Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Mozilla Firefox Operating Systems Privacy Security Software Television Entertainment

Mozilla Slipped a 'Mr. Robot'-Promo Plugin Into Firefox and Users Are Pissed (gizmodo.com) 307

MarcAuslander shares a report from Gizmodo: Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox -- and managed to piss off a bunch of its privacy-conscious users in the process. The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware. Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.

Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. "The Mr. Robot series centers around the theme of online privacy and security," the company said in an explanation of the mysterious extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

This discussion has been archived. No new comments can be posted.

Mozilla Slipped a 'Mr. Robot'-Promo Plugin Into Firefox and Users Are Pissed

Comments Filter:
    • by Lisandro ( 799651 ) on Friday December 15, 2017 @07:55PM (#55749275)

      "The Mr. Robot series centers around the theme of online privacy and security. One of the 10 guiding principles of Mozilla’s mission is that individuals’ security and privacy on the internet are fundamental and must not be treated as optional."

      So yeah, let surreptitiously install plugins on everyone's browsers.

      • This is what happens when you let Gilligan drive.

      • by KiloByte ( 825081 ) on Friday December 15, 2017 @08:31PM (#55749417)

        Don't forget disabling all existing privacy extensions. Oh, and mails you get from Mozilla are pure gold: "Keep trackers off your trail" blah blah "evade tracking technology" blah blah "https://click.e.mozilla.org/?qs=e7bb0dcf14b1013fca3820..."

      • Well its not installed on mine so im guessing they installed it on a small portion of FF installs. That,s no excuse, its a complete invasion of privacy and user trust. I bet they got plenty of adverting money though.
    • Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy.

      Bullshit. They did it because they got paid by the producers of that TV show to do it. This is what happens when a company is totally dependent on advertising for their revenue.

      • by rtb61 ( 674572 )

        Mozilla also have a pretty bad reputation for forcing stuff on people, a real clique arrogance. Your tabs, screw you, we want they where we want they, bugger your choice. Same as for appearance, like the old look, meh, we don't, new millennium style, don't like use IE suckers. They can be pretty bloody rude and like a lot of these types or orgs, a particular crowd worms they way in and it is all about serving their ego and fuck everyone else. Mozzilla certainly ain't what it used to be and it stinks of Goog

        • Re: (Score:2, Informative)

          by Anonymous Coward

          To move tabs, I created the directory c:\Users\(username)\AppData\Roaming\Mozilla\Firefox\Profiles\(yourprofile).default\chrome and then put a file named userChrome.css in it with this content. Note the 1,2,3 order you can modify to change where tabs, etc. are at the top of Firefox 57. The order below is for navigation bar, bookmarks, then tabs:
          /* Tab bar below navigation & bookmarks toolbars */

          #nav-bar{
          -moz-box-ordinal-group: 1;
          border-top-width: 0;
          }

          #PersonalToolbar {
          -moz-box-

    • by jellomizer ( 103300 ) on Saturday December 16, 2017 @06:41AM (#55750659)

      I want a browser to be fast, secure and protect my privacy. I don’t want it to tell me what I should watch or think.
      I may want Firefox for reasons different then the organization goals. I don’t appreciate getting stuff pushed on me.

  • by grasshoppa ( 657393 ) on Friday December 15, 2017 @07:53PM (#55749263) Homepage

    If they were trying to win back Chrome users, this is a pretty effective way to sabotage their efforts.

    I hope they were paid a shitload of cash for this little stun, because it's gonna cost them.

    • Another surprise was hearing on NPR that Mozzilla trashed net neutrality, just wierd
    • by Dutch Gun ( 899105 ) on Friday December 15, 2017 @08:09PM (#55749327)

      “Firefox worked with the Mr. Robot team to create a custom experience that would surprise and delight fans of the show and our users. It’s especially important to call out that this collaboration does not compromise our principles or values regarding privacy. The experience does not collect or share any data,” Jascha Kaykas-Wolff, chief marketing officer of Mozilla, said in a statement to Gizmodo. “The experience was kept under wraps to be introduced at the conclusion of the season of Mr. Robot. We gave Mr. Robot fans a unique mystery to solve to deepen their connection and engagement with the show and is only available in Firefox.”

