Please never implement backdoors.

[HyperBear]

I wanted to note preemptively that I hope that Linux Mint will never get backdoors under the guise of protection. Because backdoors take away much more protection than they might give. Backdoors are evil, no exceptions. This includes signing and mandatory updates.

The reason I am posting this is that Mozilla started Firefox as a freedom-respecting project but later betrayed its principles by implementing a glorified backdoor known as add-on signing.

Mozilla implemented mandatory add-on signing in Firefox in the mid-2010s, As expected, it is excused with "protect the user". Sounds quite Google to me - they also use that protection excuse to lock down Android OS and make it less useable and more like iOS (context 1, context 2). Microsoft did the same with Windows (context).

I could explain why mandatory add-on signing that is a bad thing, but it is already thorougly explained here (digdeeper.club) and here (change.org).

Notice the slippery slope? First it was just a warning, then disabling unsigned extensions by default but still letting you enable them; and finally removing the option to install the addons without Mozilla's approval completely. Firefox will also disable any unsigned addons you might already have.

Even if Mozilla promises to "never abuse this", a government could force Mozilla to remotely censor unwanted extensions, and besides, there was a certain 2019 accident.

Please don't make the same mistake that Mozilla made.

[Greatdisaster]

Sorry but add-on signing is not a backdoor and your post is completely misleading and plain wrong.

In case you think that it's bad what Mozilla did that then it's just a company limiting your freedom but that is also not the true story.
You can always build Firefox yourself and remove the signing check. Firefox is open source (MPL) and you can even provide other users with a modified version, that disables the signing check.
You only have to name if different because the name Firefox is protected and that is good because malicious companies would otherwise spread "infected" Firefox versions on the web.

The hard fact is that the typical user is just to stupid and has to be protected from himself and that is what Mozilla did.
Firefox had to be protected from stupid third party software that installed malicious add-ons on the system like many third-party antivirus crap software.
Bad third party addons party anti-virus software caused hundreds of crashes every day either with their bad programmed addons or with stupid DLL injection on windows. What do you think is blamed for a crashing Firefox ? Mozilla or some third party software while the user just didn't have the knowledge that their choice of installing Norton, Avira, McAffee, Kaspersky is causing the crashes ?
Mozilla even had to implement defence for injected DLLs in their address space.
- https://firefox-source-docs.mozilla.org ... klist.html

I was, as hobby, working in bugzilla.mozilla,org for many years for bug triage and the addon-signing was one of the best decisions of Mozilla and they did many other things wrong.

Mint did the same to protect the users with disabling not verified flatpaks by default.

[Schultz]

The hard fact is that the typical user is just to stupid and has to be protected from himself and that is what Mozilla did.

I agree that the "typical" user is not as smart as he/she ought to be (btw, it's "too stupid," not "to stupid"), but why should those of us who know what we're doing have to pay the price for others' stupidity? I'm tired of the world catering to the lowest common denominator (i.e., the "typical" or average user).

[xenopeek]

Put a canary on the philosophy part of our privacy policy if you're worried for Linux Mint: https://linuxmint.com/privacy.php.

Topic locked. The discussion isn't about Linux Mint but about Mozilla.