Also Servo 0.0.1 Browser Engine Released https://www.phoronix.com/news/Servo-0.0.1-Released
Finally more competition.
This is a great change. I wonder how long before the hate brigade comes along to complain.
You’ve got a downvote, so it seems not long. 😄
insert rant about Mozilla CEO
It’s not clear whether it’s a useless disclosure or enforced by the API.
Some extensions have a verified/recommended by Mozilla seal of approval, so these extensions would be checked by a human to see that they comply.
Obviously they can’t check every update of every extension in existence, but even just the above is an improvement and certainly not useless.
I don’t think this could be enforced by the API without also seriously limiting what extensions can do, which people would go crazy about if they did.
It is possible that any developer could just say “none” even if the extension does collect data? If it has to be manually disclosed, this won’t stop malicious actors. Only trustworthy extension developers would disclose this.
Since some extensions are “mozilla-approved”, I guess they test it regularly, it wouldn’t be hard to verify if one is really sending anything despite their disclosure.
The only issue with this otherwise great idea is that “the developer says, that…”. A browser API should have a way to only grant certain rights when this is technically disclosed, e.g. an extension can only access location data if this is (formally) declared, and must be able to cope without it if the user or any global policy disallows it.
Already exists. And you’re basically spreading misinformation.
So what does this new change do then? Is it just about disclosing the state to the user?
So, sandbox the extensions, a practical, sensible step on the path to browser as OS (contentious, but doesn’t that seem where things are going, and if we lose firefox…). I get it, it’s mr right now harm minimization, as opposed to mr right (linux or flatpak) general purpose computers in service of their users with usable security control.
Nice addition!
no one ever discloses, they just wait to get caught, then make a new extension and restart the cycle.
… this wasn’t a thing already? Better late than never I guess
I would also like to see a competition to Mozilla itself. One that’s fiercely loyal to it commitment to an Open internet.
And firefox itself?
Already has it