      So, no apologies for those of us who spotted it, freaked out, and spent a bunch of time trying to figure out WTF this was, and if it was malicious or not.

      Seriously, on what planet do you essentially prank all your users with a stunt like this? I was actually pretty happy with Firefox after the Quantum update, as it went better than I was expecting. After that, I immediately turned off telemetry and experiments, because they've now abused my trust with this stunt.

      And now comes this statement, doubling down on their incredibly poor judgment. This is the last straw for me. If Mozilla had been the least bit contrite, I might have forgiven this. I've been using Firefox almost since it's inception 15 years ago. That ends today.

      • Dutch Gun I share your sentiment - this is so disappointing. Actually thought the changeover to Quantum would be bad, but it went well, I would have preferred the old customizable UI and plugins, but could live with it.

        Saw Mozilla talking about not getting enough data from users for analysis of the browser, so they were considering having opt out on that (that got barked down quick). But I enabled it on mine just to help - no more.

        Then this tone deaf - partner with the content megacorp / E corps to
      • Mozilla certainly didn't handle this as well as they should have but it's important to keep sight of the bigger picture: switching to another comparable browser risks switching to a nonfree browser. I hope (for your own software freedom) you won't make that bad choice in a hasty emotional decision. That would be quite ironic: to give up on a free browser that can be made better because of an immature stunt ostensibly aimed at increasing user privacy.

        Real user privacy simply cannot be had with nonfree browse

        • There's always Chromium, you know.

        • Blah blah non-free blah blah. At least I know where I stand with Google.

          With Mozilla I'm never quite sure. I saw an update the other day, well spin the barrel and pull the trigger, what did they screw up today.

          • At least I know where I stand with Google.

            For my education (please), where do you stand with Google? I'm looking for an answer in a context larger than a rehash of this (admittedly upsetting) Mr Robot thing.

            • Where I stand with Google is they collect a whole lot of information. This information is their critical bread and butter, it's their equivalent to the recipe for coke. They use this information to provide services to advert companies and to provide services to me with the benefit of knowledge that gives their services an edge over others. Their core competence is the strategic management of information.

              Where I stand with Google is that they don't pull stupid shit like this. They protect my privacy by only

              • I trust google with my data, but I don't trust their browser to have the configurability I desire, nor can I trust them to let me make my own changes if necessary.

                So I trust them a lot more in the browser, than on the browser.

                Mozilla may be a wolf in sheep's clothing, and Google may be a wolf in wolf's clothing. I like wolves just fine. But I don't want my computer to act like a wolf. It doesn't even matter which clothing it wears if I already know they're both wolves.

                Which is why I'm not going to update Fi

          • by Rakarra ( 112805 )

            Blah blah non-free blah blah. At least I know where I stand with Google.

            With Mozilla I'm never quite sure.

            Right, with Google, your privacy is always getting screwed. With Mozilla, you're sure that sometimes your privacy is going to get screwed over without your knowledge (or with it), but sometimes you'll get these weird periods where they don't screw you over at all. Much preferable to getting fucked all the time with Google!

        • by pots ( 5047349 )
          There are forks of Firefox with more sense than this. Plenty of free options available. This is typical for free software, after all - when the maintainer gets too drunk on power, you fork.
        • switching to another comparable browser risks switching to a nonfree browser.

          Horse shit. If it is Free Software it will be labeled as such. Details about that are in the license.

          Free Software users don't just accidentally stumble and land locked into a proprietary product, that isn't how choice and freedom work.

      • by TuringTest ( 533084 ) on Saturday December 16, 2017 @03:51AM (#55750399) Journal

        > After that, I immediately turned off telemetry and experiments, because they've now abused my trust with this stunt.

        If you had those turned on, how is this an abuse of your trust? You had given them permission to do anything with your browser. If you don't want anti-privacy measures in Firefox, don't turn them on.

      • If Mozilla had been the least bit contrite, I might have forgiven this.

        Really, this.
        I get that the concept would've seemed like a great idea, and there may have been a way to make this work, but not by installing anything uninvited. I don't get why they didn't do something on their "new tab" page - yeah some people will have customised that so they wouldn't see whatever, but at least that way it's not actively pushing unexpected code.

