Submitted via IRC for SoyCow9228
Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox—and managed to piss off a bunch of its privacy-conscious users in the process.
The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware.
"I have no idea what it is or where it came from. I freaked out a bit and uninstalled it immediately," one user wrote on Reddit.
Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.
Mr. Robot is a TV series about hackers airing on USA Network.
Source: https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254
(Score: 3, Informative) by FatPhil on Sunday December 17 2017, @11:20PM (3 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Monday December 18 2017, @12:10AM
At least in that scenario the software you're deliberately installing should be trustworthy enough not to do that. That's still better than allowing any program installed at any time from tinkering with your deliberately installed component.
(Score: 2) by sjames on Monday December 18 2017, @01:35AM
The installer will be the standard system package manager. That doesn't mean untrusted packages should be installed. As for suid executables, some may actually be necessary for the system to function at all. Otherwise, it's wet squirrel time. All of that is quite distinct from the program updating itself whenever it feels like it without review.
Sure, in some cases the single user and admin may be the same person and may not be that experienced, but in others the admin might be someone more experienced. That applies in home situations as well.
(Score: 2) by urza9814 on Tuesday December 19 2017, @03:24PM
The average user has passwords saved in their browser and all their online IDs associated to a webmail account that is configured to stay logged in. Who needs root access when you can hijack someone's entire digital life with a single browser plugin?
https://xkcd.com/1200/ [xkcd.com]