this post was submitted on 24 Nov 2023
229 points (96.7% liked)
Firefox
17865 readers
8 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's open source, you can ask the author and other users about it too (if you can't read the code yourself)
Oh, I'm confident(-ish) in my ability to review the code, but as I understand it I have no way to guarantee that the code that's on github is the code that AMO installs. Plus updates are automatic, so I have no way to ensure that something malicious won't be added anyway.
You can build it yourself from source then.
You can only do that with Firefox Developer, can't you? And IIRC, they self uninstall after a week or something, don't they?
You can either install it unsigned with Firefox Developer Edition and it will be permanent. Or you can sign it yourself (you don’t need to publish it on AMO): https://extensionworkshop.com/documentation/publish/signing-and-distribution-overview/ and it will work on regular Firefox.
I think you can still build the extension package and upload it yourself
Addon files (.xpi files) are zip packages of the addons. They should contain the script files without obfuscation (I think this is an AMO policy), besides any resources and the addon manifest file.
The only thing that would be harder to inspect I think is webassembly files.