As a technical user who values choice and customisability, I am totally fine with their choice of disabling tab hiding until you flip a bit in the configs. It's the best of both worlds: customisability for power users and security for regular folks.
Or it would be if it stayed this way. It was this way for a while with extensions. You could install extensions you wanted freely. Then there was a config bit to make it so you could install extensions without Mozilla approval. Then they decided grandma was more important and completely removed the ability to install extensions not approved by Mozilla.
The only way around it is to run a beta version or use the unpackaged unbranded versions manually.
I wouldn't count on power user features remaining for long given Mozilla's current target demographic.
The config bit for allowing unsigned extensions was temporary from the start. They did not later redecide that they wanted to remove it, they knew from the beginning that it did not offer the security that they wanted to achieve.
Because any extension or sufficiently capable malware on your system can change about:config values, meaning that if Mozilla ever makes a mistake in the extension approval process and lets a malicious extension slip through, or you get such malware on your PC, then that extension/malware would be able to flip that config bit and open the flood gates for all malicious extensions. Mozilla would also not be able to change that config bit back in any trivial way, if they notice that they let a malicious extension through.
Only moving that configuration to the compilation step is able to prevent this for sure and most definitely is the sensible choice not just for Granny, but for most tech-savvy users as well, as even only a fraction of those care about unsigned extensions.
Months of public discussions have been held on if this can be done in a more (power-)user-friendly way without comprising security for the vast majority of users, who really do not care for unsigned extensions either.
Yes, these discussions would have concluded differently, if those 0.1% users who actually care about unsigned extensions made up 80% of Firefox users, but acting like this decision with a motivation that goes well beyond just wanting to not do as much maintenance is somehow indicative of how much Mozilla cares for its power users, is just ridiculous.
And just look at the malware fest that is the Chrome Store. This is what Mozilla was able to prevent by requiring extensions to be signed.
Lastly, specifically because they now have a functioning way of controlling malware, they can actually be a bit more liberal in what they allow to be configured via about:config and there is now no real use case anymore where it would make sense to move an about:config value to a compile flag.
> Because any extension or sufficiently capable malware on your system can change about:config values, meaning that if Mozilla ever makes a mistake in the extension approval process and lets a malicious extension slip through, or you get such malware on your PC, then that extension/malware would be able to flip that config bit and open the flood gates for all malicious extensions.
If such a malicious extension or other malware got installed, it could already do anything another malicious unsigned extension could, so I don't see how having this setting weakens security under the assumption that there's already malicious code running.
If we assume a system is compromised, it may as well install other malware as normal binaries instead of a Firefox extension.
Just flipping the about:config bit alone doesn't help much though. Any malicious extension installed after changing the setting would still have to have some payload with similar malicious behavior.
Moreover, even if Firefox was compiled without support for that setting, malware could patch the Firefox binary (or download and install a malicious version) to disable the check and then it'd still be able to hide itself as a Firefox extension instead of a binary somewhere else on the system. Once there's malicious code running on the system, it's game over and a flag disabling installing more malware using one out of many possible methods is not going to help much.
However, not having the setting may help for users that get tricked into toggling it through some web page telling them to and then installing a malicious extension, but that's a different scenario than an already compromised system.
I wouldn't know about Chrome. But I do know I've never had a problem with malware extensions. And I know I edit mine. So I know Firefox is no longer the browser to use.
I get that Mozilla's response is, "Don't let the door hit you." But it can't pretend to still be for power users.