        Not in a malicious way, but I do think someone who made this decision at Moz needs to at the very least, take a little break from their positi

    • "it's gonna cost them."

      no it won't. no one is going to remember this in a month, and there are other much more significant variables in the browser "market" (such as it is).

      • You don't think so? With one stupid mistake, they turned their browser into adware. People were already flocking away from it, but their latest speed update apparently gave a few pause. Then this stunt...and suddenly, no pause.

        They've compromised their integrity, plain and simple. Sure, Chrome snoops on you, but that's hardly surprising to anyone, and when was the last time Chrome served you an add as part of the browser?

        Shit, FF just ranged into windows 10 territory, and it took MS employing every dirt

        • see, to most people, browsers already are basically adware-delivery vehicles. they're going to hear about this, scratch their heads, maybe a few of them vaguely remember that one weird thing that happened on their browser, and then blip! they will never think about it again because they have much, much more important things to worry about.

      • by Rakarra ( 112805 )

        no it won't. no one is going to remember this in a month,

        Nerds can have a long memory. With every article that mentions Sony, there will invariably be a few 5-modded comments saying "remember when Sony included that root-kit on audio CDs? Never again, Sony!"

        Of course, non-nerds never heard about that, nor will they hear about the Mr. Robot thing.

  • Comment removed based on user account deletion
    • You bet they did. Hell, they're even remarking how the plugin is a "Firefox exclusive" right in the explanation press release.

      • by arth1 ( 260657 )

        Hell, they're even remarking how the plugin is a "Firefox exclusive" right in the explanation press release.

        Another way of saying nobody else were that stupid?

  • by gman003 ( 1693318 ) on Friday December 15, 2017 @08:02PM (#55749299)

    So I disabled the addon as soon as I read the article, and I am legit mad that Mozilla would do this, but... what does the addon actually do? I didn't notice any difference before disabling it, and I've dug through all the links and nobody seems to be saying what it does.

    Even if it was just a blank addon, no effect other than putting what's essentially an ad into my addon list (pun unintended), that would be bad, but it would be less bad than if it actually disrupted the browser in some way.

    Mozilla's half-assed apology seems to indicate the addon only starts doing things once you "opt-in", with no mention of how or where one would do that. Which is probably the least evil way you could do this, I'll admit.

  • Thanks for all the Headzup but I've never seen it in my Add-ons. And it's still not there in v. 57.0.2 64-Bit. Is this maybe just a US thing?
  • I noticed the plugin a day or two ago and couldn't remember installing it (I don't watch Mr. Robot though wifey does), but assumed I must have installed it and simply forgot.
    Definitely not happy that Mozilla installed it without my express permission. Nothing from me in their stocking this year.
  • by ewhac ( 5844 ) on Friday December 15, 2017 @08:21PM (#55749373) Homepage Journal
    So if Mozilla can remotely jam new extensions in to my browser without so much as a dialog, that means malicious actors with even fewer scruples will be able to do it in about a week. Short of firewalling all of mozilla.org, how do I turn this shit off?

    (I wonder if this has anything to do with the weird XSS blocking dialog NoScript threw three times earlier today. It was blocking an XSS attempt between two domains, neither of which was open in any browser tab at the time.)

    • Re: (Score:2, Funny)

      by ELCouz ( 1338259 )
      Simple.... https://www.google.com/chrome/ [google.com]

      Never ever trust again a browser that can pull stunts like this.
      • by suss ( 158993 )

        Chrome has this ability too and has abused it in the past.
        And it phones home all the time.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          (Sorry, can't logon from AC on this machine)

          I really don't mind phoning home anymore since literally everything does it. At least Chrome provides useful reasons for being online like url auto completion and integration with my google cloud stuff like remembering my bookmarks.

          What I REALLY FIND OFFENSIVE is when products (whoever they are, Google, Mozilla, Apple, whatever) install things without telling me, ESPECIALLY if they're written by a third party. I may trust Google, or Mozilla, but that doesn't mean

      • Simple.... https://www.google.com/chrome/ [google.com]

          Never ever trust again a browser that can pull stunts like this.

        Chrome is one of the worst browsers imaginable from a privacy perspective.

    • by Dutch Gun ( 899105 ) on Friday December 15, 2017 @08:39PM (#55749465)

      Presumably only Mozilla has access to this sort of system. But then again, that's just an assumption of mine.

