BEWARE firefox -- new "feature"

[Tigersharke]

tigersharke on Gab: 'If you ever wondered how you might unknowingly ce…'

tigersharke on Gab: 'If you ever wondered how you might unknowingly cede control of your web browser to outside corporations or others, look no further! I had wondered why some preferences seemed to revert, and maybe this wasn't used to cause it yet in my case but it lead me to this discovery...

gab.com

It is called Normandy, and could permit outside corporations to modify your preferences!

Firefox/Normandy/PreferenceRollout - MozillaWiki

wiki.mozilla.org

Look in your about:config and search for 'normandy' to see if you might be affected.

 

[cobrakiller58]

looks like this has been active for a couple years now, one thing that make me go hmmmmm is how preferences might be changed on people who use VPN's
normandy can change preferences based on location
location is based on your IP address
My company VPN crosses the border, all traffic at my facility crosses the border before hitting the web

okay firefox where am I?

 

[Tigersharke]

Hmm.. at least judging by the wiki history. How is this such an "unknown" feature thus far? One would expect a bit of backlash about it. My own assumption that it may not have affected me yet may very well be wrong. I believe I have disabled it as much as possible for my own firefox now though. Regardless, scary, as it does not require an update and therefore could *EXTREMELY EASILY* be one of those surreptitious changes we barely notice, and that has us scratching our heads.

 

[danb35]

There's a lot about this that doesn't make sense to me, starting with the alarmist rhetoric about something nearly three years old. But the bigger question, that I don't really see addressed on the wiki page, is just what this does and why it's there. The one thing that appears clear, again from that page, is that it "allows Mozilla to change the default value of a preference for a targeted set of users" (emphasis mine). If it only changes defaults, that would suggest that it wouldn't override any explicit user settings--which would seem to greatly limit the concern.

But it still seems that the purpose of this is assumed, rather than being explained.

 

[Tigersharke]

I hadn't realized it was nearly 3 years old from the perspective of the wiki page.

The problem with altering the settings in our preferences, is that if we prefer the default and so do not adjust it, but for whatever reason Mozilla decides that the default is the reverse (or something else), then what? Even if no one is affected by this without their knowing about it first, this is better than being completely unaware and having an unexplained situation involving firefox. Some values in the preferences are URLs for various purposes. Would Mozilla or those acting through this mechanism adjust defaults provided by any addon? It is also features like these which the original developer believes are super awesome and good, but that permit an avenue for exploitation by those who might somehow gain access. I don't have to mention where (ie which OS) that sort of thing was and still likely is prevalent.

Had I somehow been aware of this 'feature' three years ago, I'm likely to have brought it up back then, to at least make people more aware.

 

[danb35]

Certainly it sounds troublesome, more so because its purpose is unclear--maybe the latter is just me being dense, but I really don't understand from the wiki page why this feature exists in the first place. Changing defaults, as such, doesn't strike me as a major problem--that happens in new releases all the time. But when it can happen silently, between releases, that seems like a different story.

 

[Arwen]

This "feature" appears to be for corporate users, so that a pre-configured Firefox from corporate IT dept. can have the settings changed as corporate IT determines they want.

There were 2 web URL settings in the "normandy" list, that pointed to Mozilla sites, (if I remember correctly, I've removed them), in my home install.