> So my solution now is to just create "unlisted" extensions and sign them with the web-ext CLI. It works and it's not entirely horrible, but it's a lot more hassle than I'd like.
Wait. web-ext allows the signing of arbitrary extensions without review? Wouldn't that defeat the purpose Mozilla is sacrificing technical users for?
While I didn't come across web-ext, I also tried my hand at working around firefox's limitations for my own extensions, but eventually decided it would be easier to give up and switch to a chrome-based browser instead. To this day, I still don't understand the "significant" threat that Mozilla sees (and other browser vendors apparently don't) that warrants such heavy-handed Apple-esque control over their users' ability to control their browser. Whatever it is, I no longer care.
> web-ext allows the signing of arbitrary extensions without review? Wouldn't that defeat the purpose Mozilla is sacrificing technical users for?
It takes about ten minutes to sign, and only seems like it uses automatic checks. I do get an email that "any extension may be reviewed by a human at any time".
I don't know if it matters that it's unlisted, or that they're all very simple extensions with very limited permissions. I'm not an expert on any of this and I've never published a public extension; I just have a few for my own use. But it does seem that they apply some heuristic to determine what is worth reviewing and what isn't.
> To this day, I still don't understand the "significant" threat that Mozilla sees (and other browser vendors apparently don't) that warrants such heavy-handed Apple-esque control over their users' ability to control their browser.
There are support scammers and such that will phone you with "hi, we are from Microsoft support to help you. You need to go to h4xx0r.ru to install an extension to protect your computer".
There are other ways of doing this of course, but an extension is a simple abd easy way.
I don't really know how to best solve this. I agree with your dislike of the current heavy-handed approach without escape hatch. But I also think the concerns are real, and you're being a bit too dismissive about that.
Given that 90% of normal people use browsers that don't have this restriction, I don't think Mozilla's threat model makes sense. Also, users who are susceptible to being tricked into installing an addon can just as easily be tricked into going to bank.com.h4xx0r.ru, editing hosts file, changing DNS settings, or even installing chrome or a different browser.
Franky, I don't think this move is motivated by security concerns at all. (Not that it matters anymore)
Wait. web-ext allows the signing of arbitrary extensions without review? Wouldn't that defeat the purpose Mozilla is sacrificing technical users for?
While I didn't come across web-ext, I also tried my hand at working around firefox's limitations for my own extensions, but eventually decided it would be easier to give up and switch to a chrome-based browser instead. To this day, I still don't understand the "significant" threat that Mozilla sees (and other browser vendors apparently don't) that warrants such heavy-handed Apple-esque control over their users' ability to control their browser. Whatever it is, I no longer care.