Categories
Browser Browser extensions

Mozilla Firefox installs a strange looking addon without asking for permission

The recent Firefox version silently installs an addon you might not like. It calls itself ‘Looking Glass’ – Mozilla says it’s part of their Shield Studies.

firefox-13
Is the Fox eating his own tail?

// Basic addon info

{

     "name": "Looking Glass",
     "version": "1.0.3",
     "isActive": false,
     "id": "pug.experience@shield.mozilla.org"

}

Addon info reads: Looking Glass version 1.0.3 MY REALITY IS JUST FIFFERENT FROM YOURS Created By: PUG Experience Group(Gregg Lind, Bianca Danforth, Kamyar Ardekani, Matt Grimes Diana Livits, Jeffrey Kaufman and others)

A0biPbV

It’s unclear why it gets automatically installed in the first place because Mozilla always promises to protect your private data but at the same time they collect the same amount of data with such addons and browser settings.

There several bug tickets already started such as:

Bug 1424977 – Is the Looking Glass extension a prank?

Bug 1425171 – about:addons should indicate when an extension is a study

Bug 1425187 – Don’t allow shield studies/experiments without any explanation in description what they do and without related Mozilla bug URL with more detailed information

But I doubt these bug reports getting much attention because Mozilla wants you to use the extension otherwise they might not get the needed information to improve their Browser.

How to remove it?

Copy & Paste about:preferences#privacy into Address Bar then Enter Untick the box that says : Allow Firefox to install and run Studies.

  • Open `about:config`
  • Search for Preference: extensions.pug.lookingglass
  • Set it to false
About Config
Here is how to disable the addon.

The Firefox community especially on Reddit is upset about the behavior – IMHO Mozilla should opt-in in such studies if they asking you first. It’s bad enough they’re riding these experiments on the backs of users expecting a more secure and privacy-minded browser experience than say, Google Chrome.

What does the addon really do?

If enabled, specific words like privacy and control will appear flipped, then after 2-6 seconds, revert. A hover box will exist for each with a link to SUMO. Of course, this is only a test, but in the future Firefox might look for specific terms in the pages you load and do specific things based on them.

There are several scary things about this:

  • Unknown Mozilla developers can distribute addons to users without their permission
  • Mozilla developers can distribute addons to users without their knowledge
  • Mozilla developers themselves don’t realise the consequences of doing this
  • Experiments are not explicitly enabled by users
  • Opening the addons window reverts configuration changes which disable experiments
  • The only way to properly disable this requires fairly arcane knowledge Firefox preferences (lockpref(), which I’d never heard of until today)

Something to worry?

I see this as not as critical as some other users because the behavior is well documented on GitHub – TESTPLAN.MD shows more information about what is really behind.

The test plan describes how the add-on should have no effect when it shouldn’t (if it’s disabled, or you’re on the wrong site). The add-on’s effect are obvious in this case, of course, but if it’s testing a mechanism of sniffing page contents, it doesn’t have to be obvious in the future. There’s also the whole Activity Stream / Context Graph initiative that’s based around mining the user’s history.

As said earlier Mozilla should change the default telemetry/addon behavior and everything would be solved. Anyway well done Mozilla, that’s not how you earn trust – installing add-ons with no proper description is a really dumb thing to do.

Here is Mozilla’s response, courtesy of Chief Marketing Officer Jascha Kaykas-Wolff:

“Firefox worked with the Mr. Robot team to create a custom experience that would surprise and delight fans of the show and our users. It’s especially important to call out that this collaboration does not compromise our principles or values regarding privacy. The experience does not collect or share any data.

The experience was kept under wraps to be introduced at the conclusion of the season of Mr. Robot.  We gave Mr. Robot fans a unique mystery to solve to deepen their connection and engagement with the show and is only available in Firefox.”

Sources

2 replies on “Mozilla Firefox installs a strange looking addon without asking for permission”

Some say so others so, I guess if you upgraded from older Firefox your not affected this only seems (according to my own tests) a problem if you recently installed Quantum fresh on your system.

Like

Comments are closed.