It seems that Mozilla has pushed a system extension (thus hidden from about:addons, but can be found in about:support) into many Firefox installations called “Add-ons Restricted Domains”.
Note that this isn’t an experiment, so disabling Normandy will not prevent its installation.
From what I can tell, this system extension allows Mozilla to remotely change the extensions.webextensions.restrictedDomains preference in people’s Firefox browser.
I searched through Bugzilla to try to find a quality explanation to the issues that led to this change, but searching Bugzilla for terms like “Add-ons Restricted Domains” and “restictedDomains” yielded no results.
I did eventually find this unclear page:
Which reveals that my understanding is likely at least mostly correct. But that page is incredibly vague and does not explain why extensions suddenly need to be completely disabled on some internet websites.
The problem appears to be with some sites, and not with some extensions, as my understanding is that Mozilla already has a way to disable bad extensions.
Overall, I think this functionality is likely a good thing (with good intent, as well), and thus I don’t recommend taking steps to remove this system extension. What’s missing is better communication as to what’s happening and why.
this system extension allows Mozilla to change the extensions.webextensions.restrictedDomains pref
Actually, it uses its own pref named ‘extensions.quarantinedDomains.list’
Looks like pieces of this feature landed in Firefox 114 but it won’t be working until 115. There will probably be more information about the feature when 115 is released.
In all candor, I don’t care what it’s for - they shouldn’t add things secretly or hidden like this. It’s like that VPN advert recently. This isn’t about the why, it’s about trust and it’s making me trust Mozilla a bit less with each one of these shenanigans.
Where I work has something that blocks unknown executables, including Firefox extensions… I started getting pop-ups about this add-on yesterday. Apparently our security team also knows nothing about it. Per company policy, I keep hitting the “Block” button.
Great, it has everything I hate from BMO: confidential non-public issues which references the internal private Jira, and people doing things without any coherent explanation. Things that may go against user choice. Don’t you love opensource?
One very funny idea I had about these entries, is, that, since Brasil is the only country in the world outside the EU that introduced a kind of General Data Protection Regulation and since firefox is semi-worked-on by google (my h interpretation of about:config 2023), a bored developer somehow scribbled the latest google-enemy into the -fig, or s/he’s angry at some person in Brasil, who works at a bank.
Telemetry is collected by the browser itself, nothing an addon can intefere with. Also telemetry is very useful for development and completely innocuous.
System addons are useful when you want to push an update in between to Firefox release. A good example of it is with the webcompat team. They use this to fix issues with websites that don’t work correctly (or at all) on Firefox and need to push this in production asap.
Telemetry is good or bad depending on your POV. Personally, I turn off all the FF telemetry I can.
It isn’t an all or nothing. Google might tracks you and collect informations that can identify you. However, if you look more closely at what Mozilla is collecting and how they’re collecting it, it clearly shows that it’s anonymized and it’s also very general (not something that could identify you from other users).
This code sounds like it overrides add-ons. That sounds unusual. It’s not like they bundled the bookmark module or the video module or some other neutral module.