      You can turn this off in the Privacy section: "Allow Firefox to send technical and interaction data to Mozilla", and under that "Allow Firefox to install and run studies".

      It's the latter one that allows those experimental add-ons to be added and run. I had those both enabled, because I thought that Mozilla would be responsible in how it used them. Obviously, I was mistaken. So, at the very least disable the latter if you don't want more mysterious add-ons showing up. As soon as you uncheck that box, the add-on disappears.

    • So if Mozilla can remotely jam new extensions in to my browser without so much as a dialog, that means malicious actors with even fewer scruples will be able to do it in about a week. Short of firewalling all of mozilla.org, how do I turn this shit off?
      (I wonder if this has anything to do with the weird XSS blocking dialog NoScript threw three times earlier today. It was blocking an XSS attempt between two domains, neither of which was open in any browser tab at the time.)

      Look around in about:config

      Searching for 'http' and '.enabled' ... is usually a good starting place.

      Personally I modified most of the URLs to point to a local web server just out of curiosity so I can get a better idea what Mozilla is up to but they can just as easily be sabotaged... http://0.0.0.0/ [0.0.0.0]...

      As for the XSS browsers have retarded heuristic filters which in my view are dangerous and should be disabled. The filters are naÃve it is basically impossible because the browser lacks necessary conte

  • by duke_cheetah2003 ( 862933 ) on Friday December 15, 2017 @08:25PM (#55749393) Homepage

    You know it's crap like this that encourages end-users to find ways to block auto-updates, because of abusive use of it.

    Need to reel that BS in, it's not a good idea, auto-updates should be a good thing. Don't be muddying the waters any further, it's getting pretty obnoxious as it is.

  • Firefox Studies (Score:5, Informative)

    by zenbi ( 3530707 ) <bryan@pipedot.org> on Friday December 15, 2017 @08:43PM (#55749493) Homepage

    The extension was able to be installed if you had the "Firefox Studies" checkbox selected. To prevent Firefox Studies from installing extensions on your behalf:

    • Navigate to: "about:preferences#privacy"
    • Scroll down to the "Firefox Data Collection and Use" section
    • Uncheck the "Allow Firefox to install and run studies" checkbox (and the others, if you wish)
    • Have to add I had that unchecked (no studies) and did not get this.

      Funny users we didn't know by "studies" Mozilla management doublespeak actually meant "marketing campaigns". Disable all 3 things they don't deserve to get them.
    • by trawg ( 308495 )

      This must be a v57 option as it's not in v56.

      (I upgraded to v57 and downgraded a few days later because I couldn't live without my extensions. I'll have to try again later if/when the ecosystem has solidified a bit. )

  • by fahrbot-bot ( 874524 ) on Friday December 15, 2017 @09:20PM (#55749591)

    A little Googling leads me to think the Looking Glass add-on was installed via the Firefox built-in Shield Recipe Client [mozilla.org] Feature, also described here: Firefox/Shield/Shield Studies [mozilla.org], which is documented as:

    Shield is a Firefox user testing platform for proposed, new and existing features and ideas.

    Shield Studies is a function of the Shield project that prompts a random population of users to help us try out new products, features, and ideas.

    I have this disabled via the following pref.js settings:

    // Disable Shield Recipe Client
    user_pref("app.shield.optoutstudies.enabled", false);
    user_pref("extensions.shield-recipe-client.enabled", false);

    • Tools->Options->Privacy & Security->Firefox Data Collection and Use... uncheck all of it
    • by AHuxley ( 892839 )
      Thanks fahrbot-bot. That extensions.shield-recipe-client.enabled was still set to true even after the Allow Firefox to install and run studies was not selected.
  • So, Mozilla, a company that claims privacy is important to them and in their web browser product Firefox, silently mass auto-force-installs an add-on into already installed software, using a built-in feature that almost no one knows about (that comes enabled by default), that promotes the television show Mr. Robot, in which just about everyone in that show routinely breaks the law, breaks into other people's computers (installing backdoors, trojans and root kits), and violates people's privacy. Nice going.

  • after seeing mr robot crap at def con 24 (rofl), this isn't that surprising i guess. i wonder how much actual money the showrunners shell out for this.

  • Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. "The Mr. Robot series centers around the theme of online privacy and security," the company said in an explanation of the mysterious extension.

    Have they even *watched* the show? I'm not sure the word "promotes" is apt here - unless they mean "promotes violating user privacy". The protagonist Elliot Alderson has violated *everyone's* privacy and broken into everyone's computer, as has just about everyone else who owns a keyboard -- though they all do seem to get really pissed when *their* privacy and systems get violated, hmm ...

  • Putting Yahoo as the default search setting was worse.
  • Time for an add on to block pushed content?
  • Is this a v57 only issue? I never upgraded to because v57 doesn't support one of my addons and didn't get this installed. How ironic that the new version installs an addon that nobody wants.
  • good thing Firefox has been broken on Manjato for 2 months
  • by iwbcman ( 603788 ) on Saturday December 16, 2017 @02:37AM (#55750301) Homepage

    Sorry folks, but Slashdot just revealed it's true colors. The chorus of OMG! WTF! down with Mozilla, witnessed in this thread is, sadly, proof that the Slashdot audience has become those who the hackers of yore were hacking against. Is there not an ounce of rebellious spirit left on this site? Whether you like the show, Mr. Robot, or not, I just can't fathom the reaction here.

    For those those who say this is the last straw for Mozilla-good riddance, don't let the door hit your ass on the way out.

    Look there are lots of things I could complain about regarding Firefox, but a chance wanderer coming to Slashdot would think this site is full of nothing but chrome shills and misanthropes who actually *hate* Free software. What made this site so interesting in days long ago was the tension between the rebellious spirit of Free Software and those who made their living working for the man or trying to make a living selling proprietary software. Nowadays corporate shills and libtards reign supreme on this site and the very notion that technology can actually be a source of societal change is completely and utterly lost.

    Well duh maybe that's why most here don't even get what Mozilla is, what it represents and how much it actually changed the world around us.

    But oh my God they rendered my extension useless, oh my God one of my 80 tabs is leaking memory, or Oh my God it takes a full 1.7 seconds to launch on a modern computer.

    Oh well I guess I am just a fanboy, forgot to check the mail and get my check for promoting not only Firefox but Mozilla as a an organization, foundation and corporation. Am I the only idiot here who jumped for joy back in January of 1998 when the mozilla source code was made free and downloaded it just so I could see the code?

    My guess is that anywhere from %30-50 of all currently existing jobs in software development wouldn't even exist without Free Software, and Mozilla did more to promote and garner mainstream acceptance of Free Software than the GNU movement ever dreamt of. In all likelihood there would be no Google, Facebook, Twitter, Amazon etc. without the courage and commitment that founded Mozilla. Alas without Richard Stallman and the GNU movement there probably would never have been a Mozilla.

    Long live Mozilla

    • by 110010001000 ( 697113 ) on Saturday December 16, 2017 @08:23AM (#55750871) Homepage Journal
      You are an idiot. Just because they use a Open Source business model doesn't mean they shouldn't be chastised for pushing advertisements in our face. This extension isn't even Open Source. Yes, they are pushing CLOSED SOURCE software to your machine without you knowing about it.
    • ... Is there not an ounce of rebellious spirit left on this site?...

      Yes, there is an ounce of rebellious spirit left on this site. Unfortunately, Mozilla (through their poor management decisions) is mischanneling said rebellious spirit against the Firefox developers, and not in the manner you hope.

  • ...Mozilla justified its decision...

    The decision cannot be justified. Period. Full stop. Are the completely wrong people in charge of, and making decisions at, Mozilla? Do those people care not one iota about what the customers want? OK, that last question was rhetorical because these past few years Mozilla has shown a stunning indifference to what the Firefox users want. Stunning indifference.

  • I am sick of having "experiences" pushed in my face by marketing drones who think I need to know what's "cool" or "interesting." The "experience" I'm really interested in is a browser that functions properly, doesn't crash, supports standards, and which doesn't eat all of the available memory or CPU. I'm even willing to PAY for something like that. If the management team at the Mozilla Foundation has time and resources to surreptitiously load unwanted extensions hyping some television show on the browser

No spitting on the Bus! Thank you, The Mgt.

Working...