Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday April 13 2019, @05:36PM   Printer-friendly
from the let's-talk-about-it dept.

Packt reports that Gab's Dissenter browser extension was removed from Mozilla's Firefox add-ons on April 10th (people already using it can continue to do so), and was booted from Google's Chrome browser the next day. Gab pitches itself as an anti-censorship social media platform that only prohibits speech that is illegal. Their Dissenter browser extension and associated website allow people to share comments about any webpage, giving users the ability to share comments on articles, videos, etc., regardless of whether or not the website hosting the content has a comments section. Mozilla's rationale for the ban was that Dissenter was being used to promote violence, hate speech, and discrimination, but they failed to show any examples to bolster that claim. Gab plans to develop their own browser in response.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by RandomFactor on Saturday April 13 2019, @08:11PM (5 children)

    by RandomFactor (3682) Subscriber Badge on Saturday April 13 2019, @08:11PM (#829073) Journal

    It is loaded as a developmental temporary addon. You close FF and go back in, you have to manually go reload it each time. That's definitely stopping the average joe from using it.

    Similarly if your car wouldn't navigate to your local polling place if you voted in the primary of the wrong party.
     
    The company isn't keeping you from going to the polls, cry moar! They're just a company deciding they don't want you using their product. You could always switch to airplane mode and download and use offline maps so it couldn't check your history, so it isn't stopping you from navigating right?

    --
    В «Правде» нет известий, в «Известиях» нет правды
  • (Score: 1, Insightful) by Anonymous Coward on Saturday April 13 2019, @08:18PM (3 children)

    by Anonymous Coward on Saturday April 13 2019, @08:18PM (#829080)

    It is loaded as a developmental temporary addon. You close FF and go back in, you have to manually go reload it each time. That's definitely stopping the average joe from using it.

    That sounds like a technical issue, not a policy issue.

    As I mentioned, the EFF doesn't seem to have those problems with HTTPS Everywhere [eff.org]. Why should it be any different for the Gab plugin?

    • (Score: 1) by RandomFactor on Saturday April 13 2019, @08:37PM (2 children)

      by RandomFactor (3682) Subscriber Badge on Saturday April 13 2019, @08:37PM (#829095) Journal

      Might be. The EFF process is an actual installer of some kind.
       
      The GAB process is loading the plugin yourself from about:addons. It may be that GAB will come out with an installer similar to the EFF one and just hasn't had time yet, or that there are other constraints. TBD.

      --
      В «Правде» нет известий, в «Известиях» нет правды
      • (Score: 2) by NotSanguine on Saturday April 13 2019, @11:43PM

        by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Saturday April 13 2019, @11:43PM (#829167) Homepage Journal

        The GAB process is loading the plugin yourself from about:addons. It may be that GAB will come out with an installer similar to the EFF one and just hasn't had time yet, or that there are other constraints. TBD.

        You got me curious, so I tested on a fresh install of Firefox (v.66.0.2-1) on XFCE (Fedora 29).

        I was able to successfully install the HTTPS Everywhere extension both directly from the website and from a downloaded copy of the extension.

        I was asked whether or not I wanted to allow the extension to install and if I would allow the extension to use certain permissions. Other than that it was a smooth install.

        When I tried to install the Dissenter plugin, I downloaded the zip file, but was surprised to see that there wasn't a .xpi file inside. So I used instructions on the download page and was able to do a "temporary" install of the extension. As you mentioned, such an install did not survive an exit and restart.

        I found that a little strange, so I investigated the format of '.xpi' files and found out that they are just '.zip' files renamed. So I renamed the dissenter zip file to '.xpi' and attempted an install from file. Firefox came back with an error that the archive was corrupt.

        I know that isn't true, as I was able to do the temporary install from the unzipped contents of the downloaded zip file.

        I'm not a browser extensions developer and I'm not familiar with what should/shouldn't be included in a .xpi archive. However, it seems me that something is off in the dissenter archive prevents installation as a normal plugin.

        Somehow, EFF is able to generate a zip/xpi file that loads just fine, but dissenter is not. Is this a digital signature issue? A packaging issue? are there flags in the manifest.json file that restrict installation to debug installs?

        Comparing the manifests, HTTPS Everywhere seems to have a bunch more entries which include requested permissions and other stuff than dissenter. Neither file appears to have any reference to digital signatures or debug/production versioning.

        Honestly, I'm not interested enough to check more thoroughly, but I wonder if that's a technical issue rather than a policy one.

        Perhaps someone with more knowledge about this than I have could explain what's going on here.

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 2) by NotSanguine on Saturday April 13 2019, @11:48PM

        by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Saturday April 13 2019, @11:48PM (#829169) Homepage Journal

        Might be. The EFF process is an actual installer of some kind.

        My apologies. I didn't address this in my last comment. It doesn't appear that such is the case.

        As I mentioned, plugins are .xpi files, and .xpi files are just renamed .zip files. The download link at EFF is a direct link to the .xpi file. There is no "installer," except (AFAICT) details in the manifest.json file inside the archive.

        It's not at all clear to me what the story is with that.

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
  • (Score: 0) by Anonymous Coward on Saturday April 13 2019, @09:47PM

    by Anonymous Coward on Saturday April 13 2019, @09:47PM (#829126)

    The really nasty part about it is it won't automatically whitelist a plugin you have manually installed AND it won't run a plugin unless it is BOTH signed and whitelisted, as far as I can tell. I am still uncertain how to manually add a whitelist entry as well. I think it is a json formatted attribute in the about:config page that is a little ugly to edit by hand in a single line text field.

    Mozilla really doesn't want to make Firefox user friendly to anyone who needs to operate outside of their walled garden. And I say this as someone who has to run specific older versions of firefox because their newer binaries will not work on older distributions and the source code has gotten so big that I need an extra 8-12GB of disk space, plus 4 or more gigs of ram just to compile and link the bloody thing.

    Personally I would love to see some ACTUAL ESR releases where they support a browser for 10 years with only security fixes. Sadly without being logged in AND on their developer list you can't even see half of the CVE bugs on their bugtracker, meaning unless you want to try and sift through git bisects by hand to find every CVE fix that applies to your browser version, it will be next to impossible without also getting the mess of new (mis)features and privacy violations they add with every new version of firefox today.