon, nor armor. The worst part of this issue is that regular users might not be aware what it's all about, thinking that it's just another Firefox quirk. Missing password manager? Oh well, I'll just manually type my password - that kind of stuff.
There are workarounds in place. But the technical nature of the workarounds is a deterrent. They require enabling some questionable settings, diving into
about:config, or manually loading add-ons. Most regular users would probably just wait for a fix, and browse the web without protection in the mean time - something you don't want happening.
Privacy and security should be first in priority. It should not be forgotten, nor be something at the bottom of the backlog. Things like these should never happen, especially to a browser which advertises itself as free, open, and privacy-oriented. I still use Firefox, and it's the right choice. But the next time something like this happens, I'm switching.