Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Mozilla Slipped a "Mr. Robot" Promo Plugin Into Firefox and Users Are Pissed

posted by Fnord666 on Sunday December 17 2017, @04:04PM   Printer-friendly
from the random-plugin-included-for-free dept.

MrPlow writes:

Submitted via IRC for SoyCow9228

Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox—and managed to piss off a bunch of its privacy-conscious users in the process.

The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware.

"I have no idea what it is or where it came from. I freaked out a bit and uninstalled it immediately," one user wrote on Reddit.

Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.

Mr. Robot is a TV series about hackers airing on USA Network.

Source: https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mozilla Slipped a "Mr. Robot" Promo Plugin Into Firefox and Users Are Pissed | Log In/Create an Account | Top | 77 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by FatPhil on Sunday December 17 2017, @11:20PM (3 children)

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Sunday December 17 2017, @11:20PM (#611143) Homepage
    The root-permissioned installer has enough permissions to stick suid programs on your system. Or fork a daemon that hangs around and drops its payload later. Or tweak the cronjobs run by/as root. Or...
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Monday December 18 2017, @12:10AM

    by Anonymous Coward on Monday December 18 2017, @12:10AM (#611170)

    At least in that scenario the software you're deliberately installing should be trustworthy enough not to do that. That's still better than allowing any program installed at any time from tinkering with your deliberately installed component.

  • (Score: 2) by sjames on Monday December 18 2017, @01:35AM

    by sjames (2882) on Monday December 18 2017, @01:35AM (#611204) Journal

    The installer will be the standard system package manager. That doesn't mean untrusted packages should be installed. As for suid executables, some may actually be necessary for the system to function at all. Otherwise, it's wet squirrel time. All of that is quite distinct from the program updating itself whenever it feels like it without review.

    Sure, in some cases the single user and admin may be the same person and may not be that experienced, but in others the admin might be someone more experienced. That applies in home situations as well.

  • (Score: 2) by urza9814 on Tuesday December 19 2017, @03:24PM

    by urza9814 (3954) on Tuesday December 19 2017, @03:24PM (#611816) Journal

    The root-permissioned installer has enough permissions to stick suid programs on your system. Or fork a daemon that hangs around and drops its payload later. Or tweak the cronjobs run by/as root. Or...

    The average user has passwords saved in their browser and all their online IDs associated to a webmail account that is configured to stay logged in. Who needs root access when you can hijack someone's entire digital life with a single browser plugin?

    https://xkcd.com/1200/ [xkcd.com]