Rich Felker
TIL Firefox slipped in a feature to disable your privacy & security extensions on a list of sites Mozilla controls through some undocumented process: https://support.mozilla.org/en-US/kb/quarantined-domains
It can (and absolutely should) be disabled, but I'm quite concerned that there's no info on where the default list of sites (a bunch of Brazilian banks?) comes from and how they inject it to the browser. New hidden phone-home shit?
Nire Bryce
@dalias Mozilla is working hard on further reducing it's marketshare
Rich Felker
Discovering this stuff while setting up new laptop. More fun: when I migrated over manually curated initial prefs.js, somehow AMO "Add to Firefox" button is broken. 😈 But right clicking it to get the extension still works. No idea how I did this, but getting rid of AMO's backdoor into browser was something I always wanted to do and I think I did it. 😂
James 🌈💜
I believe these come from Brazil's PLC 53/2018, a data protection bill similar to GDPR, with a greater scope. The people in question can order a company not to collect their data. So these banks have told Mozilla not to touch them.
Rich Felker
@shaknais That's not blocking Mozilla from collecting their data. It's blocking UBO from protecting your data.
Victor S Sigmoid
@dalias You can see the list of quarantined domains in about:config extensions.quarantinedDomains.list
Looks like you can edit the list if you want
Rich Felker
@Victorsigmoid I cleared it and the malicious default list got restored. You can disable use of the list entirely with the .enabled pref, but I want to know what process is causing the list to be restored.
Rich Felker
Diotima
@dalias I've just uninstalled it. Between this, the sneaky process of enabling privacy backward settings, bugs that they ignore for years ("download failed" anyone?) and the utter attitude they display when called out...
...hell, I'm better like... going with a corp. At least they're honest about spying on me and "for your own good"ing me.
Apicultor 🐝
@dalias Actually, I see this as a security win, not a privacy loss.
If it becomes misused, then that's another story — but I don't see that right now.
Bø!rge
@dalias @eviloatmeal You absolutely alarmed me with this post. Thankfully you also provided a link, and I actually had the energy to click it and read at this moment. There I found that when this happens you get notified, and then you can change the behavior if you want. They also provide a good reason for doing this. Suddenly it doesn't feel as alarming. I wish you'd added this context in your post. But now at least others who don't have link clicking energy atm can be aware of it.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.