Click to play, the next big problem for many smaller companies
benjamin at smedbergs.us
Wed Sep 11 16:08:42 UTC 2013
On 9/9/2013 5:04 PM, Richard Bateman wrote:
> Verifying authorship does give you some ability to assign
> accountability for a plugin. I guess I'm still trying to understand
> exactly what the problem you are trying to solve is; it started out
> feeling like you were trying to protect against intentionally
> malicious plugins,
No, not particularly. If we know of an *intentionally* malicious plugin,
we would hardblock it. But since plugins are installed binary software,
they could basically already do anything they wanted.
> but the more we discuss it sounds like you're actually worried about
> poorly written plugins / plugins with security vulnerabilities.
Yes, partly. We are trying to protect users against being exploited via
insecure plugins. We are *also* trying to provide users with an informed
choice about whether to use 3rd-party software. With addons, we present
that choice at install time; but since plugins can be installed on the
system by third parties.
> There seems to be a misperception that hidden plugins are uncommon
There may be many plugins that exist which are used hidden, but that
doesn't mean that many users have or need them, or that we need to
design for that case. We need to balance the needs of most users against
the small set of users who may actually be using these plugins. Getting
accurate numbers on this is hard, but what little data we do have says
that there can't be more than about 2% of users in the entire world who
have anything but the top 5 plugins:
In particular locales that number may be skewed: there are countries
that have high-profile banks or government institutions which use
plugins for auth/key exchange. But I surveyed those major sites back in
February, and at that time all of them used visible plugin instances.
More information about the firefox-dev